Security hole left billions of mobiles and computers open for eavesdropping

Security hole left billions of mobiles and computers open for eavesdropping

Billions of devices, from computers and mobiles to routers and tablets, are affected by a WiFi vulnerability that allows attackers to decrypt sensitive data easily.

Data generated by connected gadgets outside the companies has increased by a breathtaking 1500 percent in less than a year. At the same time, the threats to the units are increasing.

The security hole was revealed by researchers during RSA’s security conference yesterday, writes the technology site Ars Technica.

The vulnerability is found in WiFi chips manufactured by Cypress Semiconductor and Broadcom. The latter manufacturer’s WiFi business was acquired by Cypress 2016.

Affected devices include iPhone, Ipad, Mac, Amazon Echo, and Kindle, Android mobiles such as Google Pixel and Samsung Galaxy, Raspberry Pi 3, and WiFi routers from Asus and Huawei.

The company that discovered the defect, Eset, has named the vulnerability to Kr00k.

Manufacturers have made patches available to almost all affected devices, but it is not clear how many devices the patches have been installed on.

Kr00k exploits a weakness that arises when wireless devices are disconnected from a wireless access point. If either the end-user device or the access point is vulnerable, unsent data will end up in a buffer and then sent away. But instead of encrypting it with the real key, vulnerable devices use a key that consists only of zeros, which makes it easy to decrypt WPA2-encrypted traffic.

Eset has also published a whitepaper (pdf) about the discovery.

 

READ MORE: Here are the most dangerous app stores on the web

Microsoft has fixed a serious security hole in Windows 10 and is now urging all users to update their computers. The bug was first discovered by NSA, which has previously kept such information secret for use in its own IT attacks.

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on whatsapp
Share on pinterest
Share on reddit
Tags: No tags

Add a Comment

Your email address will not be published. Required fields are marked *