Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *
Captcha *
Reload Captcha

Wi-Fi of More Than a Billion Devices Can Be Exposed

Written by  Feb 29, 2020

A billion-plus computers, phones, and other devices are said to suffer a chip-level security vulnerability that can be exploited by nearby miscreants to snoop on victims' encrypted Wi-Fi traffic.

The flaw [PDF]  detailed at welivesecurity.com. The design blunder is otherwise known as CVE-2019-15126, a technique for spying on Wi-Fi networks.

An eavesdropper doesn't have to be logged into the target device's wireless network to exploit KrØØk. If successful, the miscreant can take repeated snapshots of the device's wireless traffic as if it were on an open and insecure Wi-Fi. These snapshots may contain things like URLs of requested websites, personal information in transit, and so on.

It's not something to be totally freaking out over: someone exploiting this has to be physically near you, and you may notice your Wi-Fi being disrupted. But it's worth knowing about.

Advertisement

Cybersecurity for Beginnersamazon uk

Technical details

You can read the above report for the full briefing, though here's a gentle overview. When connected to a protected Wi-Fi network, a device and its access point will decide upon and use a shared encryption key to secure their over-the-air communications. When the device wants to send data over the network, it queues up packets in a transmission buffer in its Wi-Fi controller chip. This chip, when ready, encrypts the buffer's contents with the key and transmits it to the access point

It is possible to force a device off its Wi-Fi network by sending it special disassociation packets. Anyone can send these special packets over the air to a device; you don't need to be on the same network. When these disassociation packets are received, vulnerable Wi-Fi controllers – made by Broadcom and Cypress, and used in countless computers and gadgets – will overwrite the shared encryption key with the value zero.

Crucially, the chip will continue to empty its transmission buffer, transmitting any outstanding packets with the zeroed encryption key. Anyone within range can receive those radio transmissions and decrypt the data because the key is now known – it's zero. Said data can include things like DNS look-ups, HTTP requests, and so on, allowing eavesdroppers to figure out what the device is up to. Repeat this process over and over to snatch more and more glimpses of a victim's network traffic.

Network traffic already wrapped up encryption prior to transmission – such as HTTPS requests, or stuff traveling via SSH and secure VPNs – remain encrypted. It's just the Wi-Fi encryption that's broken.

cybersecurityAlso see: UK Prepares ‘National Cyber Force’ To Tackle Terrorists and Other Threats

Here's how ESET put it on Wednesday:

After a disassociation occurs, data from the chip’s Tx [transmission] buffer will be transmitted encrypted with the all-zero TK [temporary key]. These data frames can be captured by an adversary and subsequently decrypted. This data can contain several kilobytes of potentially sensitive information.

By repeatedly triggering disassociations (effectively causing reassociations, as the session will usually reconnect), the attacker can capture more data frames.

As a result, the adversary can capture more network packets containing potentially sensitive data ... similar to what they would see on an open WLAN network without WPA2.

This silicon-level screw-up is present in a ton of stuff because they all use the same families of Wi-Fi controllers. "KrØØk affects devices with Wi-Fi chips by Broadcom and Cypress that haven’t yet been patched," ESET said. "These are the most common Wi-Fi chips used in contemporary Wi-Fi capable devices such as smartphones, tablets, laptops, and IoT gadgets.

Among equipment confirmed to be using the vulnerable chips are Apple's iPhone 6 or later, the 2018 MacBook Air, Google's Nexus 5 and 6, Amazon's Kindle and Echo gear, and the Raspberry Pi model 3. For wireless access points, the Asus RT-N12, Huawei B612S-25d, Huawei EchoLife HG8245H, and Huawei E5577Cs-321 all have the flaw. Cisco also acknowledged its wireless gear is at risk.

"We have also tested some devices with Wi-Fi chips from other manufacturers, including Qualcomm, Realtek, Ralink, Mediatek and did not see the vulnerability manifest itself," said ESET.

phishingAlso see: Best Practices To Protect Against Phishing Attacks

Even though the security blunder lies within the Wi-Fi chips themselves, the researchers say it can be fixed at the software level. We can imagine such fixes ensure the transmit buffer is not emptied after a disassociation or a key change, and instead dumped. These controllers feature embedded CPU cores directing their operation, and presumably these can be reprogrammed to not flush transmission queues over the air with zeroed encryption keys.

