“Kr00K” Vulnerability Downgrades Your Wifi Chips Security Making It Easily Accessible

With everything being wireless and connected to the internet, web security is a huge concern. Signs of malware, ransomware and from the dotcom era, the trojan virus has kept people on the edge. This time around though, there is something new.

While it is not clearly a virus, it is a vulnerability that was discovered by ESET: an internet security company. Not only that, but this vulnerability has a name: Kr00K. As mentioned in an article from XDA-Developers, the company noticed the issue and reported it.

What this does

While staying away from complicated terms and jargon, let’s try to explain what is really happening here. Every device is connected to the internet. For that, the said device needs a wifi chip. These chips are manufactures by various companies. According to the article, the vulnerability is there with chips from Broadcom and Cypress.

What happens is that our devices make requests and receive them in the form of data packets. With this issue, what happens is that Kr00K degrades the wifi security mechanism by a device that allows for people to gain access. This is similar to having access to an open WiFi network. As stated in the article:

Specifically, the flaw causes vulnerable devices to use an all-zero Temporal Key (TK) to encrypt unicast data frames, which makes it easy for an attacker to decrypt some network packets transmitted by vulnerable devices. The bug occurs after a disassociation between a client device and an access point, which is when an access point re-establishes connection with a client device.

A list of the affected devices is added to the link as well. These devices, as mentioned on the website are;

  • Amazon Echo 2nd gen
  • Amazon Kindle 8th gen
  • Apple iPad mini 2
  • Apple iPhone 6, 6S, 8, XR
  • Apple MacBook Air Retina 13-inch 2018
  • Google Nexus 5
  • Google Nexus 6
  • Google Nexus 6S
  • Raspberry Pi 3
  • Samsung Galaxy S4 GT-I9505
  • Samsung Galaxy S8
  • Xiaomi Redmi 3S

Till this issue is resolved though, it would be advisable to not use your devices on the internet. Due to the lack of security, not only will it compromise your device, but it would also make it quite susceptible to ransomware attacks.

Sarmad Burki
Sarmad Burki is a Mathematician and a Economist with a passion for all things gaming and tech. His academics and professional experience combined with tech and gaming adds to his skills giving him a unique ability to observe the tech and gaming industry from various prespectives.