"Billions of Devices Open to Wi-Fi Eavesdropping Attacks"

Researchers at ESET discovered a critical bug in Wi-Fi chips, which affects billions of devices, including smartphones, tablets, laptops, and routers from Amazon, Apple, Google, Samsung, and others. The vulnerability, dubbed Kr00k, derives from an all-zero encryption key in widely used Wi-Fi chips made by Broadcom and Cypress. According to researchers, the encryption key can be disabled by attackers, allowing them to gather data via eavesdropping on Wi-Fi communications. Kr00k is related to the Key Reinstallation Attacks (KRACK), which allowed multiple vulnerabilities in the WPA and WPA2 security protocols to be exploited by attackers to capture and view Wi-Fi traffic. This article continues to discuss where the Kr00k bug comes from, what the exploitation of this vulnerability could allow attackers to do, its relation to the KRACK attack, and the devices affected by the bug.

Threatpost reports "Billions of Devices Open to Wi-Fi Eavesdropping Attacks"