"Beyond KrØØk: Even More Wi‑Fi Chips Vulnerable to Eavesdropping"

Researchers have discovered a new vulnerability they are calling KrØØk (formally CVE-2019-15126).  KrØØk is a vulnerability in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic. Specifically, the bug has led to wireless network data being encrypted with a WPA2 pairwise session key that is all zeros instead of the proper session key that had previously been established in the 4-way handshake. This undesirable state occurs on vulnerable Broadcom and Cypress chips following a Wi-Fi disassociation.  Exploiting KrØØk would allow adversaries to intercept and decrypt (potentially sensitive) data of interest and, when compared to other techniques commonly used against Wi-Fi, exploiting KrØØk has a significant advantage.  While adversaries need to be in range of the Wi-Fi signal, the attackers do not need to be authenticated and associated to the WLAN. The adversaries do not need to know the Wi-Fi password.

WeLiveSecurity reports: "Beyond KrØØk: Even More Wi‑Fi Chips Vulnerable to Eavesdropping"