Kr00k Wi-Fi Encryption Flaw Affects More Than a Billion Devices

Cybersecurity researchers from ESET have disclosed a high-severity hardware vulnerability, Kr00k, that affects Wi-Fi chips developed by Cypress and Broadcom. The vulnerable chips are currently used by over one billion devices, including laptops, IoT devices, smartphones, tablets, and routers. The vulnerability, CVE-2019-15126, is related to KRACK (Key Reinstallation Attacks), which targets WPA2 Wi-Fi networks.

According to the paper published by ESET, the flaw “causes vulnerable devices to use an all-zero encryption key to encrypt part of the user’s communication.” To exploit the flaw, an attacker forces a device to disconnect from a network and then uses the vulnerability to manifest itself after the disassociation. The ESET paper continues, “Once a station’s WLAN session gets disassociated (1), the session key (TK) stored in the Wireless Network Interface Controller’s (WNIC) Wi-Fi chip is cleared in-memory – set to zero.”

The vulnerability lies in the way the chips implement their Wi-Fi encryption protocol, not in the protocol itself. Additionally, communications protected by TLS can’t be recovered by exploiting this flaw.