We identified Kr00k (CVE-2019-15126) – a previously unknown vulnerability in chips used by a significant proportion of all Wi-Fi capable devices. Specifically, we discovered that Wi-Fi chips by Broadcom and Cypress – and possibly other manufacturers – could be forced to encrypt some packets in a WPA2-protected network with an all-zero encryption key. In a successful attack, this allows an adversary to decrypt some wireless network packets. The number of affected devices was likely over a billion as the vulnerable chips are used in devices from Apple, Samsung, Google, Amazon, and many others.
The presentation will include technical details and a demonstration, where we will show how we were able to trigger Wi-Fi reassociations on the targeted device, force setting the all-zero encryption key and decrypt intercepted packets.
By Robert Lipovsky & Stefan Svorencik
Full Abstract & Presentation Materials:https://www.blackhat.com/us-20/briefings/schedule/#krk-serious-vulnerability-affected-encryption-of-billion-wi-fi-devices-20414