Today, at the RSA 2020 security conference in San Francisco, security researchers from Slovak antivirus company ESET will present details about a new vulnerability that impacts WiFi communications.
Named Kr00k, this bug can be exploited by an attacker to intercept and decrypt some type of WiFi network traffic (relying on WPA2 connections).
According to ESET, Kr00k affects all WiFi-capable devices running on Broadcom and Cypress Wi-Fi chips. These are two of the world’s most popular WiFi chipsets, and they are included in almost everything, from laptops to smartphones, and from access points to smart speakers and other IoT devices.
ESET researchers said they personally tested and confirmed that Kr00k impacts devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi), but also access points from Asus and Huawei.
In a press release today, ESET said it believes that more than a billion devices are vulnerable to Kr00k, and they consider this number “a conservative estimate.”