by Robinson Roca
Practice Leader – Network Infrastructure
A new vulnerability which affects any wireless device with Broadcom and Cypress WiFi chips has been announced. Most company’s do not track what WiFi chips are used to connect to the network. There can be countless affected WiFi devices in the network. The vulnerability has been confirmed to affect Apple iOS, iPadOS, macOS, Amazon Fire OS, Google Nexus, Samsung Galaxy and some Xiaomi devices. That may only be the beginning of the named list, as there is a wide array of wireless devices.
This vulnerability is called “Kr00k”. The CVE for Kr00k is (CVE-2019-15126). It can be used by an attacker to intercept and decrypt WiFi traffic encrypted using the ubiquitous WPA-2 AES encryption.
Here’s how the vulnerability works. Devices disassociate from the network all the time, as all WiFi devices do when the user walks around with them. When the vulnerable device disassociate they reset their known WiFi key (password) to all zeros. This makes the key known to anyone aware of this vulnerability, thus opening the door to capturing data when reconnecting to a network that has been deemed trusted. If all communication using a vulnerable device is over HTTPS gets captured by an attacker, the data will still be secured as it’s encrypted with SSL encryption, but the hacker still has the data in hand which is not a desirable outcome.
Many of the above vendors have put out patches to fix this vulnerability, but most companies don’t have the resources to follow up with every single vendor to ensure all end node WiFi devices were patched. If you plan to mitigate the issues in-house you’ll have the peace of mind in knowing that security is not in the hands of your various vendors. Especially in BYOD scenarios.
Helient’s recommendations are the following:
Of course, Helient is always prepared to assist with keeping your network safe. If you would like assistance or have questions, please reach out to Helient today.