Header Ads

Kr00k WiFi hardware vulnerability affects over a billion iOS and Android devices

A flaw in the WiFi chips was found in more than a billion iOS and Android devices that allowed nearby attackers to decode sensitive data sent online.
Kr00k WiFi hardware vulnerability affects over a billion iOS and Android devices
iPhone XR is included in the list of affected devices

Vulnerability issues on Android and iOS

The source of this security flaw is pointed to WiFi chips produced by a certain company called Cypress Semiconductor and Broadcom. This company handle WiFi components, as Cypress acquired Broadcom's WiFi operations four years ago. The unveiled flaws of the Wi-Fi chips has affected both the WPA2-Personal and WPA2-Enterprise protocols on the devices with the said issue.

The WiFi chip flaw named Kr00k, is the reason behind more than a billion devices to use an all-zero encryption key to hide a part of a user's communications.

The security issue was first uncovered by a Slovakian security firm named Eset and they reported it yesterday.

This attack let hackers decrypt some wireless network packets sent by a vulnerable device when application was a success. According to the source, attackers can now crack data that was received by these electronic devices, even those encrypted ones.

As a solution, the tech manufacturers of the affected smartphones and gadgets have started issuing patches. However, there was a report that the user possiblt missed this important patch notes. If your smartphone/device is included in the list below, you should check for any pending software. It was advised to download the update and upgrade urgently.

List of affected devices: 

  • Amazon Echo 2nd gen
  • Amazon Kindle 8th gen
  • Apple iPad mini 2
  • Apple iPhone 6
  • Apple iPhone 6S
  • Apple iPhone 8
  • Apple iPhone XR
  • Apple MacBook
  • Apple iPad Air
  • Google Nexus 5
  • Google Nexus 6
  • Google Nexus 6P
  • Raspberry Pi 3
  • Samsung Galaxy S4
  • Samsung Galaxy S8
  • Xiaomi Redmi 3S
  • Galaxy S8 Burgundy Red
  • Samsung Galaxy S8 Burgundy Red Edition

On the other hand, ESET said that several smartphones from other manufactures are not yet tested. It means that this issue could be more on a large scale.

There are still no response from other OEMs, but the models listed are confirmed to be affected with this security issue. Additionally, the routers that  were affected would need to install the latest firmware with the security patches.

What are your thoughts about this security issue?

Powered by Blogger.