More than a billion users of wi-fi enabled devices around the wold are vulnerable to hacking due to a microchip design flaw discovered by ESET researchers.
Dubbed KrOOk by the ESET team that discovered it, the flaw affects the most common Wi-Fi chips found in today’s electronic devices — most common in smartphones, tablets, laptops and connected devices like smart TVs, smart speakers, toys and appliances — that haven’t been patched. The vulnerability also impacts wi-fi access points and routers.
The research that uncovered KrOOk was released February 26 at the RSA Conference in San Francisco.
“Kr00k manifests itself after Wi-Fi disassociations – which can happen naturally, for example due to a weak Wi-Fi signal, or may be manually triggered by an attacker,” says Alexis Dorais-Joncas, lead of ESET’s research and development team in Montreal. “If an attack is successful, several kilobytes of potentially sensitive information can be exposed. By repeatedly triggering disassociations, the attacker can capture a number of network packets with potentially sensitive data.”
Among the vulnerable devices are client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi), as well as access points by Asus and Huawei.
However, steps are already being taken to protect users from unwanted incursions and potential hacks.
ESET disclosed the vulnerability to the chip manufacturers Broadcom and Cypress, who subsequently released patches. It also worked with the Industry Consortium for Advancement of Security on the Internet (ICASI) to ensure that all possibly affected parties – including affected device manufacturers using the vulnerable chips, as well as other possibly affected chip manufacturers – were aware of Kr00k. According to our information, devices by major manufacturers have now been patched.
Consumers can ensure their protection by making sure they have applied the latest available updates on all of their Wi-Fi-capable devices — including phones, laptops, tablets, smart home devices and Wi-Fi access points and routers.
By this point, most of the major manufacturers have released the patch required to protect against the flaw. Depending on the device in question, it may mean only ensuring that latest OS or software updates are installed, but it may require a firmware update.