Kr00k

Kr00k (also written as KrØØk) is a security vulnerability that allows some WPA2 encrypted WiFi traffic to be decrypted.^[1] The vulnerability was originally discovered by security company ESET in 2019 and assigned CVE-2019-15126 on August 17th, 2019.^[2] ESET estimates that this vulnerability affects over a billion devices.^[3]

Kr00k

CVE identifier(s)	CVE-2019-15126
Date discovered	2019
Discoverer	ESET
Affected hardware	Many devices with Broadcom and Cypress Semiconductor Wi-Fi chips including smartphones, tablets and single-board computers
Website	https://www.eset.com/int/kr00k/

Discovery

Kr00k was discovered by ESET Experimental Research and Detection Team, most prominently ESET security researcher Miloš Čermák.^[1]

It was named Kr00k by Robert Lipovský and Štefan Svorenčík. It was discovered when trying variations of the KRACK attack.^[4]

Initially found in chips made by Broadcom and Cypress, similar vulnerabilities have been found in other implementations, including those by Qualcomm and MediaTek.^[5][6]

Patches

The vulnerability is known to be patched in:

• iOS 13.2 and iPadOS 13.2 - October 28th, 2019^[1]
• macOS Catalina 10.15.1, Security Update 2019–001, and Security Update 2019-006 - October 29th, 2019^[1]

Vulnerable devices

During their research, ESET confirmed over a dozen popular devices were vulnerable.^[3]

Cisco has found several of their devices to be vulnerable and are working on patches.^[7] They are tracking the issue with advisory id cisco-sa-20200226-wi-fi-info-disclosure.^[8]

Known vulnerable devices include:

• Amazon Echo 2nd gen
• Amazon Kindle 8th gen
• Apple iPad mini 2
• Apple iPhone 6, 6S, 8, XR
• Apple MacBook Air Retina 13-inch 2018
• Asus wireless routers (RT-AC1200G+, RT-AC68U), but fixed in firmware Version 3.0.0.4.382.5161220 during March 2020
• Google Nexus 5
• Google Nexus 6
• Google Nexus 6P
• Raspberry Pi 3
• Samsung Galaxy S4 (GT-I9505)
• Samsung Galaxy S8
• Xiaomi Redmi 3S