Skip to main content

Kr00k WPA2 Vulnerability

Security researchers have disclosed details of a vulnerability, known as Kr00k, affecting the Wi-Fi Protected Access II (WPA2, IEEE 802.11i-2004) wireless security protocol and how it is implemented in a number of Broadcom and Cypress wireless chipsets. They claim that a user on the same WLAN could exploit this vulnerability to decrypt communications sent to and from affected systems.

Threat ID:
CC-3381
Category:
Threat Severity:
Low
Threat Vector:
Published:
27 February 2020 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Security researchers have disclosed details of a vulnerability, known as Kr00k, affecting the Wi-Fi Protected Access II (WPA2, IEEE 802.11i-2004) wireless security protocol and how it is implemented in a number of Broadcom and Cypress wireless chipsets. They claim that a user on the same WLAN could exploit this vulnerability to decrypt communications sent to and from affected systems.

Affected platforms

The following platforms are known to be affected:

Devices using Broadcom or Cypress Wi-Fi chipsets, including (but not limited to) products from the following vendors:

  • Apple
  • Amazon
  • Asus
  • Dell
  • Google
  • HP
  • Huawei
  • Lenovo
  • Microsoft
  • Samsung

Threat details

The vulnerability affects both WPA2-Personal and WPA2-Enterprise variants using the AES-CCMP, and is the result of poor implementation of the protocol in the affected chipsets. When a WPA2-secured session is disconnected, the temporal key used during the session is cleared from memory, in effect setting it to zero. However, any data left in the chipsets transmission buffers is then sent using this all-zero key, effectively negating WPA2. An attacker with access to the same WLAN could artificially force session disconnection in order to read sensitive data.

For further information:

Remediation steps

Type Step

The researchers have confirmed that both the Wi-Fi Alliance and the ICASI are working with affected manufacturers to produce updates to address Kr00k.

Affected organisations are encouraged to contact their relevant suppliers to obtain and apply these updates as they become available.

CVE Vulnerabilities

Status

CVE-2019-15126

Last edited: 29 June 2021 12:00 pm