Please disable your adblock and script blockers to view this page

Flaw in billions of Wi-Fi devices left communications open to eavesdropping


RSA
Broadcom
Wi-Fi
iPhones
iPads
Macs
Amazon Echos
Kindles
Android
Asus
Huawei
Eset
WLAN
CVE-2019
Apple
macOS
iOS
Qualcomm
Realtek
Ralink
Mediatek
DNS
HTTPS
TLS
the Ars Orbital Transmission
CNMN Collection WIRED Media Group
Condé Nast


Dan Goodin
Raspberry Pi 3
Wi-Fi
Robert Lipovsky
Ars

No matching tags


Kr00k


Wi-Fi
Cypress Semiconductor

No matching tags

No matching tags

Positivity     29.00%   
   Negativity   71.00%
The New York Times
SOURCE: https://arstechnica.com/information-technology/2020/02/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng/
Write a review: Ars Technica
Summary

Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely.“This results in scenarios where client devices that are unaffected (either patched or using different Wi-Fi chips not vulnerable to Kr00k) can be connected to an access point (often times beyond an individual’s control) that is vulnerable,” Eset researchers wrote in a research paper published on Wednesday. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.Disassociation typically happens when a client device roams from one Wi-Fi access point to another, encounters signal interference, or has its Wi-Fi turned off. Eset researcher Robert Lipovsky told me hackers can trigger multiple disassociations to further the chances of obtaining useful data.The following two diagrams help illustrate how the attack works.Eset researchers determined that a variety of devices are vulnerable, including:The researchers also found that the following wireless routers are vulnerable:An Apple spokesman said the vulnerabilities were patched last October with details for macOS here and for iOS and iPadOS here.Manufacturers of other vulnerable devices that still receive patch support couldn't immediately be reached for comment.The researchers tested Wi-Fi chips from other manufacturers, including Qualcomm, Realtek, Ralink, and Mediatek and found no evidence any of them were vulnerable.

As said here by Dan Goodin