Latest Flaw in Wi-fi Encryption Affects a Number of Devices

Cyber security researchers announced new high-severity hardware vulnerability present in the popular Wi-Fi chips manufactured by Broadcom and Cypress which are activating an array of digital devices including smartphones, tablets, laptops, routers, and IoT gadgets.

Called 'Kr00k' and indexed as CVE-2019-15126, the vulnerability allows remote attackers intercept and decrypt some wireless network packets transmitted over-the-air by a vulnerable device.

The hacker need not be connected to the target's wireless network and the vulnerability works against vulnerable devices using WPA2-Personal or WPA2-Enterprise protocols with AES-CCMP encryption to protect their network traffic.

"Our tests confirmed some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to Kr00k," ESET researchers said.

As per the researchers, the Kr00k flaw is in a way related to the KRACK attack, a system that makes it smoother for attackers to hack Wi-Fi passwords protected using a widely-used WPA2 network protocol.

ISOAH is the anti hacking institute that conducts audits to ensure data security like no other.

Read more on cyber security.