3/20/2020
12:45 PM
100%
0%

Proof of Concept Released for kr00k Wi-Fi Vulnerability

The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.

Researchers at HexWay have demonstrated a proof-of-concept (PoC) exploit of kr00k, a significant Wi-Fi vulnerability first described by Eset researchers in February. The vulnerability forces a device to use an encryption key of all zeroes under certain circumstances. The PoC shows that the circumstances are not difficult to achieve.

In the PoC, a python script called r00kie-kr00kie is used to force a device to disassociate from the network; any data packets left in the device's Wi-Fi chip are encrypted with all zeros and can then be flushed and read. The action can be conducted repeatedly, potentially gathering large amounts of unencrypted data from the victim.

kr00k was estimated to have had an impact on well over 1 billion devices, including some from Apple, Amazon, Google, Raspberry Pi, Samsung, and Xiaomi. Device owners are urged to be sure that their devices have been updated to the latest operating system and firmware releases.

For more, read here and here.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Security Lessons We've Learned (So Far) from COVID-19."

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio
 

Recommended Reading:

Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service