Since the discovery of the vulnerability known as Kr00k, it has been mentioned that several million users are still exposed even though there is an update that would have been made available to them.
The famous security flaw was unveiled during the RSA 2020 security conference. It is the IT security experts at ESET, a company specializing in the provision of security solutions, who have the advantage of discovering it first.
This article will also interest you: Use a public WiFi safely, how to do it?
According to these researchers, the security flaw has its source another flaw already discovered and very famous by the way, called Krack. By the particular, it has been highlighted by the experts who will allow cybercriminals to decipher certain information that entered and exited WiFi network. "Kr00k exploits a weakness that occurs when devices without separate from an access point. When a device or access point is all unsented data packets are stored in a buffer, then transmitted over the air (…) Rather than encrypting this data with The session key used during the normal connection, the devices vulnerable people use a key made up of several zeroes, making the very easy decryption." Explains the ESET researcher in their report.
Most of the problem occurs when a terminal moves from wifi to another access point. it can also provide when the user turns off their WiFi connection. So thanks to the low rate of encryption during these different periods, the hacker who is not far from the device, to the possibility of intercepting a significant amount of user data.
2 major WiFi chip providers were affected in this case of vulnerability: Broadcom and Cypress. On the other hand, the update is still available for anyone who haven't downloaded me yet this fix. "Our tests have confirmed that prior to the patch, some Customers of Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some points Asus and Huawei, were vulnerable in Kroak," the report said. ESET.
So according to an estimate given this context, it is estimated that about 1 billion people may be affected by this security. This represents a great cyber danger, especially as a large the majority of these people are still in the dark. Several products have been tested to determine those who were exposed by the vulnerability, even if their suppliers are not truly known. models that have been observed as vulnerable are the Following:
Amazon Echo 2nd gen
Amazon Kindle 8th gen
Apple iPad mini 2
Apple iPhone 6, 6S, 8, XR
Apple MacBook Air Retina 13-inch 2018
Google Nexus 5
Google Nexus 6
Google Nexus 6S
Raspberry Pi 3
Samsung Galaxy S4 GT-I9505
Samsung Galaxy S8
Xiaomi Redmi 3S
On the router side, we have: Asus RT-N12; Huawei B612S-25d; Huawei EchoLife HG8245H; Huawei E5577Cs-321.
On the Apple side, this problem has already been resolved thanks to an update of the operating system already released last October.
Now access an unlimited number of passwords: