A flaw called Kr00k linked to Broadcom and Cypress Semiconductor WiFi chips affects more than a billion devices – mainly iPhones, but also, iPad, Macs, Android smartphones, Raspberry Pi, or Kindle and speakers connected to Amazon Echo. Eset explains that patches are already available from most manufacturers.
Eset researchers report that a flaw related to Broadcom and Cypress Semiconductor WiFi chips affects more than a billion devices, especially iPhones, but also a number of Android smartphones, tablets, macs, connected speakers and Raspberry Pi Here is the list of devices tested by Eset affected by the flaw:
The problem also seems to affect Asus and Huawei routers. Eset specifies, however, that "Many other sellers whose products we have not tested use the affected chipsets in their devices". The vulnerability would however not be present in the Qualcomm, Realtek, Ralink, and Mediate chips. The security vulnerability, dubbed Kr00k, makes it possible to divert the already faltering security of the WPA2 Personal and Enterprise protocols.
The Kr00k flaw manifests itself when a mobile device with an affected chipset, mismatch its WiFi connection. This happens several times a day, in case of loss of signal. The chipset then attempts to reestablish the connection automatically. However, thanks to the vulnerabilities of these chipsets, hackers can force a client to disassociate and then transmit poorly encrypted data in a more compatible mode. And when you are told little encrypted, the code is a series of zeros.
Read also: Android – Bluetooth is the victim of a huge security breach, update your smartphone!
Which makes decryption particularly simple. Eset shared its findings several months in advance with affected manufacturers, and a patch is available for most devices in the form of a system update. Whether you are on iPhone, Galaxy S8, or have an Amazon Echo, the best thing to do to protect yourself is therefore to make sure you are running the latest version of your operating system – and if necessary to update your apparatus.