U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Qualcomm and MediaTek Wi-Fi chips impacted by Kr00k-Like attacks

Wi-Fi chips manufactured by Qualcomm and MediaTek are impacted by vulnerabilities similar to the Kr00k issue disclosed early this year. Earlier this year, experts from ESET disclosed the Kr00k, a new high-severity hardware vulnerability, that affects Wi-Fi chips manufactured by Broadcom and Cypress. The Kr00k vulnerability, tracked as CVE-2019-15126, could be exploited by nearby remote attackers […]

Kr00k

Wi-Fi chips manufactured by Qualcomm and MediaTek are impacted by vulnerabilities similar to the Kr00k issue disclosed early this year.

Earlier this year, experts from ESET disclosed the Kr00k, a new high-severity hardware vulnerability, that affects Wi-Fi chips manufactured by Broadcom and Cypress.

The Kr00k vulnerability, tracked as CVE-2019-15126, could be exploited by nearby remote attackers to intercept and decrypt some wireless network packets transmitted over-the-air by a vulnerable device.

The attacker could exploit the Kr00k issue even when it is not connected to the victim’s wireless network, the vulnerability works against vulnerable devices using WPA2-Personal or WPA2-Enterprise protocols, with AES-CCMP encryption.

Kr00k

An attacker could exploit the Kr00k vulnerability after forcing a device from disconnecting from a Wi-Fi network.

Experts pointed out that the vulnerability does not reside in the Wi-Fi encryption protocol, instead, the issue is related to the way some chips implemented the encryption. Researchers pointed out that communications protected by TLS cannot be recovered by exploiting this vulnerability.

The flaw doesn’t affect modern devices using the WPA3 protocol.

Both Broadcom and Cypress addressed the flaw releasing security patches. Impacted products included devices from Amazon, Apple, Asus, Huawei, Google Samsung, and Xiaomi.

Wi-Fi chips from Qualcomm, Ralink, Realtek and MediaTek are not impacted by the Kr00k issue, but unfortunately, ESET experts discovered that they are affected by similar flaws.

Qualcomm Wi-Fi chips are impacted by a vulnerability tracked as CVE-2020-3702, the attacker could steal sensitive data after triggering a disassociation. Unlike Kr00k attacks, the attacker is not able to access to all the encrypted data because the process doesn’t use a single zero key for encryption.

“One of the chips we looked at, aside from those from Broadcom and Cypress, was by Qualcomm. The vulnerability we discovered (which was assigned CVE-2020-3702) was also triggerable by a disassociation and led to undesirable disclosure of data by transmitting unencrypted data in the place of encrypted data frames – much like with KrØØk. The main difference is, however, that instead of being encrypted with an all-zero session key, the data is not encrypted at all (despite the encryption flags being set).” reads the analysis published by ESET.

The ESET researchers discovered that the issue affects some of the devices they tested, including D-Link DCH-G020 Smart Home Hub and the Turris Omnia wireless router. This means that any other unpatched devices using the vulnerable Qualcomm chipsets will also be vulnerable.

Qualcomm addressed the issue by releasing a security patch for its proprietary driver in July, but experts pointed out that some devices use open-source Linux drivers and it’s not clear if those will be patched as well.

Experts found a similar issue affecting MediaTek Wi-Fi chips that don’t use encryption at all. The impacted chips are used in Asus routers and even in the Microsoft Azure Sphere development kit.

“One of the affected devices is the ASUS RT-AC52U router. Another one is the Microsoft Azure Sphere development kit, which we looked into as part of our Azure Sphere Security Research Challenge partnership.” continues the research.

“Azure Sphere uses MediaTek’s MT3620 microcontroller and targets a wide range of IoT applications, including smart home, commercial, industrial and many other domains,”

MediaTek released patches in March and April, while the Azure Sphere OS was patched in July.

ESET experts have released a script that could allow users to determine if a device is vulnerable to Kr00k or similar attacks.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Kr00k)

[adrotate banner=”5″]

[adrotate banner=”13″]