REVEALED: A flaw in chips powering Asus and Huawei Wi-Fi routers left more than ONE BILLION devices open to being hacked
- The flaw was revealed at a security conference and has already been patched
- It affected more than a billion devices and two major brands of Wi-Fi routers
- iPhones, Samsung phones, and Amazon Echos were among the affected devices
- A patch should have automatically fixed the flaw called KrØØk
Billions of devices were exposed by a flaw affecting chips that power popular Wi-Fi routers.
According to researchers from ESET, a cyber security company based on Slovakia, the flaw was discovered in chips from Cypress Semiconductor and Broadcom and affected some of the most popular devices on the planet, including four generations of iPhone, one generation of Macbook and two generations of Amazon Echo.
Affected routers were made by two major purveyors of wireless technology, Asus and Huawei.
The flaw was found in chips that power several popular models of Wi-Fi routers and revealed at a security conference this week (stock)
A patch has already been issued, but researchers, who publicly revealed the flaw for the first time at a security conference this week, say it exposed data being transmitted from a device over at-home and enterprise networks.
Specifically, the exploit, dubbed KrØØk allowed hackers to tinker with the encryption of data communicated between a device and the router, causing it to change from a random string of characters to all zeroes and effectively rending the encryption useless.
This decrypts witless ‘packets’ which are essentially shipments of data from a device to a router that are broken up into smaller parts and then reassembled at their destination. Those packets could contain anything from an email to an IP address and more.
‘This results in scenarios where client devices that are unaffected (either patched or using different Wi-Fi chips not vulnerable to Kr00k) can be connected to an access point (often times beyond an individual’s control) that is vulnerable,’ researchers wrote in a research paper.
WHICH DEVICES ARE AFFECTED BY KRØØK
Amazon Echo 2nd gen
Amazon Kindle 8th gen
Apple iPad mini 2
Apple iPhone 6, 6S, 8, XR
Apple MacBook Air Retina 13-inch 2018
Google Nexus 5
Google Nexus 6
Google Nexus 6S
Raspberry Pi 3
Samsung Galaxy S4 GT-I9505
Samsung Galaxy S8
Xiaomi Redmi 3S
‘The attack surface is greatly increased, since an adversary can decrypt data that was transmitted by a vulnerable access point to a specific client (which may or may not be vulnerable itself).’
Researchers say that the vulnerability is related to a previously discovered vulnerability called KRACK (key re installation attacks) that affected routers using the WPA 2 protocol – a system used by many home consumer electronics for accessing the internet.
They say that KRØØk is likely to be one of the root causes of the KRACK flaw.
Though most companies have already issued a patch for the vulnerability which should have been downloaded automatically, researchers say that anyone worried about the security of their networks can make sure all of their hardware is safe by downloading the latest software update.