From time to time, almost all intelligent devices have Wi-Fi connectivity. They need it to carry out their work in real time, permanently connected. It does not matter if it is a router, watch, a fridge, a washing machine or a small Raspberry. These are devices that have made us forget those times when the only possible connection was through Ethernet cable. Now, that generalization of the connected world in which we live cannot escape certain threats that lurk over our security.
And today we have encountered a new shock. Far from having a limited scope, its managers categorize it as “very serious”. Hundreds of millions of devices involved. And do not believe that we are exaggerating. The problem discovered by the ESET security company directly affects smartphones, tablets, computers, smart speakers and many more devices that have a Wifi chip in their core.
The threat has a name: Kr00k (CVE-2019-15126). It affects all the communications we make at the moment the connected device encrypts them with keys composed only of zeros. Hacker who wants to get the data we send or receive can decode them without problems. He know what activity we are carrying out: if talking on the phone, if sending images and videos, confidential information, etc…
Wifi hardware chips, in the eye of the hurricane
This loss of the quality of the coding has nothing to do with a problem with our mobile phone. It all points to an error of companies such as Broadcom or Cypress. They are the manufacturers of those components that we could define as unsafe. And where are they installed? Well, ESET ventured to publish a list that includes some of the most popular devices on the market, such as mobile phones, tablets and Apple computers (iPhone, iPad and MacBook), certain Google Pixel and Samsung Galaxy, smartphones Xiaomi Redmi (when it was not an independent brand), Amazon Kindle and Echo devices, etc.
As always, in many of these cases the problem has been solved with the publication of security patches. They are responsible for closing that problem, avoiding any subsequent risk. That is why it is advisable in the case of the aforementioned brands, that you verify that your devices have the most updated software today.
Also many models of routers and Wifi access points are suffering from this problem. That is a critical threat because it affects all the devices that connect to them. As in the case of the previous ones, most manufacturers have published patches to avoid shocks. Of course, unlike other types of terminals, updating the firmware is a more complex and less automatic task than in a mobile. So it is worth visiting the support page of the manufacturer of your router to download the update and apply it following your instructions.