KrØØk vulnerability affects more than one billion Wi-Fi-enabled devices and access points

The critical security flaw could intercept and allow an attacker to decrypt wireless network packets transmitted by vulnerable devices using WPA2 connections.

 The Kr00k bug (CVE-2019-15126) affects common Wi-Fi chips Broadcom and Cypress which are built in access points (APs) and smartphones, tablets, laptops, IoT devices from Amazon, Apple, Samsung, Raspberry, Xiaomi, Asus and Huawei.

As people move from one wi-fi hotspot to another a device may encounter interruption in connection before it reconnects to the known network. Hackers may take advantage of this disassociation by using Krøøk to extend the time of disassociation and receive Wi-Fi packets using all-zero-day key. For a successful attack, hacker would need to be in close physical proximity of their target.

Patches for Broadcom and Cypress are issued for their chips and users are advised to update their devices in order to protect their Wi-Fi devices from being easily hacked.