An eavesdropper doesn't have to be logged into the target device's wireless network to exploit KrØØk. If successful, the miscreant can take repeated snapshots of the device's wireless traffic as if it were on an open and insecure Wi-Fi. These snapshots may contain things like URLs of requested websites, personal information in transit, and so on.The bug affects WiFi chips made by Broadcom and Cypress. Despite being a hardware-level bug, it should be possible to fix the vulnerability via a software update.
It's not something to be totally freaking out over: someone exploiting this has to be physically near you, and you may notice your Wi-Fi being disrupted. But it's worth knowing about.
Over a billion devices vulnerable to WiFi security flaw
Posted on Thursday, February 27 2020 @ 16:59 CET by Thomas De Maesschalck
The Register warns security researchers discovered "KrØØk", a WiFi security vulnerability that affects over a billion computers, tablets, phones, and other devices. A chip-level bug makes it possible to recreate snapshots of a device's wireless traffic as if you're using an open and insecure WiFi network. To exploit the bug, an attacked needs to be physically near the network.