At the RSA 2020 security conference in San Francisco, ESET Slovak security investigators will detail a new error affecting WiFi communications. A hacker can take advantage of this error, called Kr00k, with the goal of interrupting and decrypting WiFi network traffic. According to ESET, the Kr00k affects all devices using Broadcom and Cypress Wi-Fi chips. These are two of the most popular WiFi chipsets in the world and are included almost everywhere, from laptops to smartphones and from access points to smart speakers and other IoT devices. ESET researchers say they have tested and confirmed that the Kr00k error affects their devices. Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi) but also access points of Asus and Huawei.
In addition, ESET has stated that more than a billion devices are vulnerable to the Kr00k error, even pointing out that this is a "conservative estimate", as the number is estimated to be much higher in reality.
But what is Krook? Kr00k is a bug like many other bugs that are discovered every day in the software that everyone uses. The difference is that Kr00k affects the encryption used to secure data packets sent over a WiFi connection.
Usually, these packets are encrypted with a unique key that depends on the user's WiFi password. However, ESET researchers say that for Broadcom and Cypress Wi-Fi chips, this "key" loses its value during a process called "disconnection". Disconnecting is something that happens naturally in a WiFi connection. It refers to a temporary disconnection that usually occurs due to low WiFi signal. WiFi devices are disconnected several times during the day, and when this happens, they are automatically set up to reconnect to the network that was used in the past. ESET researchers say hackers can put devices in a long disconnect state, receive WiFi packets destined for the attacking device, and then use the Kr00k error to decipher WiFi traffic. This allows hackers to interrupt and decrypt WiFi packets, which are normally considered safe.
One good thing is that the Kr00k error only affects WiFi connections that use WPA2-Personal or WPA2-Enterprise security protocols with AES-CCMP encryption. This means that if one uses a Broadcom or Cypress WiFi chipset device, it can be protected against hacking attacks using the newest WiFi verification protocol, WPA3.
It is estimated that patches are already available for most devices. In addition, ESET has been working for months to responsibly disclose the Kr00k error to Boadcom, Cypress and all other affected companies. According to ESET researchers, the devices should have already received patches for the error. Depending on the type of device, this may only mean installing the latest operating system or software updates (devices Android, Apple and Windows, some devices IoT), but firmware update may be required.
Finally, it is worth noting that users are easier to protect from the Kr00k error than the error KRACK, which was critical and affected the WiFi WPA2 protocol forcing most device vendors to use WPA3 by default. Later, a new KRACK attack, named Dragonblood, was discovered that affected even some of the newer WPA3 connections, but did not affect the entire WiFi ecosystem as the original KRACK attack did. Finally, ESET researchers said they discovered Kr00k while observing the devastating effects of the KRACK attack.