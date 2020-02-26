Billions of devices—many of them already patched—are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference.

[...]

Eset researchers wrote in a research paper published on Wednesday. "The attack surface is greatly increased, since an adversary can decrypt data that was transmitted by a vulnerable access point to a specific client (which may or may not be vulnerable itself)."

[...]

Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If either the end-user device or the access point is vulnerable, it will put any unsent data frames into a transmit buffer and then send them over the air. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.

[...]

Eset researchers determined that a variety of devices are vulnerable, including:

Amazon Echo 2nd gen

Amazon Kindle 8th gen

Apple iPad mini 2

Apple iPhone 6, 6S, 8, XR

Apple MacBook Air Retina 13-inch 2018

Google Nexus 5

Google Nexus 6

Google Nexus 6S

Raspberry Pi 3

Samsung Galaxy S4 GT-I9505

Samsung Galaxy S8

Xiaomi Redmi 3S

The researchers also found that the following wireless routers are vulnerable:

Asus RT-N12

Huawei B612S-25d

Huawei EchoLife HG8245H

Huawei E5577Cs-321

An Apple spokesman said the vulnerabilities were patched last October with details for macOS here and for iOS and iPadOS here.

[...]

While the vulnerability is interesting and users should make sure their devices are patched quickly—if they aren't already—there are a few things that minimize the real-world threat posed.

[...]

Despite the limited threat posed, readers should ensure their devices have received updates issued by the manufacturers. This advice is most important for users of vulnerable Wi-Fi routers, since routers are often hard to patch and because vulnerable routers leave communications open to interception even when client devices are unaffected or are already patched.