Kr00k
   HOME

TheInfoList



Click Here for Items Related To - Kr00k
OR:
Kr00k on:   [Wikipedia]   [Google]   [Amazon]

Kr00k (also written as KrØØk) is a security vulnerability that allows some
WPA2 Wi-Fi Protected Access (WPA) (Wireless Protected Access), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer n ...
encrypted WiFi traffic to be decrypted. The vulnerability was originally discovered by security company
ESET ESET, s.r.o., is a software company specializing in cybersecurity, founded in 1992 in Bratislava, Slovakia. ESET's security products are made in Europe and provides security software in over 200 countries and territories worldwide. Its softwa ...
in 2019 and assigned on August 17th, 2019. ESET estimates that this vulnerability affects over a billion devices.


Discovery

Kr00k was discovered by ESET Experimental Research and Detection Team, most prominently ESET security researcher Miloš Čermák. It was named Kr00k by Robert Lipovský and Štefan Svorenčík. It was discovered when trying variations of the
KRACK Krack or KRACK may refer to: * KRACK, an attack on the Wi-Fi Protected Access protocol * ''Krack'' (film), an Indian Telugu-language action film * Old style spelling of Kraks Forlag, a Danish publisher of maps Persons * Erhard Krack (1931–2 ...
attack. Initially found in chips made by
Broadcom Broadcom Inc. is an American multinational corporation, multinational designer, developer, manufacturer, and global supplier of a wide range of semiconductor and infrastructure software products. Broadcom's product offerings serve the data cen ...
and
Cypress Cypress is a common name for various coniferous trees or shrubs from the ''Cupressus'' genus of the '' Cupressaceae'' family, typically found in temperate climates and subtropical regions of Asia, Europe, and North America. The word ''cypress'' ...
, similar vulnerabilities have been found in other implementations, including those by
Qualcomm Qualcomm Incorporated () is an American multinational corporation headquartered in San Diego, California, and Delaware General Corporation Law, incorporated in Delaware. It creates semiconductors, software and services related to wireless techn ...
and
MediaTek MediaTek Inc. (), sometimes informally abbreviated as MTK, is a Taiwanese fabless semiconductor company that designs and manufactures a range of semiconductor products, providing chips for wireless communications, high-definition television, h ...
.


Patches

The vulnerability is known to be patched in: *
iOS Ios, Io or Nio (, ; ; locally Nios, Νιός) is a Greek island in the Cyclades group in the Aegean Sea. Ios is a hilly island with cliffs down to the sea on most sides. It is situated halfway between Naxos and Santorini. It is about long an ...
13.2 and
iPadOS iPadOS is a mobile operating system developed by Apple for its iPad line of tablet computers. It was given a name distinct from iOS, the operating system used by Apple's iPhones to reflect the diverging features of the two product lines, suc ...
13.2 - October 28th, 2019 *
macOS Catalina macOS Catalina (version 10.15) is the sixteenth software versioning, major release of macOS, Apple Inc.'s desktop operating system for Macintosh computers. It is the successor to macOS Mojave and was announced at WWDC 2019 on June 3, 2019 and ...
10.15.1, Security Update 2019–001, and Security Update 2019-006 - October 29th, 2019


Vulnerable devices

During their research, ESET confirmed over a dozen popular devices were vulnerable.
Cisco Cisco Systems, Inc. (using the trademark Cisco) is an American multinational digital communications technology conglomerate corporation headquartered in San Jose, California. Cisco develops, manufactures, and sells networking hardware, s ...
has found several of their devices to be vulnerable and are working on patches. They are tracking the issue with advisory id cisco-sa-20200226-wi-fi-info-disclosure. Known vulnerable devices include: *
Amazon Echo Amazon Echo, often shortened to Echo, is a brand of smart speakers developed by Amazon (company), Amazon. Echo devices connect to the voice-controlled Virtual assistant, intelligent personal assistant service. ''Amazon Alexa, Alexa'', which resp ...
2nd gen *
Amazon Kindle Amazon Kindle is a series of e-readers designed and marketed by Amazon. Amazon Kindle devices enable users to browse, buy, download, and read e-books, newspapers, magazines, Audible audiobooks, and other digital media via wireless networking ...
8th gen * Apple iPad mini 2 * Apple iPhone 6, 6S, 8, XR * Apple MacBook Air Retina 13-inch 2018 *
Asus ASUSTeK Computer Inc. (, , , ; stylized as ASUSTeK or ASUS) is a Taiwanese Multinational corporation, multinational computer, phone hardware and electronics manufacturer headquartered in Beitou District, Taipei, Taiwan. Its products include deskto ...
wireless routers (RT-AC1200G+, RT-AC68U), but fixed in firmware Version 3.0.0.4.382.5161220 during March 2020 * Google Nexus 5 * Google Nexus 6 *
Google Nexus 6P Nexus 6P (codenamed ''Angler'') is an Android smartphone developed and marketed by Google and manufactured by Huawei. It succeeded the Nexus 6 as the flagship device of the Nexus line of Android devices by Google and was the final Nexus befor ...
* Raspberry Pi 3 *
Samsung Galaxy S4 The Samsung Galaxy S4 is an Android smartphone produced by Samsung Electronics as the fourth smartphone of the Samsung Galaxy S series and was first shown publicly on March 14, 2013, at Samsung Mobile Unpacked in New York City. It is the succes ...
(GT-I9505) *
Samsung Galaxy S8 The Samsung Galaxy S8 and Samsung Galaxy S8+ are Android smartphones produced by Samsung Electronics as the eighth generation of the Samsung Galaxy S series. The S8 and S8+ were unveiled on 29 March 2017 and directly succeeded the Samsung Gala ...
* Xiaomi Redmi 3S


References

{{Hacking in the 2010s Computer security exploits Hardware bugs Wi-Fi Computer-related introductions in 2019 Telecommunications-related introductions in 2019