Cybersecurity News in Asia

Features
- Featured
  
  What businesses need to know about SEO poisoning
  
  Tuesday, April 16, 2024, 4:55 PM Asia/Singapore | Features
- Featured
  
  Immutable data critical to AI projects and cyber resilience
  
  Thursday, April 11, 2024, 11:46 AM Asia/Singapore | Data Protection, Features
- Featured
  
  Preparing for the benefits and risks of quantum computing: Leap or Lag?
  
  Monday, March 18, 2024, 2:55 PM Asia/Singapore | Features
News
- Featured
  
  More RATs discovered in official Android app store
  
  Friday, April 19, 2024, 5:20 PM Asia/Singapore | News, Newsletter
- Featured
  
  When GenAI chatbots start pretending to be stupid to gain human trust…
  
  Friday, April 19, 2024, 10:06 AM Asia/Singapore | News, Newsletter
- Featured
  
  Real estate logistics provider GLP steps up to zero trust architecture
  
  Friday, April 19, 2024, 10:01 AM Asia/Singapore | Case Study, News
Opinions
Tips
Whitepapers
Awards 2023
Directory
E-Learning

News

How the KrØØk breached Wi-Fi networks without even hacking passwords

By CybersecAsia editors and webmaster webmaster | Friday, October 2, 2020, 6:05 PM Asia/Singapore

This and other powerful information are at Black Hat Asia 2020 and it is not too late to tune in …

Today, at the Black Hat Asia 2020 and WeLiveSecurity virtual event, researchers Robert Lipovský and Štefan Svorenčík from ESET will unveil their hard work researching “How KRACKing Amazon Echo Exposed a Billion+ Vulnerable Wi-Fi Devices” and the KrØØk debacle.

The presentation about KrØØk by Robert Lipovský and Štefan Svorenčík includes technical details and a live demonstration of their recent discovery of the security weakness in chipsets used by a significant number of Wi-Fi capable devices. The two researchers also elaborate on the potential impact of these vulnerabilities, along with the limitations of exploiting them.

What is KrØØk?

This foreign-looking name refers to a vulnerability originally discovered in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic. The chipset-level, all-zero-key vulnerability has been assigned CVE-2019-15126.

Exploiting KrØØk allows adversaries to intercept and decrypt (potentially sensitive) data, but with a significant advantage for the attackers: While they need to be in range of the Wi-Fi signal, they do not need to be authenticated and associated with the WLAN. In other words, the attackers do not need to know the Wi-Fi password!

Research had started with the discovery that some versions of the popular Amazon Echo and Kindle devices were vulnerable to Key Reinstallation Attacks (KRACK). Looking into the all-zero encryption key modification of KRACK, further vulnerable devices were discovered, reported and patched by the vendor. But the most significant finding was that the crux is in the hardware: the Wi-Fi chipsets themselves. Hence, the issue affects a much wider range of devices.

The two ESET researchers’ KrØØk findings were first presented at the virtualized RSA Conference 2020 in February. After publication, the vulnerability was brought to the attention of many more chipset and device manufacturers. Some manufacturers have since discovered their products to be vulnerable and have deployed patches.

Interested readers who have not already done so are urged to register for the event to find out this and other career-enhancing factoids.

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Secure Access Service Edge (SASE) Solutions for Today’s Work-From-Anywhere (WFA) Environment
Organizations are turning to Secure Access Service Edge (SASE) solutions for securing remote work environments, …Download Whitepaper
Identity Has Breached the Ecosystem
This whitepaper explores the dual nature of identity in cybersecurity, emphasizing its role in both …Download Whitepaper
Fortanix Buyers Guide for Modern Key Management and Data Security
This document underscores the pressing challenges in key management and data securityDownload Whitepaper
Fortanix Data Risk Management – Using Tokenization to Secure Your Data
In today's digital world, organizations prioritize data security. To protect sensitive information, they use tokenization, …Download Whitepaper

Middle-sidebar-banner

Case Studies

Real estate logistics provider GLP steps up to zero trust architecture
With its physical and digital footprint growing, the global firm’s outdated legacy security stack has …Read more
Identity security woes now a thing of the past for Heng Leong Hang
The retail chain was grappling with numerous cyber risks in its IT infrastructure until it …Read more
Indonesia’s cyber defense agency tackles Defender’s Dilemma with new initiatives
The country’s public sector will benefit from three pillars of training, intelligence and capacity-building schemes …Read more
SingAREN showcases what a national research community needs for cyber protection
With threat actors thirsting to steal international research data, what kind of cybersecurity platform can satisfy …Read more

Cybersecurity News in Asia

Featured

What businesses need to know about SEO poisoning

Featured

Immutable data critical to AI projects and cyber resilience

Featured

Preparing for the benefits and risks of quantum computing: Leap or Lag?

Featured

More RATs discovered in official Android app store

Featured

When GenAI chatbots start pretending to be stupid to gain human trust…

Featured

Real estate logistics provider GLP steps up to zero trust architecture

How the KrØØk breached Wi-Fi networks without even hacking passwords

What is KrØØk?

Related Posts

Leave a reply Cancel reply

Voters-draw/RCA-Sponsors

CybersecAsia Voting Placement

Gamification listing or Participate Now

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

Middle-sidebar-banner

Case Studies

Bottom sidebar