Modern gadgets are so complicated that it is easy for a hacker to find a flaw and exploit the users. Something similar has happened for existing Apple, Amazon and a bunch of few Android devices. A research group called Eset has figured out a new vulnerability for a Wi-Fi chip in some of the devices from these companies that can let hackers get hold of your data even if it's encrypted. This poses some grave security threats to users of these devices.
According to Eset's research, vulnerability is called Kr00k. It is said that this flaw plagues the FullMAC WLAN chips (basically the Wi-Fi chips) that were manufactured by Cypress and Broadcomm. These companies are known to supply Wi-Fi chips to major device manufacturers across the world, including Apple, Amazon, Huawei, and Asus.
In its explanation, Eset says, "ESET researchers discovered a previously unknown vulnerability in Wi-Fi chips and named it Kr00k. This serious flaw, assigned CVE-2019-15126, causes vulnerable devices to use an all-zero encryption key to encrypt part of the user's communication. In a successful attack, this allows an adversary to decrypt some wireless network packets transmitted by a vulnerable device."
The researchers also tested similar Wi-Fi chips from other chip manufacturers such as Qualcomm, MediaTek, RealTek and Ralink but they did not find any issues with these chips. Hence, the flaw is only limited to chips manufactured by Broadcom and Cypress.
The research paper lists the name of some of the devices that are affected by this flaw. These include:
Amazon Echo 2nd gen
Amazon Kindle 8th gen
Apple iPad Mini 2
Apple iPhone 6, 6S, 8, XR
Apple MacBook Air Retina 13-inch 2018
Asus RT-N12
Google Nexus 5
Google Nexus 6
Google Nexus 6S
Huawei B612S-25d
Huawei EchoLife HG8245H
Huawei E5577Cs-321
Raspberry Pi 3
Samsung Galaxy S4 GT-I9505
Samsung Galaxy S8
Xiaomi Redmi 3S
If you are worried about the security on these devices, then there's some comforting news from Apple and Amazon. Both these companies have already patched the flaw on their devices, which leaves the Android devices in this list left to be patched. Chances are that some of these devices may have been patched but there's no official confirmation from these manufacturers as of now.
No comments:
Post a Comment
Welcome To My Blog.