Skip to main content

Billions of Wi-Fi devices face snooping risk due to major security flaw

(Image credit: Pixabay)

Security researchers have discovered a vulnerability that could be used to exploit billions of connected devices such as routers to decrypt Wi-Fi traffic and snoop on the data.

Dubbed Kr00k by researchers at security firm ESET, the flaw was able to compromise chipsets from leading providers including Broadcom and Cypress that are commonly found in smartphones, tablets, laptops, and other IoT gadgets. 

The researchers note that popular devices like Apple iPhones, iPads, MacBooks, Amazon Echo and Kindle, Samsung’s Galaxy Range, Xiaomi’s Redmi phones, Google’s Nexus line and Raspberry Pi have incorporated these chipsets, with some access points and routers from Asus and Huawei also found to be susceptible to the bug.

Kr00k vulnerability

ESET suggested that the bug was primarily limited to both Broadcom and Cypress chips, as it they could prove find Wi-Fi chipsets from Qualcomm, Realtek, Ralink or MediaTek were vulnerable to this hack. 

However, the researchers noted that they were not able to test WiFi chips from all the vendors.

“According to some vendor publications and our own (non-comprehensive) tests, devices should have received patches for the vulnerability," ESET wrote.

"Depending on the device type, this might only mean ensuring the latest OS or software updates are installed (Android, Apple and Windows devices; some IoT devices), but may require a firmware update (access points, routers and some IoT devices)."

While all the affected major manufacturers, including Broadcom and Cypress, have released a patch for the flaw, users will have to ensure that the latest patch is installed on their devices.

ESET is also said to be working with the Industry Consortium for Advancement of Security on the Internet (ICASI) to ensure all that the potentially affected parties are informed about the vulnerability.

Via: ESET