Home Created by potrace 1.16, written by Peter Selinger 2001-2019Tech and auto  Created by potrace 1.16, written by Peter Selinger 2001-2019Tech news  Created by potrace 1.16, written by Peter Selinger 2001-2019New Wi-Fi Vulnerability Exposes Billions of Devices to Hackers

New Wi-Fi Vulnerability Exposes Billions of Devices to Hackers

The latest security report suggests users to update their device software in order to protect themselves from hacker
S Aadeetya
Tech News
Published:
This bug could expose confidential details shared through the internet to the hacker.
|
(Photo: The Quint)
This bug could expose confidential details shared through the internet to the hacker.
ADVERTISEMENT

Security researchers have found a new vulnerability in Wi-Fi chips made by Broadcom and Cypress that reside inside mobile phones, tablet and laptops as pointed out in this media report.

This new security new, discovered by researchers at ESET says that billions of devices are now in danger of getting hacked, since the phone’s secure Wi-Fi setting has been decrypted, allowing anyone to access your device through the decrypted network and steal data if needed.

The report says bug called CVE-2019-15126 has been observed using an all-zero encryption key, which is also present in Wi-Fi routers made by Asus and Huawei. All in all, this bug puts host of devices in danger, including smart speakers as well as Kindle readers.

Also ReadKRACK Wi-Fi Threat: Updating Patches Should Help Fix Your Devices

ESET is calling the vulnerability “Kr00K” which basically makes its impact after a device disassociates itself from a Wi-Fi access point (AP).

Disassociation means when you’re using one Wi-Fi AP and all of a sudden lose connection to the network , the device searches for another AP to connect, which will enable the internet on the phone/tablet or laptop. 

After a device disassociates itself from a Wi-Fi network, it usually cleans up the session key stored in the Wireless Network Interface Controller (WNIC) which is a crucial component of a Wi-Fi router when you connect to a network.

However, because of “Kr00K” the researchers found the data, which was supposed to be set to zero, not only got transmitted to the new network, but also provided decrypted plain text version of the key.

How the bug attacks a device. 
Also ReadGoogle Ends Free Wi-Fi Project in India, RailTel Will Run Them Now

This is a serious concern, because, as explained by Steve Vorencik, Researcher, ESET, ‘Kr00K’ can expose data up to 32KB at once, which could be password, credit card details or anything that the user’s device is sending to the internet through the Wi-Fi network they are using.

ADVERTISEMENT
ADVERTISEMENT

Thankfully, ESET shared all of these findings about the bug with Broadcom and Cypress who claim to have worked on firmware updates to patch the issue allowing the vulnerability to affect devices.

The report does point out that Wi-Fi chips from Qualcomm and Mediatek are not vulnerable to this bug, which will come as a big relief to the millions of mobile users in the country.

However, the researchers mention the total of billion devices affected is a conservative estimate, which suggests, the real number could be a lot more. User are requested to update their devices immediately to safeguard themselves from possible intrusion.

(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)

Published: undefined

ADVERTISEMENT
SCROLL FOR NEXT