At the RSA 2020 security conference in San Francisco security researchers from ESET disclosed a new vulnerability that impacts WiFi communications. Along with the presentation given by ESET the Slovakian based security firm also published a white paper detailing the discovered vulnerability, currently been tracked as CVE-2019-15126. Named Kr00k, the bug can be exploited by attackers to not only incept traffic but decrypt some traffic that relies upon WPA2 connections.
According to the security firm Kr00k affects all WiFi-capable devices running on Broadcom and Cypress Wi-Fi chips. These are two of the world's most popular WiFi chipsets, and they are included in almost everything, from laptops to smartphones, and from access points to smart speakers and other Internet of Things (IoT) devices. Given the wide usage of the affected chips, it has been estimated that over a billion devices are vulnerable.
Further, some of the world’s largest tech companies are affected and include companies like Amazon, Apple, Google, Samsung, Raspberry Pi Foundation, Xiaomi, Asus, and Huawei. ESET conducted tests on other WiFi chip manufacturers like Qualcomm, Ralink, Realtek, and Mediatek, but could not reproduce the attack. However, it was noted that the vulnerability could still exist on chips not tested by researchers.
Vulnerabilities are discovered on a near-daily basis that could potentially allow hackers to exploit either a coding error in the software or by introducing code into hardware controllers that shouldn’t be there. What makes Kr00k stand out amongst the others is that if successfully exploited it allows the attacker to decrypt specific encrypted traffic packets when sent over a WiFi connection.
These packets are typically encrypted with a unique key. It is this unique key that is the source of the bug according to researchers. They discovered that or Broadcom and Cypress Wi-Fi chips, this key gets reset to an all-zero value during a process they call “disassociation”. Researchers stated,
“Once a station’s WLAN session gets disassociated, the session key (TK) stored in the Wireless Network Interface Controller’s (WNIC) Wi-Fi chip is cleared in-memory – set to zero. This is expected behavior, as no further data is supposed to be transmitted after the disassociation. However, we discovered that all data frames that were left in the chip’s Tx (transmit) buffer were transmitted after being encrypted with this all-zero key.
Disassociation normally occurs when there is a temporary disconnection if the signal strength is too low. This disconnection routine can happen many times a day but WiFi devices are configured to reconnect by default. Researchers found that if they placed a device in a prolonged disassociated state they could intercept packets intended for the targeted device. Then once packets had been intercepted apply the Kr00k vulnerability, namely the resetting of the encryption key to all-zero values, to decrypt the packets.
This process of decrypting information believed to be secure is what has got the InfoSec community interested. It is important to note that the flaw only affects WiFi connections that use WPA2-Personal or WPA2-Enterprise WiFi security protocols, with AES-CCMP encryption. This means that to protect yourself if you have a device with an affected chip by using the newer WPA3 WiFi authentication protocol. Further, ESET has been working closely with the affected companies, noting that patches are already available. Researchers stated,
“According to some vendor publications and our own (non-comprehensive) tests, devices should have received patches for the vulnerability by the time of publication. Depending on the device type, this might only mean ensuring the latest OS or software updates are installed (Android, Apple and Windows devices; some IoT devices), but may require a firmware update (access points, routers and some IoT devices).”
Similar to KRACK but nowhere near as Bad
The Kr00k flaw’s uniqueness comes in the flaws, when properly executed, the ability to decrypt information believed to be safe and the sheer amount of vulnerable devices. The flaw does not lead to a full compromise of the victim’s communications. If the original communication was encrypted then they would remain encrypted. Put differently if you are visiting sites via HTTPS or a Tor browser that information will remain encrypted even if Kr00k is used in an attack. This is also true for instant messaging services that use end-to-end encryption.
Kr00k cannot be exploited via botnet attacks either, successful exploitation would involve the attacker to have close physical proximity to the targeted device, namely being within the WiFi network range. All these factors decrease the severity of the flaw.
Despite this, similarities have been drawn between the infamous KRACK flaw and Kr00k with researchers stating,
“Our discovery of the chipset-level Kr00k vulnerability follows our previous research known as KRACK (Key Reinstallation Attacks). This section provides the background story behind our research, as well as a comparison of Kr00k and KRACK, as the two are related but also fundamentally different. KRACK attacks revealed serious weaknesses in the WPA2 protocol – these were alarming discoveries by Mathy Vanhoef in 2017. The plural in KRACK is important: there were a number of variants of the attacks, and a number of CVEs were assigned to cover these. In the worst case scenarios, KRACK attacks can result in the setting of an all-zero TK under a number of different circumstances, as is explained in Vanhoef’s paper.”
When compared with the KRACK which made headlines in 2017, Kr00k is relatively minor. KRACK was a vulnerability found in the WPA2 WiFi protocol and forced most device vendors to switch to using WPA3 by default. While both enable the unauthorized decryption of data KRACK had far more dangerous and far-reaching implications for the digital ecosystem. Rather than the complete adoption of an entirely new security standard, Kr00k can be effectively mitigated with patches.