Researchers at Eset at the current conference information about () in Cypress and Broadcom wireless chips, which allows decrypting intercepted Wi-Fi traffic protected using the WPA2 protocol. The vulnerability has been given the code name Kr00k. The problem covers FullMAC chips (Wi-Fi stack is implemented on the side of the chip, not the driver) used in a wide range of consumer devices, from smartphones from well-known manufacturers (Apple, Xiaomi, Google, Samsung) to smart speakers (Amazon Echo, Amazon Kindle) , cards (Raspberry Pi 3) and wireless access points (Huawei, ASUS, Cisco).
The vulnerability is caused by incorrect processing of encryption keys upon disconnection () devices from the access point. Disconnecting resets the session key chip (PTK) stored in memory, as no further data will be sent in the current session. The essence of the vulnerability is that the data remaining in the transmission buffer (TX) is encrypted with an already cleared key, consisting only of zeros and, accordingly, can be easily decrypted upon interception. An empty key only applies to residual data in a buffer that is several kilobytes in size.
Thus, the attack is based on the artificial sending of certain frames that cause dissociation, and the interception of the data sent after it. Dissociation is commonly used in wireless networks to switch from one access point to another while roaming or when the connection to the current access point is lost. Dissociation can be triggered by sending a control frame, which is transmitted unencrypted and does not require authentication (an attacker needs to be able to reach a Wi-Fi signal, but does not need to be connected to a wireless network). The attack was tested only using the WPA2 protocol, the possibility of attacking WPA3 was not checked.
According to preliminary estimates, the vulnerability could potentially affect billions of devices in use. On devices with Qualcomm, Realtek, Ralink and Mediatek chips, the problem does not appear. At the same time, traffic decryption is possible both when a vulnerable client device accesses a problem-free access point, and when a device not affected by the problem accesses an access point on which the vulnerability manifests itself. Many consumer device manufacturers have already released firmware updates to address the vulnerability (for example, Apple vulnerability back in October last year).
It should be noted that the vulnerability affects encryption at the wireless network level and allows you to analyze only unsecure connections established by the user, but does not make it possible to compromise connections with encryption at the application level (HTTPS, SSH, STARTTLS, DNS over TLS, VPN, etc.). The risk of attack is also reduced by the fact that an attacker can only decrypt a few kilobytes of data at a time that was in the transmit buffer at the time of detachment. To successfully capture sensitive data sent over an insecure connection, an attacker must either know exactly when it was sent, or constantly initiate a disconnect from the access point, which will catch the user's eye due to constant restarts of the wireless connection.
Some of the devices tested by Eset for being attackable:
- Amazon Echo 2nd gen
- Amazon Kindle 8th gen
- Apple iPad mini 2
- Apple iPhone 6, 6S, 8, XR
- Apple MacBook Air Retina 13-inch 2018
- Google Nexus 5
- Google Nexus 6
- Google Nexus 6S
- Raspberry Pi 3
- Samsung Galaxy GT-I4 S9505
- Samsung Galaxy S8
- Xiaomi Redmi 3S
- Wireless routers ASUS RT-N12, Huawei B612S-25d, Huawei EchoLife HG8245H, Huawei E5577Cs-321
Source: opennet.ru