Kr00k vuln in WiFi chips that allows unauthorized decryption of traffic

An interesting attack on WPA2 on unpatched devices.<p>This reminds me of the WPS reaver attack, which is a complete facepalm from an implementation perspective. Only 11,000 possible combinations, and trying 1 key every other second would net you the WPA password in &lt; ~5 hours.<p>&quot;In 2011, a security researcher named Stefan Viehböck discovered a flaw in this implementation. The concept he introduced was based on the following facts:<p>Out of the 8 digits of the PIN, the last digit is a checksum, which leaves 7 digits to guess. The PIN is validated by dividing it into 2 halves. So first half leaves 10^4 = 10,000 guesses &amp; 2nd half leaves 10^3 = 1000 guesses. So a total of 11000 guesses only, where it should be 10^8 = 100000000 guesses.&quot;<p>[1] <a href="https:&#x2F;&#x2F;kalilinuxtutorials.com&#x2F;reaver-pixewps&#x2F;" rel="nofollow">https:&#x2F;&#x2F;kalilinuxtutorials.com&#x2F;reaver-pixewps&#x2F;</a>

Less sensationalist and more informative link: <a href="https:&#x2F;&#x2F;nvd.nist.gov&#x2F;vuln&#x2F;detail&#x2F;CVE-2019-15126" rel="nofollow">https:&#x2F;&#x2F;nvd.nist.gov&#x2F;vuln&#x2F;detail&#x2F;CVE-2019-15126</a> (CVSS Severity Base Score: 3.1 Low)<p>Eh yeah, you shouldn&#x27;t use WPA2 as your sole defence against data exfiltration. Nice way to drive traffic to your website though..

What I gathered from my quick scan of their PDF:<p>An attacker can trigger a dissociation between the device and the access point. The dissociation causes the device to zero its temporary encryption key called the TK (transient key), which is the key used to encrypt traffic between the device and the access point. Unfortunately, some data frames still on the device could then be encrypted with this zero key and sent anyway. Because the key is known to be zero, the attacker can decrypt these few data frames (a couple of kilobytes) trivially. Since the attacker can trigger this at will, they can leak an unbounded amount of data.<p>It&#x27;s essentially a race condition in hardware between clearing keys and finishing sending off the last few packets inside the transmission buffer. Nasty!<p>This is going to require you to patch your firmware.

Is there a proof of concept out there yet? Also, does this require a firmware patch, or can it be mitigated via software?<p>edit: I can&#x27;t reply to the comment below about iOS updates because the comment is dead, but I just would like to interject that iOS and macOS updates can, and sometimes do, contain firmware updates for hardware. The release notes for the macOS update that contains the fix doesn&#x27;t specify if the fix is in firmware or software, but I suspect it is in the former.

The next time I update (wifi) routers I&#x27;m responsible for, I think I&#x27;m going to go fully Internet Only DMZ, and Wireguard &#x27;VPN&#x27; for entry to the LAN.

Related Wikipedia article: <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Kr00k" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Kr00k</a>