Dateline today...
"The krook vulnerability affects both WPA2-Personal & WPA2-Enterprise
protocols, with AES-CCMP encryption."
o What is Kr00k?
<
https://www.eset.com/int/kr00k/>
"The vulnerability affects all unpatched devices with Broadcom
and Cypress FullMac Wi-Fi chips. These are the most common Wi-Fi chips
used in today's client devices, made by well-known manufacturers
including Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook),
Google (Nexus), Samsung (Galaxy) as well as devices under many
other brands. Wi-Fi Access points and routers are also affected
by Kr00k, making even environments with patched client devices
vulnerable. All-in-all, before patching there were more than
a billion affected devices."
o Serious vulnerability affected encryption of billions of WiFi devices
<
https://www.welivesecurity.com/2020/02/26/krook-serious-vulnerability-affected-encryption-billion-wifi-devices/>
"ESET researchers discovered a previously unknown vulnerability
in Wi-Fi chips and named it Kr00k. This serious flaw, assigned
CVE-2019-15126, causes vulnerable devices to use an all-zero encryption
key to encrypt part of the user's communication."
"Kr00k affects devices with Wi-Fi chips by Broadcom and Cypress that
haven't yet been patched. These are the most common Wi-Fi chips used
in contemporary Wi-Fi capable devices such as smartphones, tablets,
laptops, and IoT gadgets."
o Kr00k: How KRACKing Amazon Echo Exposed a Billion+ Vulnerable WiFi Devices
<
https://www.rsaconference.com/usa/agenda/kr00k-how-kracking-amazon-echo-exposed-a-billion-vulnerable-wifi-devices>
o Flaw in billions of Wi-Fi devices left communications open to
eavesdropping Cypress and Broadcom chip bug bit iPhones, Macs, Android
devices, Echoes, and more
<
https://arstechnica.com/information-technology/2020/02/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng/>
"The affected devices include iPhones, iPads, Macs, Amazon Echos
and Kindles, Android devices, Raspberry Pi 3's, and Wi-Fi routers
from Asus and Huawei."
"Manufacturers have made patches available for most or all of the
affected devices, but it's not clear how many devices have installed
the patches. Of greatest concern are vulnerable wireless routers,
which often go unpatched indefinitely."
o Broadcom chip flaw left select iPhones vulnerable to network eavesdropping
<
https://9to5mac.com/2020/02/26/iphone-fixed-broadcom-chip-flaw/>
"The affected Apple devices included:
iPad mini 2
iPhone 6, 6S, 8, and XR
MacBook Air 2018"
o New Kr00k vulnerability lets attackers decrypt WiFi packets
<
https://www.zdnet.com/article/new-kr00k-vulnerability-lets-attackers-decrypt-wifi-packets/>
"All in all, the Kr00k vulnerability should be easier to protect
against than KRACK -- a major vulnerability that impacted the
WPA2 WiFi protocol and forced most device vendors to switch to
using WPA3 by default."
--
Only 2 types of people are on Usenet: those who add value & those who can't.