Inspecting — KrØØk Vulnerability

How does Wi-Fi Work?

I want to focus on how WiFi work, as this would be the prerequisite to understanding why Kr00k is so vulnerable. The moment you connect to a wireless network, a bunch of requests are ready to be executed in the background, which is technically interesting!

Scenario 1 — Wired Connection to the Internet
Scenario 2 — Wireless Connection to the Internet

“ This connection establishment is called Association and disconnection of a device from the Wifi network is called Disassociation. A combination of both is called Reassociation.”

Each Request has a binary value assigned by the Management Frames. These are as follows:

WAP — Authentication and Association Process
  1. Authentication happens mutually.
  2. Finally, the client sends association requests(0x0000) and association responses(0x0001).

“ These Binary values and Requests are un-encrypted and un-authenticated ”

Attacking with Kr00k:

This vulnerability was first identified in Broadcom WiFi chipsets by ESET researchers, later named CVE-2019–15126. Within every WiFi chipset, we can find a 128-bit Temporal Key, used to encrypt the data frames during a transmission.


This leads to unauthorized reading and decryption of data packets.


As stated by ESET, this vulnerability affects Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), as well as devices under many other brands.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store