31 C
Jaipur
Friday, October 30, 2020

Wi-Fi KrØØk Bug Affected More wi-fi chipset Than Previously Disclosed

Must read

How to Сo-edit Documents Without Uploading Them In The Cloud

Cloud solutions achieved a powerful boost in 2020 because of the COVID-19 pandemic. Sure, if you work remotely, there are no better tools than...

Xiaomi Trumps Apple to Become the Third Best Smartphone Maker Globally

The third quarter saw the smartphone market recover after taking massive hits due to the COVID-19 pandemic earlier this year. Samsung again came out...

Call Of Duty Warzone Mobile Might Become A Reality, Confirms Activision

A while back, Activision put out a job listing with its description saying “WZM,” which clearly meant Warzone Mobile. Ever since then, Call of...

SmartThings Find Locates Your Lost or Misplaced Galaxy Devices

Samsung has launched SmartThings Find, a new service in SmartThings app to help locate your misplaced or stolen Galaxy devices. The app uses Bluetooth...

Black Hat USA 2020: Dangerous Wi-Fi KrØØk Vulnerability Affected More wi-fi chipset Than Previously Disclosed

The security researchers have recently detected that small Qualcomm and MediaTek Wi-Fi chips are vulnerable to the latest variants of the KrØØk data exposure vulnerability.

KrØØk is a quite dangerous vulnerability, and this vulnerability has now affected more Wi-Fi chipsets that allow unauthorized decryption of some WPA2-encrypted traffic. Initially, it was discovered in February and was named “CVE-2019-15126.” 

What is KrØØk?

KrØØk is a severe vulnerability that was initially discovered in Broadcom and Cypress Wi-Fi chips. Its main function is to enable unauthorized decryption of some WPA2-encrypted wireless network systems.

The devices that are flawed dispatch these vulnerabilities after successful exploitation and the attackers do so by urging them to apply the all-zero session codes to encrypt a portion of the transferred network. 

These kinds of bugs are previously being installed in the 4-way handshake, and this unsatisfactory state happens on unprotected Broadcom and Cypress chips that follow a Wi-Fi squad.

The researchers claimed that before disclosing the flaw, they worked with the affected victims through a qualified disclosure method. And after consulting the affected victims, they came to know that there are also unsafe products, and they are using the deployed patches.

Microsoft Azure Sphere, Qualcomm, and MediaTek Wi-Fi-enabled devices are also vulnerable

Apart from Broadcom and Cypress Wi-Fi chips, the ESET researchers Robert Lipovsky, and Stefan Svorencik have found the new variants of KrØØk on the Wi-Fi chips of other popular brands like Qualcomm and MediaTek. The chips of these brands were used in many places, like vehicles, travel systems, watches, laptops, smartphones, routers, and many other devices.

This new vulnerability was named, CVE-2020-3702, which is set off by detachment and commenced to some unwanted disclosure of data by dispatching unencrypted data in the place of encrypted data; worked like the KrØØk vulnerability.

This vulnerability included the ASUS RT-AC52U router and the Microsoft Azure Sphere expansion kit. This kit uses the MT3620 microcontroller, which are specifically used in the smart home, commercial, and industrial clarifications.

 Overview of KrØØk

Moreover, experts have also tested the D-Link DCH-G020 Smart Home Hub and the Czech Turris Omnia, but here the problem also involved other unpaid hardware as well. Apart from this, Qualcomm has already released a fix for its affected driver in July. 

Experts also included that there might be any other unpatched devices utilizing the vulnerable Qualcomm chipsets. But, in some cases, some devices do not use proprietary software; instead, they use open-source software like Linux-based; just as the upstream “ath9k” driver. 

The researchers affirmed that they would publish the script they are using to examine whether the devices are vulnerable to KrØØk or not. They also added tests for the newer variants and concluded by asserting that the script can be utilized by anyone to verify the exposure.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest article

How to Сo-edit Documents Without Uploading Them In The Cloud

Cloud solutions achieved a powerful boost in 2020 because of the COVID-19 pandemic. Sure, if you work remotely, there are no better tools than...

Xiaomi Trumps Apple to Become the Third Best Smartphone Maker Globally

The third quarter saw the smartphone market recover after taking massive hits due to the COVID-19 pandemic earlier this year. Samsung again came out...

Call Of Duty Warzone Mobile Might Become A Reality, Confirms Activision

A while back, Activision put out a job listing with its description saying “WZM,” which clearly meant Warzone Mobile. Ever since then, Call of...

SmartThings Find Locates Your Lost or Misplaced Galaxy Devices

Samsung has launched SmartThings Find, a new service in SmartThings app to help locate your misplaced or stolen Galaxy devices. The app uses Bluetooth...

10 Best Apple Mail Alternatives for Mac and iPhone in 2020

Unlike other stock apps like Safari and Notes, Apple Mail for macOS hasn’t got major improvements for a long time. The email app not...