To address KrØØk, therefore, users and admins should, says ESET, look out for driver or firmware updates for affected devices. ESET seems confident fixes are available, though your mileage may vary. The supply chain from the likes of Broadcom and Cypress to manufacturers of Internet-of-Things devices and other wireless-enabled equipment through to end users can be rather long and winding, and there are plenty of places for code updates to snag and never see the light of day.

In the meantime, encrypt as much network traffic as possible, especially over Wi-Fi, using HTTPS, SSH, VPNs, and so on, so that if your network-level encryption is compromised, you're still protected from snoopers at the application layer or thereabouts.


Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.

Advertisement

Popular Cyber News

Jan 30, 2020 Cyber Security

UK Cyber Security is Booming

The UK’s cyber security industry is currently enoying a three-year boom, with the number of active security firms in t...

Mar 05, 2020 Cyber Security

Tesco and Boots Loyalty Card Schemes Affected by Security Issues

UK retailers Tesco and Boots are dealing with the after affects of cyber security issues that may have affected thousand...

Jan 30, 2020 Cyber Security

Phishing A Major Factor in UK Cybercrime

Of all reported incidents in 2019, almost half were related to phishing attacks. ...

Feb 08, 2020 Cyber Security

Millions of UK Businesses don't have a Cyber Insurance Policy

According to a survey conducted by Insurance firm Gallagher, millions of businesses operating in the UK don't have basic...

Feb 10, 2020 Cyber Security

The Cyber Security Fight Won't Stop

The controversy over the decision to allow Huawei technology to be used in the UK’s 5G networks is a very high-profile...

Feb 07, 2020 Cyber Threats

British Police Warn: Cleaners Are A Cyber Threat

British police have reportedly warned of a cyber threat posed by a not often thought about data stealer, namely the use ...

Feb 13, 2020 Cyber Threats

Steps To Combat Insider Threats

Your organisation are generally well prepared for threats from outside the company. But are you ready to address threats...

Feb 29, 2020 Cyber Security

Wi-Fi of More Than a Billion Devices Can Be Exposed

A billion-plus computers, phones, and other devices are said to suffer a chip-level security vulnerability that can be e...

Feb 04, 2020 Cyber Security

NHS Employs Supplier Security Audits to Improve Cyber Security

NHS Shared Business Services and its cloud partner Virtualstock have enlisted cyber threat intelligence and risk assessm...

Feb 25, 2020 Cyber Security

The Top Cyber Security Companies in the UK

Investing in the right cyber security for your company is more important than ever, but which are the top UK cyber secur...

Feb 28, 2020 Cyber Threats

UK Prepares ‘National Cyber Force’ To Tackle Terrorists and Other Threats

The UK is preparing the official launch of a specialist cyber force that will target terror groups and hostile nation st...

Feb 28, 2020 Cyber Threats

DVLA Say Cyber Criminals are Targeting UK Motorists

The Driver and Vehicle Licensing Agency (DVLA) has warned that cyber criminals and scammers are targeting unsuspecting d...

Feb 19, 2020 Cyber Security

Cybersecurity Jobs Are Not Going To Be Filled

CISOs around the world expect a serious lack of global cybersecurity talent which will worsen in the next five years, ac...

Mar 23, 2020 Cyber Security

Thousands of Netflix and Other Streamers Accounts are Being Stolen

With a massive surge in home use of video and music streaming services such as Amazon Prime Video, Apple Music, Netflix ...

May 22, 2020 Cyber Security

EasyJet will be sued over customer data breach

Legal firm PGMBM, a specialist in group legal action, has issued a class action claim under Article 82 of the General Da...

Mar 27, 2020 Cyber Security

Hospitals worldwide offered free security software

As cyberattacks against hospitals surge during the coronavirus crisis, technology companies are stepping up to alleviate...

Advertisement
Symantec Home 120x60

Advertisement