A flaw called Kr00k linked to Broadcom and Cypress Semiconductor WiFi chips affects more than a billion devices – mainly iPhone, but also, iPad, Macs, Android smartphones, Raspberry Pi, or Kindle and speakers connected to Amazon Echo. Eset explains that patches are already available from most manufacturers.
Here is the list of devices tested by Eset affected by the flaw:
- Amazon: Echo 2nd gen, Kindle 8th gen
- Apple: iPad mini 2, iPhone 6, iPhone 6S, iPhone 8, iPhone XR, MacBook, iPad Air
- Google: Nexus 5, Nexus 6, Nexus 6P
- Raspberry: Pi 3
- Samsung: Galaxy s4, Galaxy s8
- Xiaomi: Redmi 3S
The problem also seems to affect Asus and Huawei routers. Eset nevertheless specifies that “many other sellers whose products we have not tested use the affected chipsets in their devices”. The vulnerability would however not be present in Qualcomm, Realtek, Ralink, and Mediatek chips.
WiFi flaw affects more than a billion iPhone and Android smartphones
Gizchina News of the week
The Kr00k flaw manifests itself when a mobile device with a concerned chipset, mismatch its WiFi connection. This happens several times a day, in case of loss of signal. The chipset then attempts to re-establish the connection automatically. However, thanks to the vulnerabilities of these chipsets, hackers can force a client to disassociate and then transmit poorly encrypted data in a more compatible mode.
Eset has transmitted its findings several months in advance to the affected manufacturers, and a patch is available for most devices in the form of a system update. Whether you are on iPhone, Galaxy S8, or have an Amazon Echo, the best thing to do to protect yourself is, therefore, to make sure you are running the latest version of your operating system.
The investigation into this bug dates back to the third quarter of 2018. Cypress and Broadcom were informed in August 2019, and patches began circulating in the last quarter of 2019. Do you have a device from the list above? let us know in the comments.
I noticed that the iPhone xr is affected so I figure that my xs max is also. I have the latest iOS update and I always check for new ones. I haven’t noticed anything unusual so maybe I’m okay.
I have the iPhone 6S. It all makes sense now. So did the last update fix it or will there be another?
Everyday it’s happening with my iPhone 8plus and my iPhone 7 I’m tired to connect it manually every time.
Yes I have an i8 plus. And the buffering wheel or gear in the top left goes continuous never stops even when I restart the phone. could that be causing this
I have an s10+ And I get kicked off my wifi several times a day. My phone is not on the list. This only started happening once I did the most recent update!
It’s not saying that getting kicked off WiFi is the bug; rather, Kr00k uses that flaw to take advantage of the disconnection.
Clickbait. Nice job posting two of the newest phone pictures, only to find out that the bug affects considerably older phones.