A now addressed vulnerability in Wi-Fi chips made by Cypress Semiconductor and Broadcom left billions of devices – including devices from Apple – vulnerable to an attack that allowed attackers to decrypt sensitive data sent over the air.
Researchers detailed the security flaw at the RSA security conference today. The issue was fixed by Apple in the iOS 13.2 and macOS 10.15.1 updates that were released in late October.
The “Kr00k” Wi-Fi chip flaw caused vulnerable devices to use an encryption key made up of all zeros to encrypt a portion of a user’s communications. The attack used the flaw to allow hackers to decrypt some wireless network packets sent by a vulnerable device.
From Ars Technica:
Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If either the end-user device or the access point is vulnerable, it will put any unsent data frames into a transmit buffer and then send them over the air. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.
The chips in question were used in numerous modern Wi-Fi-capable devices, including smartphones, computers, Internet of Things devices, routers, and more.
Prior to patching, devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to Kr00k, totally over a billion Wi-Fi-capable devices and access points.
ESET Research, which published details on the vulnerability, said it was disclosed to Broadcom and Cypress as well as potentially affected parties. Patches for devices from most major manufacturers have been released.
Users of any Wi-Fi-capable device, access point or router are strongly advised to make sure all of the latest updates have been applied to their devices.