Last week ESET security researchers published a white paper on a new WiFi Encryption Vulnerability. The Vulnerability is related to KRACK (Key Reinstallation Attacks) discovered in 2017, but is fundamentally different. KrØØk affects both WPA2-Personal and WPA2-Enterprise protocols, with AES-CCMP encryption.
KrØØk is a vulnerability that affected billions of devices. Potentially causing the leak of sensitive data and opening a new attack vector for black-hats.
The Affected devices total over one billion. Additionally, Many other Vendors Use the Chipsets in question in their devices. It has also been confirmed that some wireless routers by ASUS and Huawei were vulnerable to KrØØk.
Among the known Vendors using vulnerable chipsets are; Amazon, Apple, Google, Raspberry and Samsung. The current document by ESET only lists tested devices, but the number of vulnerable ones could be many more.
ESET advises they have responsibly disclosed the KrØØk Vulnerability to Vendors. The Vendors subsequently released updates during an extended disclosure period. Major manufacturers have released patches for their vulnerable devices.
All Users of WiFi Capable devices are advised to update the drivers of their Wireless Adaptors.
KrØØk Affected devices should have received patches for the vulnerability by the time of publication. Depending on the device type, this might only mean ensuring the latest OS or software updates are installed on your Android, Apple or Windows Device. But May require a Firmware Update on devices like Access points, Routers, and some IOT devices.
if you or you Business needs assistance with Updating or installing Firmware patches. Feel free to call Techbug on 1300 655 121, and we can assist you with any security concerns.