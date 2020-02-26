Stories
Slash Boxes
Comments

SoylentNews is people

Flaw in Billions of Wi-Fi Devices Left Communications Open to Eavesdropping

posted by Fnord666 on Friday February 28, @04:48AM   Printer-friendly
from the "encrypted" dept.
Security

Freeman writes:

https://arstechnica.com/information-technology/2020/02/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng/

Billions of devices—many of them already patched—are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference.
[...]
Eset researchers wrote in a research paper published on Wednesday. "The attack surface is greatly increased, since an adversary can decrypt data that was transmitted by a vulnerable access point to a specific client (which may or may not be vulnerable itself)."
[...]
Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If either the end-user device or the access point is vulnerable, it will put any unsent data frames into a transmit buffer and then send them over the air. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.
[...]
Eset researchers determined that a variety of devices are vulnerable, including:

  • Amazon Echo 2nd gen
  • Amazon Kindle 8th gen
  • Apple iPad mini 2
  • Apple iPhone 6, 6S, 8, XR
  • Apple MacBook Air Retina 13-inch 2018
  • Google Nexus 5
  • Google Nexus 6
  • Google Nexus 6S
  • Raspberry Pi 3
  • Samsung Galaxy S4 GT-I9505
  • Samsung Galaxy S8
  • Xiaomi Redmi 3S

The researchers also found that the following wireless routers are vulnerable:

  • Asus RT-N12
  • Huawei B612S-25d
  • Huawei EchoLife HG8245H
  • Huawei E5577Cs-321

An Apple spokesman said the vulnerabilities were patched last October with details for macOS here and for iOS and iPadOS here.
[...]
While the vulnerability is interesting and users should make sure their devices are patched quickly—if they aren't already—there are a few things that minimize the real-world threat posed.
[...]
Despite the limited threat posed, readers should ensure their devices have received updates issued by the manufacturers. This advice is most important for users of vulnerable Wi-Fi routers, since routers are often hard to patch and because vulnerable routers leave communications open to interception even when client devices are unaffected or are already patched.

Original Submission


«  Eat Less, Live Longer: Caloric Restriction in Rats Prevented Negative Effects of Aging in Cells
Flaw in Billions of Wi-Fi Devices Left Communications Open to Eavesdropping | Log In/Create an Account | Top | 1 comments | Search Discussion
Display Options Threshold/Breakthrough Reply to Article Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 2) by aristarchus on Friday February 28, @05:18AM

    by aristarchus (2645) Subscriber Badge on Friday February 28, @05:18AM (#963970) Journal

    A flaw in Billions of devices is not a flaw, it is a feature. I mean this quite literally. The only question is, who is it a feature for? Not the consumer, obviously.

    --
    aristarchus's Latest 24 of 7777 Comments
(1)