Posted by Andrew Ross, February 28, 2020
KrØØk: Latest Affects Encryption of Wi‑Fi Devices
UPDATE: Silex Wi-Fi safe from KR00K
Silex is pleased to announce that after an internal evaluation and discussions with our partner, Qualcomm Atheros, we can confirm that none of Silex's Wi-Fi products are susceptible to the KR00K vulnerability, and are safe to use without any remedial action.
We appreciate your patience while we determined the security status of our products. If you have any further questions regarding this notice, please contact firstname.lastname@example.org.
On February 26th, ESET researchers disclosed to the public a previously unknown vulnerability named KrØØk. Considered serious, the flaw, assigned CVE-2019-15126, can cause Wi-Fi devices to use an all-zero encryption key to encrypt part of the user’s communication. If an attack is successful, this will allow some of the transmitted wireless network packets from the vulnerable device to become easily decrypted.
A link to the full description of the vulnerability, provided in a white paper by ESET, can be found below:
As stated in the white paper, Kr00k manifests itself after a station disassociates from the network. Once a station’s WLAN session is dis-associated, the session key (TK) stored in the Wi-Fi chip is cleared in memory i.e., set to zero. This expected behavior occurs after disassociation, as no further data is supposed to be transmitted. However, after being encrypted with this all-zero key, it was soon discovered that all data frames left in the chip’s Tx (transmit) buffer were transmitted, leaving them easily accessible.
The white paper goes on to provide a comparison of the KrØØk vulnerability with the earlier KRACK vulnerability:
|KRACK, as the expanded acronym suggests, is a series of attacks – exploits||KrØØk, on the other hand, is a vulnerability – bug|
|The basic idea behind KRACK is that the Nonce is able to be reused to acquire the keystream||The main idea behind KrØØk is that data encryption occurs with an all-zero session key (TK)|
|Triggered during the 4-way handshake||Triggered after a disassociation|
|Affects most Wi-Fi capable devices, as it exploits implementation flaws in the WPA2 protocol itself||Affects the most widespread Wi-Fi chips (by Broadcom & Cypress)|
Currently, the identity of this vulnerability is only being seen in the Broadcom and Cypress Wi-Fi devices. Although, at this time, no Qualcomm Wi-Fi chipsets are known to contain the vulnerability, as a lead supplier of Qualcomm radios, Silex is in the process of confirming that the vulnerability does not impact any of our supported Wi-Fi products.
As a serious vulnerability, Silex is treating this notification with the highest level of concern and is in the process of assessing its impact on our embedded wireless and infrastructure Wi-Fi products. Please note that we will be sure to provide updates over the coming days as they become available.
- KrØØk: Serious vulnerability affected encryption of billion+ Wi‑Fi devices: https://www.welivesecurity.com/2020/02/26/krook-serious-vulnerability-affected-encryption-billion-wifi-devices/