Kr00k: Serious vulnerability affected encryption of billion+ Wi-Fi devices presented at CODEBLUE2020 2020

by Robert Lipovsky,

Summary : We identified Kr00k (CVE-2019-15126) – a previously unknown vulnerability in chips used by a significant number of Wi-Fi capable devices. Specifically, we discovered that Wi-Fi chips by Broadcom and Cypress – and possibly other manufacturers – were vulnerable to encrypting packets in a WPA2-protected network with an all-zero encryption key. In a successful attack, this allowed an adversary to decrypt some wireless network packets. The number of affected devices was likely over a billion as the vulnerable chips are used in devices by Apple, Samsung, Google, Amazon, and many others.The presentation will include technical details and a demonstration, where we will show how we were able to trigger Wi-Fi reassociations on the targeted device, force setting the all-zero encryption key and decrypt intercepted packets.We will also discuss the potential impact of these vulnerabilities, along with the limitations of exploiting them.This new research follows our earlier discovery that some versions of the popular Amazon Echo and Kindle devices were vulnerable to Key Reinstallation Attacks (KRACK), which were discovered by Mathy Vanhoef in 2017. We will explain how Kr00k is related to the previously known research – and how it differs.Finally, we will discuss our most recently discovered Wi-Fi encryption vulnerabilities affecting other chip manufacturers, including Qualcomm (CVE-2020-3702).The talk will conclude with takeaways: ensure that your devices are patched – and for tech-savvy users, test them using our proof-of-concept testing script.