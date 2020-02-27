Cypress WiFi Chips Leak Sensitive Info Due To Kr00k Bug In Broadcom – Experts Insight

70 0
Dot Your Expert Comments
Facebook Twitter WhatsApp Google LinkedIn Email

In response to recent reports a vulnerability in some popular WiFi chips can be leveraged to partially decrypt user communication and expose data in wireless network packets, cybersecurity experts offer perspective.

EXPERTS COMMENTS
Craig Young, , Principal Security Researcher ,  Tripwire
February 27, 2020
At the end of the day though, although this is a very interesting attack, it is not something to lose sleep over.
Researchers from ESET have identified yet another widespread privacy concern related to faulty WPA2 implementations this time in chips from Broadcom and Cypress. This attack has some similarity to the KRACK attack which took the infosec community by surprise in 2017. Both attacks can potentially allow nearby attackers to gain access to information which should have only been sent after being secur ....
[Read More >>]
Roger Grimes, Data-driven Defence Evangelist ,  KnowBe4
February 27, 2020
This is a small, specific, but a serious flaw that I'm glad the guy guys found and responsibly reported.
I'm normally a skeptic on most announced vulnerabilities. Most are too over hyped. This one isn't. This one is serious and I'm glad it was discovered and responsibly disclosed. Anytime you have an encryption key set to all zeros it's not a good thing. In this case, "leftover" data that was waiting to be retransmitted after a premature disconnect event accidentally gets re-transmitted using essenti ....
[Read More >>]
Andre Gironda, VP,  Cerberus Sentinel
February 27, 2020
This is a step-by-step instruction guide to get the kcrackattacks-script tools installed and working.
Multi-Channel MITM attacks against consumer-grade Wi-Fi equipment limited protections and most do not have the commercial available safety features of enterprise business. The attacks are easy for Kali Linux newbie or software from hacking sites to gain access. For example, anyone can purchase a book such as the latest copy of Kali Linux Wireless Penetration Testing Beginner's Guide. This is a s ....
[Read More >>]
David Jemmett, CEO,  Cerberus Sentinel
February 27, 2020
Organizations that demand network-layer security are left again at the whimsy of the threat communities and trusted insiders.
Kr00k, as was KRACK, is another nail in the coffin for WPA2 and all of its previous versions. WPA3 has proven to not be ready to handle the sophisticated threats that are being developed by bad actors. Organizations that demand network-layer security are left again at the whimsy of the threat communities and trusted insiders. Attack detection capabilities must now start to link devices to people ....
[Read More >>]

If you are an expert on this topic:

Dot Your Expert Comments

SUBSCRIBE to alert when new comments are posted on this news. :


In this article