This and other powerful information are at Black Hat Asia 2020 and it is not too late to tune in …
Today, at the Black Hat Asia 2020 and WeLiveSecurity virtual event, researchers Robert Lipovský and Štefan Svorenčík from ESET will unveil their hard work researching “How KRACKing Amazon Echo Exposed a Billion+ Vulnerable Wi-Fi Devices” and the KrØØk debacle.
The presentation about KrØØk by Robert Lipovský and Štefan Svorenčík includes technical details and a live demonstration of their recent discovery of the security weakness in chipsets used by a significant number of Wi-Fi capable devices. The two researchers also elaborate on the potential impact of these vulnerabilities, along with the limitations of exploiting them.
What is KrØØk?
This foreign-looking name refers to a vulnerability originally discovered in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic. The chipset-level, all-zero-key vulnerability has been assigned CVE-2019-15126.
Exploiting KrØØk allows adversaries to intercept and decrypt (potentially sensitive) data, but with a significant advantage for the attackers: While they need to be in range of the Wi-Fi signal, they do not need to be authenticated and associated with the WLAN. In other words, the attackers do not need to know the Wi-Fi password!
Research had started with the discovery that some versions of the popular Amazon Echo and Kindle devices were vulnerable to Key Reinstallation Attacks (KRACK). Looking into the all-zero encryption key modification of KRACK, further vulnerable devices were discovered, reported and patched by the vendor. But the most significant finding was that the crux is in the hardware: the Wi-Fi chipsets themselves. Hence, the issue affects a much wider range of devices.
The two ESET researchers’ KrØØk findings were first presented at the virtualized RSA Conference 2020 in February. After publication, the vulnerability was brought to the attention of many more chipset and device manufacturers. Some manufacturers have since discovered their products to be vulnerable and have deployed patches.
Interested readers who have not already done so are urged to register for the event to find out this and other career-enhancing factoids.