Billions of Wi-Fi devices face snooping risk due to major security flaw
Security researchers have discovered a vulnerability that could be used to exploit billions of connected devices such as routers to decrypt Wi-Fi traffic and snoop on the data.
Dubbed Kr00k by researchers at security firm ESET, the flaw was able to compromise chipsets from leading providers including Broadcom and Cypress that are commonly found in smartphones, tablets, laptops, and other IoT gadgets.
The researchers note that popular devices like Apple iPhones, iPads, MacBooks, Amazon Echo and Kindle, Samsung’s Galaxy Range, Xiaomi’s Redmi phones, Google’s Nexus line and Raspberry Pi have incorporated these chipsets, with some access points and routers from Asus and Huawei also found to be susceptible to the bug.
Kr00k vulnerability
ESET suggested that the bug was primarily limited to both Broadcom and Cypress chips, as it they could prove find Wi-Fi chipsets from Qualcomm, Realtek, Ralink or MediaTek were vulnerable to this hack.
However, the researchers noted that they were not able to test WiFi chips from all the vendors.
“According to some vendor publications and our own (non-comprehensive) tests, devices should have received patches for the vulnerability,” ESET wrote.
“Depending on the device type, this might only mean ensuring the latest OS or software updates are installed (Android, Apple and Windows devices; some IoT devices), but may require a firmware update (access points, routers and some IoT devices).”
While all the affected major manufacturers, including Broadcom and Cypress, have released a patch for the flaw, users will have to ensure that the latest patch is installed on their devices.
ESET is also said to be working with the Industry Consortium for Advancement of Security on the Internet (ICASI) to ensure all that the potentially affected parties are informed about the vulnerability.
Via: ESET
Security researchers have discovered a vulnerability that could be used to exploit billions of connected devices such as routers to decrypt Wi-Fi traffic and snoop on the data. Dubbed Kr00k by researchers at security firm ESET, the flaw was able to compromise chipsets from leading providers including Broadcom and Cypress…
Recent Posts
- Microsoft announces the Proteus Controller, a gamepad for Xbox gamers with disabilities
- YouTube is becoming a cybercriminal gateway for human manipulation
- LG’s new super-bright OLED panel could give the next Meta Quest an edge over the Apple Vision Pro
- Uber will soon let you reserve a shuttle to get home from a big concert or ballgame
- PPSSPP brings PSP emulation to the iPhone
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011