×

UPSC Courses

DNA banner

DAILY NEWS ANALYSIS

  • 03 March, 2020

  • 3 Min Read

KrOOk vulnerability

Syllabus subtopic: Basics of Cyber Security

Prelims and Mains focus: about KrOOk and its threat

News: At the RSA 2020 security conference in San Francisco, security researchers from Slovak antivirus company ESET will present details about a new vulnerability that impacts WiFi communications.

What is it?

  • Named Kr00k, this bug can be exploited by an attacker to intercept and decrypt some type of WiFi network traffic (relying on WPA2 connections).

  • According to ESET, Kr00k affects all WiFi-capable devices running on Broadcom and Cypress Wi-Fi chips. These are two of the world's most popular WiFi chipsets, and they are included in almost everything, from laptops to smartphones, and from access points to smart speakers and other IoT devices.

  • ESET researchers said they personally tested and confirmed that Kr00k impacts devices from Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3) and Xiaomi (Redmi), but also access points from Asus and Huawei.

  • ESET said it believes that more than a billion devices are vulnerable to Kr00k, and they consider this number "a conservative estimate."

What’s Kr00K and how does it work?

  • At the technical level, Kr00k is just a bug, like many other bugs that are being discovered on a daily basis in the software that we all use.

  • The difference is that Kr00k impacts the encryption used to secure data packets sent over a WiFi connection.

  • Typically, these packets are encrypted with a unique key that depends on the user's WiFi password. However, ESET researchers say that for Broadcom and Cypress Wi-Fi chips, this key gets reset to an all-zero value during a process called "disassociation."

  • Disassociation is something that occurs naturally in a WiFi connection. It refers to a temporary disconnection that usually happens due to a low WiFi signal.

  • WiFi devices enter into disassociated states many times a day, and they're automatically configured to re-connect to the previously used network when this happens.

  • ESET researchers say that attackers can force devices into a prolonged disassociated state, receive WiFi packets meant for the attacked device, and then use the Kr00k bug to decrypt WiFi traffic using the all-zero key.

  • This attack scenario allows hackers to actively intercept and decrypt WiFi packets, normally considered to be secure.

  • The good news is that the Kr00k bug only impacts WiFi connections that use WPA2-Personal or WPA2-Enterprise WiFi security protocols, with AES-CCMP encryption.

  • This means that if you use a device with a Broadcom or Cypress WiFi chipset, you can protect yourself against attacks by using the newer WPA3 WiFi authentication protocol.

Not as bad as KRACK

  • All in all, the Kr00k vulnerability should be easier to protect against than KRACK -- a major vulnerability that impacted the WPA2 WiFi protocol and forced most device vendors to switch to using WPA3 by default.

  • A new KRACK attack, named Dragonblood, was later discovered to impact even some newer WPA3 connections, but this newer attack didn't impact the entire WiFi ecosystem as the original KRACK attack did.

  • ESET researchers said they discovered Kr00k while looking into the devastating effects of the KRACK attack; however, the two -- KRACK and Kr00K -- should not be considered the same.

Source: The Hindu


What is Mission Indradhanush ?

Mission Indradhanush was launched in 2014 under the Ministry of Health and Family Welfare.  1. Between 2009 - 2013, only 1% coverage per year has increased. We have to make it to 5%. 2. Objectives of Mission Indradhanush: We have the aim of full coverage by 2020. Cover all those children who are either unvaccinated or are part

Mediation Bill 2021 - Detailed Overview

A Bill that could alter the Mediation landscape The background behind Mediation Bill:         In General, Disputes Became part and parcel of  Day-to-Day Life. Someone or the Other belonging to family or else not a part of the family would be fighting for something. These Disputes may be for Smaller or B

Military exercises of India

List of all Military Exercises of India 2021 Military Exercises of India with Neighbours Sampriti: India & Bangladesh Mitra Shakti: India & Sri Lanka Surya Kiran: India & Nepal Hand in Hand Exercise: India & China Ekuverin: India & Maldives Military Exercises of India with Other countries Maitree Exer

Consumer Protection Rules, 2021

Consumer Protection (Jurisdiction of the District Commission, the State Commission and the National Commission) Rules, 2021 1) Pecuniary Jurisdiction The Consumer Protection Act, 2019 The Consumer Protection Act, 2019 promulgates a three-tier quasi-judicial mechanism for redressal of consumer disputes namely district commissions, state

Swachh Bharat Mission (Urban) 2.0

The Swachh Bharat Mission - Urban (SBM-U), launched on 2nd October 2014 aims at making urban India free from open defecation and achieving 100% scientific management of municipal solid waste in 4,041 statutory towns in the country. The objectives of the mission are mentioned below: Elimination of open defecation Eradication of Manual S

DNA

26 Jan,2022

Students Achievement

Search By Date

Newsletter Subscription
SMS Alerts