A vulnerability linked to Wi-Fi chips has impacted billions of devices including iPhone and Android handsets. Attackers can decrypt data that was sent to affected handsets even if it was sent encrypted. The problem can be traced to Wi-Fi chips produced by Cypress Semiconductor and Broadcom. Cypress actually acquired Broadcom's Wi-Fi business back in 2016. The vulnerability affects both WPA2-Personal and WPA2-Enterprise protocols.

Over a billion devices have been impacted by this vulnerability

Besides iPhone and Android handsets, other devices affected by the vulnerability include iPad tablets, Amazon Echo smart speakers and smart displays, Kindle readers and tablets and Wi-Fi routers made by Asus and Huawei. The vulnerability was discovered by Slovakian security firm Eset, which named it Kr00k and issued a report about it today. Manufacturers have offered patches to fix the problem, but it isn't known just how many people have taken the time to load them.

Screenshot 2020-02-27 13.40.36.jpg

Vulnerable devices transmit encrypted data that can be decrypted using a key made up of all zeroes

In its report, Eset said, "Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (Redmi), as well as some access points by Asus and Huawei, were vulnerable to KrØØk. This totaled to over a billion Wi-Fi-capable devices and access points, at a conservative estimate. Further, many other vendors whose products we did not test also use the affected chipsets in their devices." Just the number of iPhone units affected by the vulnerability alone was over one billion.

Eset also noted that it tested other Wi-Fi chips made by manufacturers like Qualcomm, Realtek, Ralink, and Mediate and did not see the vulnerability appear with those companies' components. This led the researchers to point out that "obviously, we have not tested every possible Wi-Fi chip by every manufacturer, so while we are currently not aware of other affected chips, we also cannot rule this out."

The Wi-Fi chips responsible for the vulnerability are made by Broadcom and Cypress and have a huge market share. Eset says that the former's chips are used in the vast majority of Wi-Fi-capable devices. Cypress' chips are found mostly in IoT devices. Affected devices tested by Eset in the lab include:

  • Amazon Echo 2nd gen
  • Amazon Kindle 8th gen
  • Apple iPad mini 2
  • Apple iPhone 6
  • Apple iPhone 6S
  • Apple iPhone 8
  • Apple iPhone XR
  • Apple MacBook
  • Apple iPad Air
  • Google Nexus 5
  • Google Nexus 6
  • Google Nexus 6P
  • Raspberry Pi 3
  • Samsung Galaxy S4
  • Samsung Galaxy S8
  • Xiaomi Redmi 3S

In the conclusion to the report, Eset notes that patching affected devices could simply mean installing the latest OS update. Those with Android or iOS phones would be expected to handle the vulnerability in this manner. Routers and some IoT devices might require a firmware update. It should be pointed out that Eset reported the vulnerability to chipmakers Broadcom and Cypress, and also told Amazon. If you own an Android or iOS handset, make sure that your device is running the most up to date version of the operating system that is available to you.

KrOOK rears its ugly head when a mobile device is disassociated from a Wi-Fi connection; this happens when the signal is too low and a current Wi-Fi connection is temporarily disconnected. While this takes place on a device several times a day, the signal is usually reconnected automatically. Attackers can force a Wi-Fi connection to be disassociated on a device leading unsent data to be sent out over the air. Even if encryption was being used when Wi-Fi was connected, the data sent over the air by a vulnerable device uses an encryption key made up of all zeros making it easy for an attacker to decrypt sensitive data.