Cybersecurity researchers has found an high-severity hardware vulnerability in the widely-used Wi-Fi chip manufactured by Broadcom and Cypress. The vulnerability is called Kr00k an has CVE number CVE-2019-15126. It allows an attacker to remote intercept and decrypt some of the wireless network packets. The attacker doesn’t have to be connected to the same network as the victim. Attacker can communicate to the victims device through the vulnerability within the Wi-Fi chip using WPA 2-Personal or WPA2-Enterprise protocols. Researchers at ESET has said that devices such as “Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to Kr00k”.
References:
Kumar, M. 2020. New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices. Retrieved from: https://thehackernews.com/2020/02/kr00k-wifi-encryption-flaw.html
Leave a Reply
You must be logged in to post a comment.