A new vulnerability that goes by the name of "kr00k" poses a risk to billions of network devices. A form of man-in-the-middle attack can be used to intercept parts of network packets.

 

Network devices all over the world are at risk

A new vulnerability has detected that can hit billions of network devices. The vulnerability has coverage CVE-2019-15126 and also goes by the name 'Kr00k'. Devices that have wireless network cards manufactured by Broadcom and Cypress are at risk of being hit.

The 'Kr00k' vulnerability is a form of man-in-the-middle attack, where an attacker can intercept apparently secure data transfer between the victim's device and router. In this case, the attacker exploits how vulnerable network devices act when they are disconnected from a connection to a network.

The victim's device clears the session key and sets it to zero when disconnected from the network, but happens to send the rest of the data frame with 0 as the encryption key. A data frame is a form of data device used when a network device converts application data to the format of the network medium, or vice versa.

If the attacker is physically close to the victim's unit, parts of random data packets can be intercepted. By forcing the victim's unit to repeatedly disconnect from the network, several data packets can be intercepted. Worth noting is that all data that is encrypted by applications and its protocols (such as HTTPS in the browser) cannot be read by an attacker. The vulnerability lies in the network ships' way of sending data and not in the protocols themselves. This type of vulnerability is normally detected by penetration tests offered by, for example Cypro.se.

 

Manufacturers send out patches - and WPA3 is safe

Some manufacturers have started shipping patch for vulnerable products. One of these, Cisco, which sells almost exclusively products and services in the network industry. Another way to protect against 'kr00k' is to use newer network equipment that supports WPA3 encryption, instead of WPA2 which has deficiencies and can in this case be used by 'kr00k'.

Recently reported several businesses in Sweden and the world were affected by a phishing e-mail campaign. These companies risked having Trojans installed on their computers by opening insecure files that had been attached to these emails. How secure is the data transfer in your infrastructure?

CYPRO offers several different security solutions. click here to book a free consultation.

 

By Ludwig Wideskär, CYPRO

SwedishEnglish