Proof of Concept Released for kr00k Wi-Fi VulnerabilityProof of Concept Released for kr00k Wi-Fi Vulnerability
The code demonstrates a relatively simple method to exploit a vulnerability in more than a billion devices.
March 20, 2020
Researchers at HexWay have demonstrated a proof-of-concept (PoC) exploit of kr00k, a significant Wi-Fi vulnerability first described by Eset researchers in February. The vulnerability forces a device to use an encryption key of all zeroes under certain circumstances. The PoC shows that the circumstances are not difficult to achieve.
In the PoC, a python script called r00kie-kr00kie is used to force a device to disassociate from the network; any data packets left in the device's Wi-Fi chip are encrypted with all zeros and can then be flushed and read. The action can be conducted repeatedly, potentially gathering large amounts of unencrypted data from the victim.
kr00k was estimated to have had an impact on well over 1 billion devices, including some from Apple, Amazon, Google, Raspberry Pi, Samsung, and Xiaomi. Device owners are urged to be sure that their devices have been updated to the latest operating system and firmware releases.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "Security Lessons We've Learned (So Far) from COVID-19."
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Protecting Critical Infrastructure: The 2021 Energy, Utilities, and Industrials Cyber Threat Landscape Report
2021 Gartner Market Guide for Managed Detection and Response Report
Managed Security and the 3rd Party Cyber Risk Opportunity Whitepaper