Fixed a WiFi chip flaw that put iPhone-iPhone Italy at risk

A vulnerability in the WiFi chips made by Cypress Semiconductor and Broadcom left billions of devices at risk of an attack that allowed nearby attackers to decrypt sensitive data sent over the air.

iphone ipad

The security issue has been shown in detail at the RSA conference and, for Apple users, the flaw has been resolved with the iOS 13.2 and updates macOS 10.15.1 released in late October.

Dubbed Kr00k, the defect in the WiFi chips of Cypress Semiconductor and Broadcom made devices that used encryption to protect user communications vulnerable. The attack allowed nearby hackers to decrypt some wireless network packets sent by the vulnerable device. In practice, Kr00k took advantage of a flaw that occurred when wireless devices disassociated from a wireless access point. If the user’s device or access point were vulnerable because they used one of the chips in question, then he went to insert all the data frames in a transmission buffer encrypted with a key composed of all zeros, very easy to decode.

Broadcom and Cypress chips are used in many WiFi devices such as smartphones, laptops, Internet of Things products, WiFi access point is router.

Several tests confirmed that, before the release of the corrective patch, some devices of Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) were at risk , Xiaomi (RedMi), as well as some Asus and Huawei access points. In total, more than one billion vulnerable devices were involved. The different companies have already released corrective updates.


0 0 vote
Article Rating
Notify of
Inline Feedbacks
View all comments