Sign In

Communications of the ACM

ACM TechNews

Flaw in Billions of Wi-Fi Devices Left Communications Open to Eavesdropping


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A wireless router.

Researchers at Slovakian Internet security company ESET found that billions of devices are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the airwaves.

Credit: arstechnica.net

Researchers at Slovakian Internet security company ESET discovered that billions of devices are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data.

The team named the vulnerability Kr00k; it is tracked as CVE-2019-15126. The vulnerability exists in Wi-Fi chips manufactured by Cypress Semiconductor and Broadcom, affecting devices such as iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, Raspberry Pi 3's, and certain Wi-Fi routers.

Kr00k exploits the fact that wireless devices disassociate from a wireless access point, exposing any unsent data frames. Rather than encrypt this unsent data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros.

While manufacturers have made patches available for most of the affected devices, it is not clear how many devices actually installed the patches.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2020 SmithBucklin, Washington, DC, USA


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account