San Francisco (dpa) - Two years after the discovery of a serious security hole in the WLAN encryption protocol called "Krack", security researchers have once again found a massive vulnerability.
This security gap allows hackers to spy on encrypted information or even inject their own data packets.
According to researchers at the Eset security company, the new security hole known as “Kr00k” is found in WLAN chips from Broadcom and Cypress. This affects billions of devices worldwide, including products from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi) as well as WiFi routers by Asus and Huawei. However, the error can be remedied by software updates.
A spokesman for Eset emphasized that the security vulnerability had been reported to the chip producers who had already released patches. «Numerous manufacturers have already published updates for the affected devices. All owners should update their devices immediately, unless this was done automatically. »
The first indications of the basic problem were discovered a year ago when a weakness was found in the smart Echo speaker from Amazon, which is equipped with a WLAN chip from Cypress. Later, the gap in the processors from Broadcom could also be demonstrated. The two manufacturers had started in the fourth quarter of 2019 to close the gaps with security updates. However, the researchers assume that millions of devices are still in operation without a security patch.
Paper from Eset to Kr00k
Researchers' website on KRACKS