Alert for a WiFi failure affecting hundreds of millions of mobiles, routers and computers a vulnerability present in WiFi chips, embedded in devices such as computers, ‘smartphones’, tablets, WiFi access points and ‘routers’, generates erroneous encryption keys that expose network packets to possible attacks.
Kr00k (CVE-2019-15126), as the vulnerability has been named, has put at risk the communications of one billion computers worldwide, as ESET has warned through a statement sent to Europa Press. The vulnerability causes the network communication of an affected device to be encrypted with an encryption key consisting of zeros. In a successful attack, this error allows an adversary to decrypt wirelessly sent network packets.
Alert for a WiFi failure that affects hundreds of millions of mobiles, routers and computers
The bug affects all devices with Broadcom and Cypress WiFi chips without updating with the corresponding security patches. These are the most common WiFi chips used in users’ devices, as pointed out by the company. WiFi access points and routers are also affected by the vulnerability, making even environments with patched user devices also vulnerable. ESET tested and confirmed that vulnerable devices included devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Pixel phones), Samsung (Galaxy phones), Raspberry (Pi 3) and Xiaomi (Redmi ), as well as access points from Asus and Huawei.
It is necessary to update all WiFi-enabled devices, including phones, tablets, laptops, IoT smart devices and WiFi access points and routers, Alert for a WiFi failure to the latest version of ‘firmware’ provided by the manufacturer,” recommends Josep Albors, responsible of Awareness and Research of ESET Spain Alert for a WiFi failure. after releasing the research, most of the major manufacturers of affected devices have released patches with updates, as the European cybersecurity company has assured.Alert for a WiFi failure