More than a billion devices were vulnerable to hackers due to a flaw in the wifichips the devices, turns out Wednesday from the research from the security office ESET. An attacker could, for iPhones, Samsung Galaxy phones, large amounts of sensitive information to be intercepted.
The vulnerability is the name of Kr00k and in wifichips of Cypress Semiconductor, and Broadcom. According to Eset, the chips which are today the most commonly used in determine. In addition to the iphone and Samsung’s Galaxy s phones, including iPads, Macbooks, Amazon-Echo-speaker, Amazon Kindle readers, and routers, made by Asus, and Huawei was vulnerable to the attack.
The Kr00k leak occurs when a wifisessie will be lost. The session of the wifichip will then be equal to zero, there would be no more data to be sent. However, the researchers found that there are still remaining dataframes can be sent, which is not enough to be encrypted. Attackers who are the frames, and then catch it.
for example, If the Kr00k leak by a malicious user or attacker, it would be in vain, he would, therefore, have access to vast amounts of sensitive information. For an attacker, according to ESET, but not with the wi-fi network to be connected to the dataframes to catch it.
‘Major concerns surround the affected routers
ESET has found the vulnerability while investigating an issue with the Amazon Echo device. In October, discovered that ESET is the old smarthomeapparaten on Amazon for a long time to hack it was through a known vulnerability in the wifisystemen, which is called time world cup winner, millions of users are affected.
now, ESET has the vulnerability, and in the meantime communicated to the chip manufacturers Broadcam, and the Cypress, after which, they are patches that have been published. However, the main concerns are still around the affected routers. According to ESET, this is much less frequently updated than that of phones and tablets. “This increases the attack surface because of the data that are due to a weak access point will be transmitted to the fragile device, which can often be outside of our control, reverse engineered by an attacker,” says researcher Robert Lipovský.
“To find yourself, as a user, to protect you, you need to make sure that all of the devices, with wifi access, including mobile phones, tablets, laptops and smart IoT devices, and wifitoegangspunten, and the routers are updated to the latest firmware version to use,” advises the analyst.