Skip to main content

Billions of Wi-Fi devices left open via security flaw

(Image credit: Mediacom)

Security researchers from Eset have claimed “billions of devices” - including some from the world’s largest hardware manufacturers - were vulnerable to a Wi-Fi exploit (opens in new tab) that allowed hackers to decrypt sensitive data.

The vulnerability, labelled CVE-2019-15126, is colloquially referred to as Kr00k.

Researchers say chips made by Cypress Semiconductor and Broadcom are among those vulnerable to attack. Companies that use these chips in their products include Apple, Amazon, Huawei, Asus and Raspberry, to name just a few.

Hardware makers have all released patches for the vulnerability, but Eset says it's likely not all devices have been patched by users. This is especially the case with routers, which are rarely ever patched.

“This results in scenarios where client devices that are unaffected (either patched or using different Wi-Fi chips (opens in new tab) not vulnerable to Kr00k) can be connected to an access point (often times beyond an individual’s control) that is vulnerable,” said a paper published by Eset researchers.

“The attack surface is greatly increased, since an adversary can decrypt data that was transmitted by a vulnerable access point to a specific client (which may or may not be vulnerable itself).”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.