Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security Wireless Networking

Flaw in Billions of Wi-Fi Devices Left Communications Open To Eavesdropping (arstechnica.com) 33

Posted by msmash from the security-woes dept.
Billions of devices -- many of them already patched -- are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference. From a report: The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, Raspberry Pi 3's, and Wi-Fi routers from Asus and Huawei. Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cyperess' and Broadcom's FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126.

Manufacturers have made patches available for most or all of the affected devices, but it's not clear how many devices have installed the patches. Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely. "This results in scenarios where client devices that are unaffected (either patched or using different Wi-Fi chips not vulnerable to Kr00k) can be connected to an access point (often times beyond an individual's control) that is vulnerable," Eset researchers wrote in a research paper published on Wednesday. "The attack surface is greatly increased, since an adversary can decrypt data that was transmitted by a vulnerable access point to a specific client (which may or may not be vulnerable itself)."
This discussion has been archived. No new comments can be posted.

Flaw in Billions of Wi-Fi Devices Left Communications Open To Eavesdropping More

Flaw in Billions of Wi-Fi Devices Left Communications Open To Eavesdropping

Comments Filter:

  • just replaced all my Broadcom based routers last month.. Lucky me!

    • You had one in the first place?

      I stay as far away from them as possible because they are usually very difficult for OpenWRT. UI have used only Qualcomm/Atheros for the last decade and I am not about to change that policy. Doubly so - afer looking at how ridiculously trivial this exploit is.

  • Who uses WiFi without end-to-end encryption? (Score:3, Insightful)

    by gweihir ( 88907 ) on Wednesday February 26, 2020 @11:53AM (#59769040)

    Seriously, as long as an attacker can only listen in, this is not a problem for anybody that uses sound practices.

    • Re: (Score:3, Funny)

      by ElectronicSpider ( 6381110 )
      Read again.
    • What? “As long as a hacker can only listen in . . .” The first sentence of this article clearly says that a WiFi vulnerability allows hackers to “decrypt data over the air”.

      • Re:Who uses WiFi without end-to-end encryption? (Score:4, Informative)

        by Zaraday ( 6285110 ) on Wednesday February 26, 2020 @12:33PM (#59769244)
        I would assume that means they can decrypt the WPA layer. If you're using something like ssh or HTTPS, that encryption will still be intact.
        • Yes but the attacker can sniff all of that without leaving a mark in the logs, he doesn't have to join the network to be listening, once enough data is gathered, the attacker can take whatever got caught in the trawl net to decrypt comfortably at home.

          • Re: (Score:3)

            by gweihir ( 88907 )

            Nope. If you use sound end-to-end encryption, the attacker can decrypt exactly nothing.

            • “If you use sound end-to-end encryption, the attacker can decrypt exactly nothing as long as there are no vulnerabilities” FTFY. Even the best maintained libraries like OpenSSL has had vulnerabilities.

              • Re: (Score:2)

                by gweihir ( 88907 )

                That is why I wrote "sound". Incidentally, if your end-to-end encryption is unsound, then having some links encrypted on top will not really save your day...

        • Re: (Score:3)

          by Jahta ( 1141213 )

          I would assume that means they can decrypt the WPA layer. If you're using something like ssh or HTTPS, that encryption will still be intact.

          You are correct. From TFA:

          "While the vulnerability is interesting and users should make sure their devices are patched quickly—if they aren’t already—there are a few things that minimize the real-world threat posed. For one thing, most sensitive communications in 2020 are already encrypted, usually with the transport layer security protocol or by other methods."

        • For E2EE systems the key exchange [wikipedia.org] can be vulnerable:

          Diffie–Hellman is used to secure a variety of Internet services. However, research published in October 2015 suggests that the parameters in use for many DH Internet applications at that time are not strong enough to prevent compromise by very well-funded attackers, such as the security services of large government.

          It would add an extra layer of security if attackers could not eavesdrop so the key exchange would be more secure..

          • Re: (Score:2)

            by gweihir ( 88907 )

            If a passive listener can break your key-exchange, you have lost. Putting some additional weak encryption of top is not helping this.

      • Re: (Score:3)

        by hawguy ( 1600213 )

        What? “As long as a hacker can only listen in . . .” The first sentence of this article clearly says that a WiFi vulnerability allows hackers to “decrypt data over the air”.

        All of the communication I care about is encrypted, so I don't care much if the attacker can listen in (unless he's also broken SSL). It's more worrying if he can modify data, then there are lots of attacks he can to to try to trick my device into downgrading to using unencrypted data.

        • If your connection is secured in addition to your traffic, that’s multiple layers of security. Hackers would have to find a way to listen to your traffic and break the traffic encryption. There have been instances where things like SSL have had a vulnerability.
      • Not only that but they canâ(TM)t choose which data to decrypt, they only get whatever is in the buffer after someone disconnects from wifi.... What they get doesnâ(TM)t help then decrypt any of the normal traffic either.

      • Re: (Score:2)

        by gweihir ( 88907 )

        That is the link-encryption, not end-to-end encryption.

    • I actually agree based on the summary alone. However, if the attacker can also encrypt frames (requires truly recovering the negotiated keys), then there's a much more serious problem.

      • Re: (Score:2)

        by skids ( 119237 )

        They can't. All they can do is get a few Kb of data that the chipset failed to clear out of the
        tx buffer after clearing the crypto key for a device that was leaving the AP. So if they want
        any appreciable amount of content they have to cause a lot of disassociations using forged
        control packets, which would cause the user to experience crummy WiFi performance. Not
        that that stops WiFi hackers since forcing lots of disconnects is part of the method used
        to compromise WPA2-personal.

  • So their modems send out packets they are not meant to every time there is a disconnection, and they encrypt them with null key... And yet they never locked this up in testing. They never captured all information transmitted on the air during start to end use of a client session. Never bothered to check what was transmitted and verify it was encrypted. Nothing. This company is downright incompetent, and this type of flaw proves they donâ(TM)t actually do any end to end testing or checking of securit
  • CVE-2019-15126 Was created in August 2019. Why is it coming out just now ??
  • You send something over the wifi. A few packets are queued in a buffer on the wifi card. While the card is still transmitting the data, the attacker sends a (forged) deauth management frame to your card, signalling that it got disconnected from the AP (or vice versa that the client disconnected if the attack is carried out against an access point). The card then clears the keys which belonged to that session, but erroneously keeps transmitting the data in its internal buffer. This data is encrypted with the

Slashdot Top Deals

You can tell how far we have to go, when FORTRAN is the language of supercomputers. -- Steven Feiner

Close