Wi-Fi Chip Vulnerability

2020-03-03T12:43:15
ID SCHNEIER:B6B87E61CED96ACFAF94DA5C82D0F8A4
Type schneier
Reporter Bruce Schneier
Modified 2020-03-03T12:43:15

Description

There's a vulnerability in Wi-Fi hardware that breaks the encryption:

> The vulnerability exists in Wi-Fi chips made by Cypress Semiconductor and Broadcom, the latter a chipmaker Cypress acquired in 2016. The affected devices include iPhones, iPads, Macs, Amazon Echos and Kindles, Android devices, and Wi-Fi routers from Asus and Huawei, as well as the Raspberry Pi 3. Eset, the security company that discovered the vulnerability, said the flaw primarily affects Cypress' and Broadcom's FullMAC WLAN chips, which are used in billions of devices. Eset has named the vulnerability Kr00k, and it is tracked as CVE-2019-15126. > > Manufacturers have made patches available for most or all of the affected devices, but it's not clear how many devices have installed the patches. Of greatest concern are vulnerable wireless routers, which often go unpatched indefinitely.

That's the real problem. Many of these devices won't get patched -- ever.