Researchers at Eset
Recall that the Kr00k vulnerability is caused by incorrect processing of encryption keys when the device is disconnected (dissociated) from the access point. In the first version of the vulnerability, upon disconnection, the session key (PTK) stored in the chip's memory was reset to zero, since no further data will be sent in the current session. At the same time, the data remaining in the transmission buffer (TX) was encrypted with an already cleared key consisting only of zeros and, accordingly, could be easily decrypted upon interception. An empty key only applies to residual data in a buffer that is several kilobytes in size.
The key difference between the second version of the vulnerability, which manifests itself in Qualcomm and MediaTek chips, is that instead of being encrypted with a null key, the data after dissociation is transmitted unencrypted at all, despite the fact that the encryption flags are set. Among Qualcomm-based devices tested for vulnerabilities, D-Link DCH-G020 Smart Home Hub and an open router were noted
To exploit both variants of vulnerabilities, an attacker can send special control frames that cause dissociation and intercept the data sent after them. Dissociation is commonly used in wireless networks to switch from one access point to another while roaming or when the connection to the current access point is lost. Dissociation can be triggered by sending a control frame, which is transmitted unencrypted and does not require authentication (an attacker needs to be able to reach a Wi-Fi signal, but does not need to be connected to a wireless network). An attack can be carried out both when a vulnerable client device accesses an invulnerable access point, and when a device that is not affected by the problem accesses an access point on which the vulnerability manifests itself.
The vulnerability affects encryption at the wireless network level and allows you to analyze only user-established insecure connections (for example, DNS, HTTP and mail traffic), but does not make it possible to compromise connections with encryption at the application level (HTTPS, SSH, STARTTLS, DNS over TLS, VPN and etc.). The risk of attack is also reduced by the fact that an attacker can only decrypt a few kilobytes of data at a time that was in the transmit buffer at the time of detachment. To successfully capture sensitive data sent over an insecure connection, an attacker must either know exactly when it was sent, or constantly initiate a disconnect from the access point, which will catch the user's eye due to constant restarts of the wireless connection.
The issue is fixed in the July Qualcomm Chip Proprietary Driver Update and the April MediaTek Chip Driver Update. A fix for MT3620 was proposed in July. The researchers who identified the problem have no information about the inclusion of fixes in the free ath9k driver. To test devices for exposure to both vulnerabilities
Additionally, it can be noted
DSP chips are used in modern smartphones for operations such as sound, image and video processing, in computing for augmented reality systems, computer vision and machine learning, as well as in the implementation of a fast charging mode. Among the attacks that allow the identified vulnerabilities to be carried out are: Bypassing the access control system - stealthy capture of data such as photos, videos, call recordings, data from a microphone, GPS, etc. Denial of Service - blocking access to all stored information. Hiding malicious activity - creating completely invisible and unremovable malicious components.
Source: opennet.ru