A vulnerability in the WiFi chips made by Cypress Semiconductor and Broadcom left billions of devices at risk of an attack that allowed nearby attackers to decrypt sensitive data sent over the air.
Dubbed Kr00k, the defect in the WiFi chips of Cypress Semiconductor and Broadcom made devices that used encryption to protect user communications vulnerable. The attack allowed nearby hackers to decrypt some wireless network packets sent by the vulnerable device. In practice, Kr00k took advantage of a flaw that occurred when wireless devices disassociated from a wireless access point. If the user’s device or access point were vulnerable because they used one of the chips in question, then he went to insert all the data frames in a transmission buffer encrypted with a key composed of all zeros, very easy to decode.
Broadcom and Cypress chips are used in many WiFi devices such as smartphones, laptops, Internet of Things products, WiFi access point is router.
Several tests confirmed that, before the release of the corrective patch, some devices of Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) were at risk , Xiaomi (RedMi), as well as some Asus and Huawei access points. In total, more than one billion vulnerable devices were involved. The different companies have already released corrective updates.