Thursday, December 5, 2024
HomeCVE/vulnerabilityBlack Hat USA 2020: Dangerous Wi-Fi KrØØk Vulnerability Affected More wi-fi chipset...

Black Hat USA 2020: Dangerous Wi-Fi KrØØk Vulnerability Affected More wi-fi chipset Than Previously Disclosed

Published on

SIEM as a Service

The security researchers have recently detected that small Qualcomm and MediaTek Wi-Fi chips are vulnerable to the latest variants of the KrØØk data exposure vulnerability.

KrØØk is a quite dangerous vulnerability, and this vulnerability has now affected more Wi-Fi chipsets that allow unauthorized decryption of some WPA2-encrypted traffic. Initially, it was discovered in February and was named “CVE-2019-15126.” 

What is KrØØk?

KrØØk is a severe vulnerability that was initially discovered in Broadcom and Cypress Wi-Fi chips. Its main function is to enable unauthorized decryption of some WPA2-encrypted wireless network systems.

- Advertisement - SIEM as a Service

The devices that are flawed dispatch these vulnerabilities after successful exploitation and the attackers do so by urging them to apply the all-zero session codes to encrypt a portion of the transferred network. 

These kinds of bugs are previously being installed in the 4-way handshake, and this unsatisfactory state happens on unprotected Broadcom and Cypress chips that follow a Wi-Fi squad.

The researchers claimed that before disclosing the flaw, they worked with the affected victims through a qualified disclosure method. And after consulting the affected victims, they came to know that there are also unsafe products, and they are using the deployed patches.

Microsoft Azure Sphere, Qualcomm, and MediaTek Wi-Fi-enabled devices are also vulnerable

Apart from Broadcom and Cypress Wi-Fi chips, the ESET researchers Robert Lipovsky, and Stefan Svorencik have found the new variants of KrØØk on the Wi-Fi chips of other popular brands like Qualcomm and MediaTek. The chips of these brands were used in many places, like vehicles, travel systems, watches, laptops, smartphones, routers, and many other devices.

This new vulnerability was named, CVE-2020-3702, which is set off by detachment and commenced to some unwanted disclosure of data by dispatching unencrypted data in the place of encrypted data; worked like the KrØØk vulnerability.

This vulnerability included the ASUS RT-AC52U router and the Microsoft Azure Sphere expansion kit. This kit uses the MT3620 microcontroller, which are specifically used in the smart home, commercial, and industrial clarifications.

 Overview of KrØØk

Moreover, experts have also tested the D-Link DCH-G020 Smart Home Hub and the Czech Turris Omnia, but here the problem also involved other unpaid hardware as well. Apart from this, Qualcomm has already released a fix for its affected driver in July. 

Experts also included that there might be any other unpatched devices utilizing the vulnerable Qualcomm chipsets. But, in some cases, some devices do not use proprietary software; instead, they use open-source software like Linux-based; just as the upstream “ath9k” driver. 

The researchers affirmed that they would publish the script they are using to examine whether the devices are vulnerable to KrØØk or not. They also added tests for the newer variants and concluded by asserting that the script can be utilized by anyone to verify the exposure.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Latest articles

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

HackSynth : Autonomous Pentesting Framework For Simulating Cyberattacks

HackSynth is an autonomous penetration testing agent that leverages Large Language Models (LLMs) to...

Fuji Electric Indonesia Hit by Ransomware Attack

Fuji Electric Indonesia has fallen victim to a ransomware attack, impacting its operations and...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

HCL DevOps Deploy / Launch Vulnerability Let Embed arbitrary HTML tags

Recently identified by security researchers, a new vulnerability in HCL DevOps Deploy and HCL...

CISA Warns of Zyxel Firewalls, CyberPanel, North Grid, & ProjectSend Flaws Exploited in Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about several vulnerabilities being...

Thinkware Cloud APK Vulnerability Allows Code Execution With Elevated Privileges

A critical vulnerability identified as CVE-2024–53614 has been discovered in the Thinkware Cloud APK...