Thu. Apr 2nd, 2020

CVE-2019-15126: Serious vulnerability in Wifi encryption

1 min read

Wi-Fi chips manufactured by Cypress and Broadcom exist serious security vulnerabilities (CVE-2019-15126), making billions of devices around the world very vulnerable to hackers, allowing attackers to decrypt the airborne transmissions around him and take sensitive data. This vulnerability is called Kr00k.

The vulnerability was made public during the RSA Security Conference that opened today. For Apple users, this issue has been resolved in the iOS 13.2 and macOS 10.15.1 updates released in late October last year. The security company ESET detailed this vulnerability at the RSA conference. Hackers can use a vulnerability called Kr00k to interrupt and decrypt WiFi network traffic. The vulnerability exists in Cypress and Broadcom Wi-Fi chip, which is to have a high global market share, from laptops to smartphones.

Among them are Amazon Echo and Kindle, Apple ‘s iPhone and iPad, Google’s Pixel, Samsung ‘s Galaxy series, Raspberry Pi, Xiaomi, Asus, Huawei, and other brand products are used. A conservative estimate is that one billion devices worldwide are affected by the vulnerability.

After the hacker successfully exploits this vulnerability, he could intercept and analyze the wireless network data packets sent by the device. “The vulnerability affects both WPA2-Personal and WPA2-Enterprise protocols, with AES-CCMP
encryption.”