Hey guys, back again today with a latest news on cyber security
Kr00k vulnerability is tracked as CVE-2019-15126, which let the nearby remote attackers to decrypt few wireless packets transmitted over air by devices subjected to vulnerability.
It is not necessary for an attacker to be available inside the network, vulnerability is vulnerable against the devices with WPA2-Personal and Enterprise Protocols with AES-CCMP encryption after the dissociation.
Neither Attackers won’t be able to connect to Wi-Fi network nor can perform Man-in-the-middle attacks with this vulnerability.
Latest WPA3 Protocol devices are not subjected to this vulnerability and threat. Attackers can only steal and decrypt some packets it may contains any data with it. This vulnerability has nothing to do with the secure network traffic until you stop using HTTPS sites.
Researchers came across this critical hardware vulnerability relies in Wi-Fi chips forged by Broadcom and Cypress which is being used in lot of communication devices such as tablets, smartphones, routers, laptops, and IoT gadgets.
some of the confirmed consumers are amazon, Apple(iPhone,iPad, MacBook), Google(Nexus), Samsung(Galaxy), Raspberry(Pi 3), Xiaomi(Redmi)
How this Kr00k Vulerability works?
An attacker can capture sensitive data packets containing potential information data includes DNS, ARP, ICMP, HTTP, TLS, TCP by trigger disassociation by sending de-authentication packets over air.
This issue gave the attackers an extra hands by decrypting the traffic transmitted from connected devices those are connected to the vulnerable ones even though the devices are not vulnerable or different chips too.
This vulnerability was reported to the concerned Manufacturers Broadcom and Cypress by the researchers. Manufacturers are developing a path to mitigate the problem via software or firmware updates for their consumers.
It is Advised to all the users to check their hardware and go for updates provided by their vendors as soon as possible to keep yourself away from the prying eyes of attackers.
