[Security] Your Friendly Neighbor The Decrypter KrØØk

Your Friendly Neighbor The Decrypter KrØØk - Printable Version

+- Save-Point (https://www.save-point.org)
+-- Forum: Official Area (https://www.save-point.org/forum-3.html)
+--- Forum: Tech Talk (https://www.save-point.org/forum-87.html)
+--- Thread:

Your Friendly Neighbor The Decrypter KrØØk (/thread-7666.html)

Your Friendly Neighbor The Decrypter KrØØk - kyonides - 02-27-2020

Your Friendly Neighbor The Decrypter KrØØk

Did you think my previous warnings were good enough to prevent you from getting hacked?
Confused

Did you ever believe you wouldn't unwillingly cooperate with strangers by providing them with all your precious private data?

Well, it happened that ESET researchers have uncovered a previously unknown security flaw allowing any hacker to decrypt some wireless (WiFi) network packets transmitted by vulnerable devices.

Happy with a sweat

What kind of devices are we talking about here?

Err, if you got any not really top notch device that doesn't need cables to keep working but has its own battery and lets you connect to the internet, then your device might be on the list of vulnerable gadgets that might let third party listeners get all of your private data as if you were talking aloud over the phone and a neighbor wouldn't mind listening to your private conversation. Sad

ESET Wrote:KrØØk affects devices with Wi-Fi chips by Broadcom and Cypress that haven’t yet been patched. These are the most common Wi-Fi chips used in contemporary Wi-Fi capable devices such as smartphones, tablets, laptops, and IoT gadgets.

Not only client devices but also Wi-Fi access points and routers with Broadcom chips were affected by the vulnerability, thus making many environments with unaffected or already patched client devices vulnerable anyway.

Our tests confirmed that prior to patching, some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to KrØØk. This totaled to over a billion Wi-Fi-capable devices and access points, at a conservative estimate. Further, many other vendors whose products we did not test also use the affected chipsets in their devices.

The vulnerability affects both WPA2-Personal and WPA2-Enterprise protocols, with AES-CCMP encryption.

By the way, ESET had also informed that Amazon Echo is vulnerable to KRACK (Key Reinstallation Attacks).

Their Advice: Make sure you have applied the latest available updates to your Wi-Fi-capable devices, including phones, tablets, laptops, IoT devices, and Wi-Fi access points and routers.

Kind of Short Article with PDF full of Details
https://www.welivesecurity.com/2020/02/26/krook-serious-vulnerability-affected-encryption-billion-wifi-devices/