It seems like every other day, we get news of the discovery of another security vulnerability that affects a lot of our devices. Yesterday, a report published by ESET Research explains the discovery of Kr00k vulnerability that allows an attacker to decrypt wireless network packets.
The kr00k vulnerability was discovered when ESET researchers were studying into the Key Reinstallation Attacks (KRACK) on Amazon Echo devices. It causes the vulnerable devices to use an all-zero encryption key to encrypt part of the user’s communication. This makes it possible for attackers to decrypt packets of information that are being transmitted over the network.
It affects all devices with Broadcom and Cypress Wi-Fi chips which estimates to more than a billion WiFi-enabled devices. Some the manufactures that were confirmed to be affected by the Kr00k vulnerability is Amazon with their Echo and Kindle, Apple with their iPhone, iPad and MacBook, Google on the Nexus devices, Samsung with their Galaxy devices, Raspberry Pi 3 and Xiaomi with their Redmi devices. Broadcom and Cypress have since released patches to fix the vulnerability which have been by most major manufacturers.