Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

IoT Security

Qualcomm, MediaTek Wi-Fi Chips Vulnerable to Kr00k-Like Attacks

The Kr00k vulnerability disclosed earlier this has only been found to impact devices using Wi-Fi chips from Broadcom and Cypress, but researchers revealed this week that similar flaws have been discovered in chips made by Qualcomm and MediaTek.

The Kr00k vulnerability disclosed earlier this has only been found to impact devices using Wi-Fi chips from Broadcom and Cypress, but researchers revealed this week that similar flaws have been discovered in chips made by Qualcomm and MediaTek.

Cybersecurity firm ESET reported in February that billions of Wi-Fi-capable devices may have been at one point affected by a vulnerability that could have been exploited to obtain sensitive information from wireless communications.

The security hole, named Kr00k and tracked as CVE-2019-15126, caused affected devices to use an all-zero encryption key to encrypt some of a user’s communications. This enabled a malicious actor to decrypt some of the packets transmitted by these devices.New Kr00k vulnerabilities found

Kr00k attacks can be launched when a disassociation occurs. That is when a device is disconnected from a wireless network due to switching access points, signal interference, or when the Wi-Fi feature is disabled. When the device is reassociated, due to the vulnerability, a nearby attacker can capture several kilobytes of potentially sensitive data and decrypt it. In order to increase their chances of success, an attacker could manually trigger disassociations and reassociations.

Broadcom and Cypress released patches after being notified by ESET. Impacted products included laptops, tablets, smartphones, routers and IoT devices made by Amazon, Google, Apple, Samsung, Xiaomi, Huawei, Raspberry Pi Foundation, and Asus.

While Wi-Fi chips from Qualcomm, Ralink, Realtek and MediaTek are not vulnerable to Kr00k attacks, ESET researchers discovered that they are affected by similar flaws.

In the case of Qualcomm — the vulnerability is tracked as CVE-2020-3702 — an attacker can obtain sensitive data after triggering a disassociation, but the difference is that the captured data is not encrypted at all, unlike in the case of Kr00k, where an all-zero key is used for encryption.

“The devices we tested and found to have been vulnerable are the D-Link DCH-G020 Smart Home Hub and the Turris Omnia wireless router. Of course, any other unpatched devices using the vulnerable Qualcomm chipsets will also be vulnerable,” ESET said.

Qualcomm released a patch for its proprietary driver in July, but some devices use open source Linux drivers and it’s not clear if those will be patched as well.

Advertisement. Scroll to continue reading.

“Providing technologies that support robust security and privacy is a priority for Qualcomm. We commend the security researchers from ESET for using industry-standard coordinated disclosure practices. Qualcomm has already made mitigations available to OEMs in May 2020, and we encourage end users to update their devices as patches have become available from OEMs,” a Qualcomm spokesperson told SecurityWeek.

MediaTek Wi-Fi chips have also been found to use no encryption at all. These chips are used in Asus routers and even in the Microsoft Azure Sphere development kit.

“Azure Sphere uses MediaTek’s MT3620 microcontroller and targets a wide range of IoT applications, including smart home, commercial, industrial and many other domains,” ESET explained.

MediaTek released fixes in March and April, while the Azure Sphere OS was patched in July.

Since several proof-of-concept (PoC) exploits have already been released for the Kr00k attack, ESET has now decided to release a script that tells users if a device is vulnerable to Kr00k or the newer attack variants.

*updated with statement from Qualcomm

Related: Cisco to Release Updates for Wireless Products Affected by Kr00k Vulnerability

Related: Wi-Fi Flaws Expose iPhone, Nexus Phones to Attacks

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.