Billions of WiFi Devices Vulnerable to Kr00k Security Flaw
Researchers at ESET, a Slovak internet security company, recently discovered and disclosed a security flaw affecting billions of WiFi routers and WiFi-capable devices. The security flaw, named Kr00k, is found in the most common WiFi chips used in smartphones, laptops, routers, and more. Here’s everything you need to know about Kr00k and how you can protect your devices from hackers.
What is the Kr00K Security Flaw?
The Kr00k security flaw is a bug that makes it easy for hackers to steal your data through your WiFi connection. They can do this via your router or any device that connects to the internet using WiFi, such as your smartphone, tablet, or laptop.
Hackers can use the Kr00k vulnerability to steal your data when your WiFi network gets temporarily disconnected. This is called “WiFi disassociation,” and it can happen naturally throughout the day due to a weak signal. However, WiFi disassociation can also be triggered manually by hackers.
When your WiFi gets disconnected, data from your phone or computer will be unsent as it searches for a new WiFi network. If your device has the Kr00k vulnerability, hackers within range will be able to steal any unsent data. They can steal your passwords, information on websites you visit regularly, and other sensitive personal details.
What Devices are Vulnerable?
According to ESET, only WiFi chips created by Broadcom and Cypress display this security vulnerability. WiFi chips made by Qualcomm, Realtek, Mediatek, and others remain safe from Kr00k. The problem is that Broadcom and Cypress WiFi chips are found in billions of devices, ranging from routers, tablets, laptops, smartphones, and more.
Here are some of the WiFi routers that are vulnerable:
Huawei EchoLife HG8245H
And the Huawei E5577Cs-321
Other devices that have also been found to have the Kr00k vulnerability are:
Amazon Echo 2nd gen
Amazon Kindle 8th gen
Apple iPad mini 2
Apple MacBook Air Retina 13-inch 2018
iPhone 6, 6S, 8, XR
Google Nexus 5, 6, 6S
Raspberry Pi 3
Samsung Galaxy S4 GT-I9505
Samsung Galaxy S8
Xiaomi Redmi 3S
ESET clarifies that they have not been able to test every device that uses a Broadcom or Cypress WiFi chip. There could also be other WiFi chips that are vulnerable that have not been tested yet.
How to Protect Yourself from the Kr00k Vulnerability?
Several manufacturers have created patches for this security flaw by now. Apple has stated that they fixed this vulnerability for macOS and iOS devices in an update that was released in October. However, your devices will only be safe after you install that update.
Amazon has also released the following statement regarding the Kr00k security flaws on their Echo and Kindle products:
“Customer trust is important to us and we take the security of our devices seriously. The Echo and Kindle devices detailed in this research have received automatic security updates over the Internet addressing this issue,” Amazon officials said in a statement, according to ARS Technica.
If you want to protect your devices from the Kr00k vulnerabilities, make sure that your WiFi-capable devices are updated with the latest versions of their firmware. This includes your smartphones, tablets, smart home products, laptops, and other devices, even those that are not in the list above.
The patches or fixes that manufacturers have made to address Kr00k are found in these updated firmware versions. Even more important, however, is to update your WiFi router. Even if your devices are secure, a vulnerable WiFi router still leaves your data vulnerable to hackers.