More than a billion devices at risk!
A security flaw in Wi-Fi chip has now exposed over a billion devices, that include PCs, smartphones, IoT open for attack. Tracked as CVE-2019-15126, ESET researchers named this bug as Kr00k and is found in all the Wi-Fi chips made by Broadcom and Cypress. Whenever there’s a connection to Wi-Fi Access Point, the adjoining is called association. Similarly, the disconnection of that link is termed as dissociation. Here, as per researchers, an adversary can capture data frames that are being created whenever there’s a dissociation of Wi-Fi. The data frames consist of all the network traffic data and most importantly, session key. This can be captured as frames and decrypted. This was caused due to the bugged Wi-Fi chip, where the transmission buffer sets automatically to zero as value whenever there’s a dissociation.
Patch already available
Interestingly, this flaw can be fixed by a software update even though the hardware chip’s being bugged. Broadcom and Cypress have passed patches for this already and urges users and potential victims to apply it as soon as possible. This patch can stop the transmission buffer setting into zero and even drops all the data immediately after dissociation, thus not being fed into data frames and stolen by a hacker.