Billions of Devices Open to Wi-Fi Eavesdropping Attacks

kr00k wi-fi security flaw encryption

The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.

SAN FRANCISCO — A serious vulnerability in Wi-Fi chips has been discovered that affects billions of devices worldwide, according to researchers. It allows attackers to eavesdrop on Wi-Fi communications.

The bug (CVE-2019-15126) stems from the use of an all-zero encryption key in chips made by Broadcom and Cypress, according to researchers at ESET, which results in data decryption. This breaks the WPA2-Personal and WPA2-Enterprise security protocols.

The vulnerable chips are found in smartphones, tablets and laptops (using Broadcom silicon) and in IoT gadgets (Cypress chips), including several generations of products from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi). ESET also found the bug to be present in access points (APs) and routers by Asus and Huawei. In all, more than a billion devices are affected, researchers estimated.

ESET dubbed the vulnerability “KrØØk” to incorporate the zeros, and also because it’s related to the KRACK attack, a.k.a. Key Reinstallation Attacks, discovered in 2017. The KRACK approach was an industry-wide problem in the WPA and WPA2 protocols for securing Wi-Fi that could cause “complete loss of control over data,” according to ICS-CERT. It explained in an advisory at the time that KRACK “could allow an attacker to execute a ‘man-in-the-middle’ attack, enabling the attacker within radio range to replay, decrypt or spoof frames.”

According to ESET, “[it] found KrØØk to be one of the possible causes behind the ‘reinstallation’ of an all-zero encryption key, observed in tests for KRACK attacks. This followed our previous findings that Amazon Echo was vulnerable to KRACK,” researchers said in a writeup on the flaw, issued Wednesday at the RSA Conference 2020.

In Wi-Fi, whenever a device connects to an access point (AP), that’s called an association. When it disconnects (for instance when a person roams from one Wi-Fi AP to another, experiences signal interference or turns off Wi-Fi on the device) this is called a disassociation.

krack vs krook

KRACK vs. Kr00k. Click to enlarge.

“KrØØk manifests itself after a disassociation,” ESET researchers explained. “[Once disassociation happens], the session key stored in the Wireless Network Interface Controller’s (WNIC) Wi-Fi chip is cleared in memory – set to zero. This is expected behavior, as no further data is supposed to be transmitted after the disassociation. However, we discovered that all data frames that were left in the chip’s transmit buffer were transmitted after being encrypted with this all-zero key.” Because it uses all zeros, this “encryption” actually results in the data being decrypted and left in plain text.

The attack path is simple: Associations and disassociations are governed by management frames, which are themselves unauthenticated and unencrypted, ESET explained. To exploit the bug, an adversary can simply manually trigger a disassociation by sending a crafted management data frame, and will then be able to retrieve the plaintext information left in the buffer.

Speaking at a session on the findings at RSAC, ESET researcher Steve Vorencik said that KrØØk can expose up to 32KB of data at once, which is equivalent to around 20,000 words. An attacker can send a series of management frames to trigger the attack in an ongoing fashion and start collecting data, which could be passwords, credit card information or anything else the user may be sending to the internet over Wi-Fi.

“Eavesdropping can be active or passive,” Vorencik said. “What they hear depends on the timing of what the user is doing. You could just wait for something interesting to crop up — and something always does.”

The attack can be magnified when a vulnerable AP is involved in the mix. For instance, listening to a smart home hub can retrieve any information sent between it and satellite devices such as a connected doorbell, smart thermostat or smart lights, or laptops, computers and mobile devices. ESET researchers explained that this then allows attackers to eavesdrop on even unaffected or already patched client devices.

“This greatly increases the scope of the attack,” explained Vorencik. “An attacker needs only to send a management frame to the AP and then can gain access to the whole environment.”

In a demo, Vorencik and fellow ESET researcher Robert Lipovsky showed that KrØØk could be used to retrieve passwords for non-vulnerable devices connected to a “KrØØk-ed” AP, allowing whole-home or whole-office pwning.

ESET responsibly disclosed the bug and allowed a 120-day grace period for Broadcom and Cypress to create firmware updates — and to give manufacturers time to use those to create OS updates, patches and firmware upgrades to roll out to end users. Fixes have been released by major manufacturers, according to ESET, and users will need to update their devices in order to ensure that communications from their Wi-Fi devices can’t be easily hacked and eavesdropped upon.

The totaling of more than a billion devices affected is “a conservative estimate,” according to ESET’s paper, because KrØØk is likely not limited to just the devices the company tested. “Our results are in no way comprehensive,” Lipovsky said at RSAC , adding that Qualcomm and MediaTek gear was not vulnerable.

For Threatpost’s complete RSA Conference 2020 reporting, please visit our special coverage section, available here

Suggested articles

Tokyo Olympics Postponed, But 5G Security Lessons Shine

Threatpost Senior Editor Tara Seals is joined by Russ Mohr, engineer and Apple evangelist at MobileIron along with Jerry Ray, COO at SecureAge, for a discussion about the now postponed Tokyo Games and its use of 5G and the myriad of security concerns Japan is preparing for.

Discussion

  • Anonymous on

    Except that passwords and credit cards themselves would be encrypted (normally) in another later if encryption through the ssl connection between browser and website. This doesn't appear to be any different than having a possible rogue free wifi access point. Which today is not very scary anymore as almost all important data (what isn't?) Is getting encrypted from the machine to the site/service.
  • Marcel on

    Apple products have been patched since October 2019 for this (and other) vulnerabilities!!!
  • Bob Newhart on

    DigiCert, Thawte and other AAA providers should use this to boost their own credibility.

Leave A Comment

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.