Monday, December 4, 2023

Black Hat USA 2020: Dangerous Wi-Fi KrØØk Vulnerability Affected More wi-fi chipset Than Previously Disclosed

The security researchers have recently detected that small Qualcomm and MediaTek Wi-Fi chips are vulnerable to the latest variants of the KrØØk data exposure vulnerability.

KrØØk is a quite dangerous vulnerability, and this vulnerability has now affected more Wi-Fi chipsets that allow unauthorized decryption of some WPA2-encrypted traffic. Initially, it was discovered in February and was named “CVE-2019-15126.” 

What is KrØØk?

KrØØk is a severe vulnerability that was initially discovered in Broadcom and Cypress Wi-Fi chips. Its main function is to enable unauthorized decryption of some WPA2-encrypted wireless network systems.

The devices that are flawed dispatch these vulnerabilities after successful exploitation and the attackers do so by urging them to apply the all-zero session codes to encrypt a portion of the transferred network. 

These kinds of bugs are previously being installed in the 4-way handshake, and this unsatisfactory state happens on unprotected Broadcom and Cypress chips that follow a Wi-Fi squad.

The researchers claimed that before disclosing the flaw, they worked with the affected victims through a qualified disclosure method. And after consulting the affected victims, they came to know that there are also unsafe products, and they are using the deployed patches.

Microsoft Azure Sphere, Qualcomm, and MediaTek Wi-Fi-enabled devices are also vulnerable

Apart from Broadcom and Cypress Wi-Fi chips, the ESET researchers Robert Lipovsky, and Stefan Svorencik have found the new variants of KrØØk on the Wi-Fi chips of other popular brands like Qualcomm and MediaTek. The chips of these brands were used in many places, like vehicles, travel systems, watches, laptops, smartphones, routers, and many other devices.

This new vulnerability was named, CVE-2020-3702, which is set off by detachment and commenced to some unwanted disclosure of data by dispatching unencrypted data in the place of encrypted data; worked like the KrØØk vulnerability.

This vulnerability included the ASUS RT-AC52U router and the Microsoft Azure Sphere expansion kit. This kit uses the MT3620 microcontroller, which are specifically used in the smart home, commercial, and industrial clarifications.

 Overview of KrØØk

Moreover, experts have also tested the D-Link DCH-G020 Smart Home Hub and the Czech Turris Omnia, but here the problem also involved other unpaid hardware as well. Apart from this, Qualcomm has already released a fix for its affected driver in July. 

Experts also included that there might be any other unpatched devices utilizing the vulnerable Qualcomm chipsets. But, in some cases, some devices do not use proprietary software; instead, they use open-source software like Linux-based; just as the upstream “ath9k” driver. 

The researchers affirmed that they would publish the script they are using to examine whether the devices are vulnerable to KrØØk or not. They also added tests for the newer variants and concluded by asserting that the script can be utilized by anyone to verify the exposure.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.


Latest articles

Hackers Use Weaponized Documents to Attack U.S. Aerospace Industry

An American aerospace company has been the target of a commercial cyberespionage campaign dubbed...

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles