Kr00k

Kr00k (also written as KrØØk) is a security vulnerability that allows some WPA2 encrypted WiFi traffic to be decrypted.[1] The vulnerability was originally discovered by security company ESET in 2019 and assigned CVE-2019-15126 on August 17th, 2019.[2] ESET estimates that this vulnerability affects over a billion devices.[3]

Kr00k
CVE identifier(s)CVE-2019-15126
Date discovered2019
DiscovererESET
Affected hardwareBroadcom and Cypress Semiconductor WiFI chips
Websitehttps://www.eset.com/int/kr00k/

Discovery

It was named Kr00k by Robert Lipovsky and Stefan Svorencik. It was discovered when trying variations of the KRACK attack.[4]

Initially found in chips made by Broadcom and Cypress, similar vulnerabilities have been found in other implementations, including those by Qualcomm and MediaTek.[5][6]

Patches

The vulnerability is known to be patched in:

  • iOS 13.2 and iPadOS 13.2 - October 28, 2019 [1]
  • macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006 - October 29, 2019 [1]

Vulnerable devices

During their research, ESET confirmed over a dozen popular devices were vulnerable.[3]

Cisco has found several of their devices to be vulnerable and are working on patches.[7] They are tracking the issue with advisory id cisco-sa-20200226-wi-fi-info-disclosure.[8]

Known vulnerable devices include:

References

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.