Flaw in billions of Wi-Fi devices left communications open to eavesdroppng

Researchers said on Wednesday at the RSA security conference that billions of devices — many of them already patched — are affected by a Wi-Fi flaw that allows nearby attackers to decrypt sensitive data sent over the air.

Wi-Fi flawDan Goodin for Ars Technica:

The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter whose Wi-Fi business was acquired by Cypress in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, Raspberry Pi 3’s, and Wi-Fi routers from Asus and Huawei. Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cyperess’ and Broadcom’s FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126.

Eset researchers determined that a variety of devices are vulnerable, including:

• Amazon Echo 2nd gen
• Amazon Kindle 8th gen
• Apple iPad mini 2
• Apple iPhone 6, 6S, 8, XR
• Apple MacBook Air Retina 13-inch 2018
• Google Nexus 5
• Google Nexus 6
• Google Nexus 6S
• Raspberry Pi 3
• Samsung Galaxy S4 GT-I9505
• Samsung Galaxy S8
• Xiaomi Redmi 3S

The researchers also found that the following wireless routers are vulnerable:

• Asus RT-N12
• Huawei B612S-25d
• Huawei EchoLife HG8245H
• Huawei E5577Cs-321

MacDailyNews Note: The Apple Macs, iPhones, and iPad mini with chips affected by the Wi-Fi flaw were patched last October – macOS here and iOS/iPadOS here. Apply the updates if you have not already done so months ago.

1 Comment

  1. So what about Apple’s Airport series? Most people won’t want to dig in and find out exactly what chipset they have and if they need to finally, begrudgingly replace them.

    Well, they’ll all go away when the world really gets to WiFi6 (aka 802.11ax) anyway.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.