Billions of Wi-Fi devices face snooping risk due to major security flaw

News
By published

Patch has been released, but many devices may still at risk

(Image credit: Pixabay)

Security researchers have discovered a vulnerability that could be used to exploit billions of connected devices such as routers to decrypt Wi-Fi traffic and snoop on the data.

Dubbed Kr00k by researchers at security firm ESET, the flaw was able to compromise chipsets from leading providers including Broadcom and Cypress that are commonly found in smartphones, tablets, laptops, and other IoT gadgets. 

The researchers note that popular devices like Apple iPhones, iPads, MacBooks, Amazon Echo and Kindle, Samsung’s Galaxy Range, Xiaomi’s Redmi phones, Google’s Nexus line and Raspberry Pi have incorporated these chipsets, with some access points and routers from Asus and Huawei also found to be susceptible to the bug.

Kr00k vulnerability

ESET suggested that the bug was primarily limited to both Broadcom and Cypress chips, as it they could prove find Wi-Fi chipsets from Qualcomm, Realtek, Ralink or MediaTek were vulnerable to this hack. 

However, the researchers noted that they were not able to test WiFi chips from all the vendors.

“According to some vendor publications and our own (non-comprehensive) tests, devices should have received patches for the vulnerability," ESET wrote.

"Depending on the device type, this might only mean ensuring the latest OS or software updates are installed (Android, Apple and Windows devices; some IoT devices), but may require a firmware update (access points, routers and some IoT devices)."

While all the affected major manufacturers, including Broadcom and Cypress, have released a patch for the flaw, users will have to ensure that the latest patch is installed on their devices.

ESET is also said to be working with the Industry Consortium for Advancement of Security on the Internet (ICASI) to ensure all that the potentially affected parties are informed about the vulnerability.

Via: ESET

Jitendra Soni
Jitendra Soni

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.  

Latest in Security
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
Latest in News
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Waze voice control
Waze is ditching Google Assistant for Gemini on iOS, and for good reasons
More about security
NHS

NHS IT supplier hit with major fine following ransomware attack
Data leak

Top home hardware firm data leak could see millions of customers affected
A digital representation of a lock

NYU website defaced as hacker leaks info on a million students
See more latest
Most Popular
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
Sama virtual assistant
Speak, Book, Fly. Qatar Airways debuts industry-first AI travel agent, Sama
An Apple Lumon Terminal Pro computer next to a keyboard with Severance-themed keycaps
You sadly can't buy Apple's Lumon Terminal Pro computer, but here's where to get the Severance-style keycaps
Pro-Ject A1.2 in black, playing a vinyl record in a hi-fi listening room
Pro-Ject's new fully-automatic turntable could be the buy of Record Store Day 2025
Intergalactic: The Heretic Prophet
Intergalactic: The Heretic Prophet reportedly won't release until after 2026, as Neil Druckmann says that staff 'are playing it at the office' right now - but I don't think I can wait that long
Kindle de Amazon
The latest Kindle update finally fixes page turning – and adds the perfect reading tool for my sieve-like brain
Screenshot from action RPG soulslike Lies of P
Lies of P Overture won't elaborate on the game's eyebrow-raising post-credits twist, and I think that's good news
Nintendo Switch 2
The Switch 2 launching with a Mario Kart game 'is very unlike Nintendo' compared to the original Switch releasing with Breath of the Wild, says former marketing leads: 'That's what's gonna make you want to buy the new hardware'
Apple iPad Pro 13-inch (2024)
iPadOS 19: 4 rumored new features, and 2 I’d like to see
Apple Watch Ultra 2 displaying a step count and distance
Using a smartwatch could be a game-changer for people with diabetes, new research suggests