Wi-Fi Hardware Flaw Exposed Billions of Devices

A vulnerability in Wi-Fi hardware left mobile devices and data exposed

Why This Matters

The flaw, dubbed Kr00k, is part of Wi-Fi chips in untold numbers of major mobile devices, ones you probably own. Most companies, including Apple, have already updated their OSs to patch the flaw, but if you have not updated to the latest OS on all your devices, your data could be at risk.

 Getty Images

Researchers discovered a nasty Wi-Fi modem flaw, called “Kr00K,” that, if your device loses connection to, say, your local Starbucks Wi-Fi router, could, by reducing the encryption for that bit that gets retransmitted again on reconnect to an easily hackable code, open up a tiny bit of your data to hackers. If they bump you off the network often enough, hackers could compile all those bits into fuller data details about you.

The big picture: According to a report in Tom’s Guide, researchers from ESET, a security software company, revealed their findings at this week’s RSA Conference in San Francisco, doing so only after they’d given Wi-Fi modem manufacturers and software companies ample time to patch and combat the flaw.

By the Numbers

Number of mobile devices in the world: 3.5 billion

Number of public Wi-Fi and hot spots in the world: 454 million

So I’m fine, right? Not exactly. It’s not clear if all manufacturers have patched their platforms and devices. Apple appears to have done so. Amazon may need to patch Echos and Kindle devices, Samsung, its Galaxy devices, Google, its Nexus phones, and even the tiny Raspberry Pi system boards. In addition, consumers must install the latest software and firmware patches to ensure they’re still not vulnerable to Kr00K.

Maybe We Can Relax. The big caveat here is that for hackers to enable Kr00K they still need access to the Wi-Fi router used to connect all the mobile devices. This means attacks in your home are unlikely, but connecting to in-the-wild routers at local retailers and coffee houses might be another story.

Bottom line: Update your stuff.

Via: Tom's Guide

 Become and Expert in Security