KrØØk: Wi-Fi Chips Vulnerable to Eavesdropping

August 7th, 2020

Via: welivesecurity:

KrØØk (formally CVE-2019-15126) is a vulnerability in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic. Specifically, the bug has led to wireless network data being encrypted with a WPA2 pairwise session key that is all zeros instead of the proper session key that had previously been established in the 4-way handshake. This undesirable state occurs on vulnerable Broadcom and Cypress chips following a Wi-Fi disassociation.

Exploiting KrØØk allows adversaries to intercept and decrypt (potentially sensitive) data of interest and, when compared to other techniques commonly used against Wi-Fi, exploiting KrØØk has a significant advantage: while they need to be in range of the Wi-Fi signal, the attackers do not need to be authenticated and associated to the WLAN. In other words, they don’t need to know the Wi-Fi password.

Posted in Technology | Top Of Page

Leave a Reply

You must be logged in to post a comment.