{"id":28247,"date":"2020-02-27T17:07:05","date_gmt":"2020-02-27T22:07:05","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=28247"},"modified":"2021-07-06T17:17:39","modified_gmt":"2021-07-06T21:17:39","slug":"kr00k-wi-fi-vulnerability","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2020\/02\/27\/kr00k-wi-fi-vulnerability\/","title":{"rendered":"Kr00k Wi-Fi Vulnerability"},"content":{"rendered":"<p><a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/02\/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng\/\">Dan Goodin<\/a> (via <a href=\"https:\/\/www.macrumors.com\/2020\/02\/26\/wifi-vulnerability-broadcom-apple-devices\/\">Juli Clover<\/a>):<\/p>\n<blockquote cite=\"https:\/\/arstechnica.com\/information-technology\/2020\/02\/flaw-in-billions-of-wi-fi-devices-left-communications-open-to-eavesdroppng\/\">\n<p>Billions of devices&mdash;many of them already patched&mdash;are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference.<\/p>\n<p>[&#8230;]<\/p>\n<p>Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If either the end-user device or the access point is vulnerable, it will put any unsent data frames into a transmit buffer and then send them over the air. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.<\/p>\n<p>Disassociation typically happens when a client device roams from one Wi-Fi access point to another, encounters signal interference, or has its Wi-Fi turned off. Hackers within range of a vulnerable client device or access point can easily send disassociation frames to trigger the vulnerability because these frames aren&rsquo;t authenticated.<\/p>\n<\/blockquote>\n\n<p>Apple has <a href=\"https:\/\/support.apple.com\/en-us\/HT210722\">fixed this<\/a> in macOS 10.15.1, but there doesn&rsquo;t seem to be an update for Mojave. As Goodin says, most sensitive traffic should already use its own encryption rather than relying on the Wi-Fi network&rsquo;s, but DNS queries are usually unencrypted.<\/p>\n\n<p id=\"kr00k-wi-fi-vulnerability-update-2020-03-06\">Update (2020-03-06): <a href=\"https:\/\/twitter.com\/volt4ire\/status\/1233799206395138048\">Robert Barat<\/a>:<\/p>\n<blockquote cite=\"https:\/\/twitter.com\/volt4ire\/status\/1233799206395138048\">\n<p>It looks like they finally put out a fix for Mojave and High Sierra on the 27th<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Dan Goodin (via Juli Clover): Billions of devices&mdash;many of them already patched&mdash;are affected by a Wi-Fi vulnerability that allows nearby attackers to decrypt sensitive data sent over the air, researchers said on Wednesday at the RSA security conference. [&#8230;] Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2020-02-27T22:07:08Z","apple_news_api_id":"b799c3de-08d2-4c67-9ab0-1bd5cde49a8b","apple_news_api_modified_at":"2021-07-06T21:17:43Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAQ==","apple_news_api_share_url":"https:\/\/apple.news\/At5nD3gjSTGeasBvVzeSaiw","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[131,2095,31,1667,30,1609,1666,355,187],"class_list":["post-28247","post","type-post","status-publish","format-standard","hentry","category-technology","tag-bug","tag-exploit","tag-ios","tag-ios-13","tag-mac","tag-macos-10-14","tag-macos-10-15","tag-privacy","tag-wifi"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/28247","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=28247"}],"version-history":[{"count":2,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/28247\/revisions"}],"predecessor-version":[{"id":28335,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/28247\/revisions\/28335"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=28247"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=28247"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=28247"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}