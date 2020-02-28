to report the vulnerability. They dubbed it Kr00k, and their description of its potential is quite chilling.

Kr00k impacts electronic devices that utilize Wi-Fi chips manufactured by Broadcomm and Cypress. They’re among the most widely-used chips in the world. You’ll find them in Apple’s MacBook, iPad, and iPhone, Amazon’s Kindle and Echo devices, and Samsung’s Galaxy and Google’s Pixel products.

As ESET explains it, Kr00k can cause vulnerable devices to revert to an all-zero encryption key.

Normally, the encryption algorithms employed by Wi-Fi devices use long, complex keys that are hard to crack. Zeroing out the entire key effectively renders that encryption useless, offering about as much protection to your network activity as a PIN of 0000 would to the sensitive data on your phone.

Worse still, there are loads of routers on the market that utilize the same Broadcomm and Cypress chips. That means even if your smartphone wasn’t vulnerable it would still be at risk if it happened to connect to a router that had fallen victim to Kr00k.

ESET notified both chipmakers and worked with ICASI (the Industry Consortium for Advancement of Security on the Internet) “to ensure that all potentially affected parties – including affected device manufacturers using the vulnerable chips, as well as any other possibly affected chip manufacturers – were aware of KrØØk.”

Broadcoom and Cypress have both developed and released patches for Kr00k, and device makers have followed suit. Any devices that you own that were vulnerable may already be protected if they’re set to install updates automatically.

Kr00k is seriously nasty vulnerability, however, and it’s best not to leave things up to chance. Manually checking for updates and installing whatever is available is generally a good idea.

” readability=”54.284337349398″>

Do you own a smartphone, tablet, or laptop? Do you have a wireless router in your home? If you do, then you were probably vulnerable to an insidious attack targeting Wi-Fi chips.

Image:

Getty

Security researchers at Slovakia-based ESET were the first to report the vulnerability. They dubbed it Kr00k, and their description of its potential is quite chilling.

Kr00k impacts electronic devices that utilize Wi-Fi chips manufactured by Broadcomm and Cypress. They’re among the most widely-used chips in the world. You’ll find them in Apple’s MacBook, iPad, and iPhone, Amazon’s Kindle and Echo devices, and Samsung’s Galaxy and Google’s Pixel products.

As ESET explains it, Kr00k can cause vulnerable devices to revert to an all-zero encryption key.

Normally, the encryption algorithms employed by Wi-Fi devices use long, complex keys that are hard to crack. Zeroing out the entire key effectively renders that encryption useless, offering about as much protection to your network activity as a PIN of 0000 would to the sensitive data on your phone.

Worse still, there are loads of routers on the market that utilize the same Broadcomm and Cypress chips. That means even if your smartphone wasn’t vulnerable it would still be at risk if it happened to connect to a router that had fallen victim to Kr00k.

ESET notified both chipmakers and worked with ICASI (the Industry Consortium for Advancement of Security on the Internet) “to ensure that all potentially affected parties – including affected device manufacturers using the vulnerable chips, as well as any other possibly affected chip manufacturers – were aware of KrØØk.”

Broadcoom and Cypress have both developed and released patches for Kr00k, and device makers have followed suit. Any devices that you own that were vulnerable may already be protected if they’re set to install updates automatically.

Kr00k is seriously nasty vulnerability, however, and it’s best not to leave things up to chance. Manually checking for updates and installing whatever is available is generally a good idea.