ESET Warns of "Kr00k" Vulnerability in Over a Billion Common Broadcom, Cypress Wi-Fi Chips

Researchers from security firm ESET have released details of a security flaw, dubbed "Kr00k," in common Broadcom and Cypress Wi-Fi chips, including those used in a wide variety of smart home and other Internet of Things (IoT) products.

"Kr00k manifests itself after Wi-Fi disassociations – which can happen naturally, for example due to a weak Wi-Fi signal, or may be manually triggered by an attacker. If an attack is successful, several kilobytes of potentially sensitive information can be exposed," says Miloš Čermák, the lead ESET researcher on the team which discovered the Kr00k vulnerability. "By repeatedly triggering disassociations, the attacker can capture a number of network packets with potentially sensitive data."

The affected Broadcom and Cypress FullMac Wi-Fi chips are, unfortunately, some of the most common around, used not only in consumer devices like smartphones and tablets but in embedded and infrastructure systems including routers and smart home assistants — including Amazon's Echo. ESET places its estimate at around a billion affected devices worldwide — and while patches were developed prior to the publication of the flaw, many vulnerable systems are likely to remain in use.

"To protect yourself, as a user, make sure you have updated all your Wi-Fi capable devices, including phones, tablets, laptops, IoT smart devices, and Wi-Fi access points and routers, to the latest firmware version," advises ESET's Robert Lipovský.

"Of great concern is that not only client devices, but also Wi-Fi access points and routers that have been affected by Kr00k. This greatly increases the attack surface, as an adversary can decrypt data that was transmitted by a vulnerable access point, which is often beyond your control, to your device, which doesn’t have to be vulnerable."

More information on Kr00k, including a link to the detailed research paper, can be found on ESET's website.