Inspecting — KrØØk Vulnerability

How does Wi-Fi Work?

I want to focus on how WiFi work, as this would be the prerequisite to understanding why Kr00k is so vulnerable. The moment you connect to a wireless network, a bunch of requests are ready to be executed in the background, which is technically interesting!

Scenario 1 — Wired Connection to the Internet
Scenario 2 — Wireless Connection to the Internet

“ This connection establishment is called Association and disconnection of a device from the Wifi network is called Disassociation. A combination of both is called Reassociation.”

Each Request has a binary value assigned by the Management Frames. These are as follows:

WAP — Authentication and Association Process
  1. Authentication happens mutually.
  2. Finally, the client sends association requests(0x0000) and association responses(0x0001).

“ These Binary values and Requests are un-encrypted and un-authenticated ”

Attacking with Kr00k:

This vulnerability was first identified in Broadcom WiFi chipsets by ESET researchers, later named CVE-2019–15126. Within every WiFi chipset, we can find a 128-bit Temporal Key, used to encrypt the data frames during a transmission.

source: www.eset.com/int/kr00k

This leads to unauthorized reading and decryption of data packets.

Conclusion:

As stated by ESET, this vulnerability affects Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), as well as devices under many other brands.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store