Eset researchers have identified a new variant of vulnerability Kr00k, which affects Qualcomm and MediaTek chips. The new vulnerability pallows decryption of Wi-Fi traffic intercepted protected using the WPA2 protocol.
The Kr00k vulnerability it is caused by improper processing of encryption keys when the device is disconnected from the access point. In the first variant of the vulnerability, when disconnecting, the session key (PTK) stored in the memory of the chip is reset, since no more data will be sent in the current session.
In this case, the data remaining in the transmission (TX) buffer was encrypted with an already erased key consisting of only zeros and consequently could be easily decrypted during interception. An empty key only applies to residual data in a buffer that is several kilobytes in size.
About the problem
The key difference between the second variant of the vulnerability, which manifests itself in Qualcomm and MediaTek chips, is that instead of encryption with a zero key, data after decoupling is transmitted not encrypted at all, a even though the encryption are configured.
Of the devices Qualcomm-based tested for vulnerabilities, the D-Link DCH-G020 and the Turris Omnia router.
Between devices based on MediaTek chips, the router was tested ASUS RT-AC52U and IoT solutions based on Microsoft Azure Sphere using MediaTek MT3620 microcontroller.
To exploit both vulnerabilities, an attacker can send special control frames that cause disassociation and intercept the data that is sent next.
Decoupling is commonly used in wireless networks to switch from one access point to another while roaming or when the connection to the current access point is lost. Decoupling can be triggered by sending a control frame, which is transmitted unencrypted and requires no authentication (an attacker only needs a Wi-Fi signal, but does not need to connect to a wireless network).
An attack can be carried out both when a vulnerable client device accesses an invulnerable access point, and in the case of a device that is not affected by the problem, an access point where the vulnerability is manifested.
The vulnerability affects encryption at the wireless network level and allows scanning only of unsecured connections established by the user (for example, DNS, HTTP, and mail traffic), but does not provide an opportunity to compromise connections with encryption at the application (HTTPS, SSH, STARTTLS, DNS over TLS, VPN and etc.).
The danger of the attack is also reduced by the fact that an attacker can decrypt only a few kilobytes of data at a time thatwhich were in the streaming buffer at the time of disconnection.
To successfully capture the data sent over an insecure connection, an attacker you must know exactly when the access point disconnect was sent or constantly initiate, which will catch the user's attention due to the constant reboots of the wireless connection.
Solutions
The issue was addressed in the July update for proprietary drivers for Qualcomm chips and in the April update for drivers for MediaTek chips.
A fix for MT3620 was proposed in July. The researchers who identified the problem have no information on how to patch the free ath9k driver.
In addition, a Python script has been prepared to test the exposure of the devices to both vulnerabilities. If you want to have access to it, and you can visit the following link.
On the other hand we can point out the Identification of six vulnerabilities in Qualcomm DSP chips, which are used by 40% of smartphones, including devices from Google, Samsung, LG, Xiaomi and OnePlus, by Checkpoint researchers.
Manufacturers have not disclosed details vulnerabilities until they are fixed.