
KrØØk: Serious vulnerability affecting encryption of billion+ Wi‑Fi devices - notRobot
https://www.welivesecurity.com/2020/02/26/krook-serious-vulnerability-affected-encryption-billion-wifi-devices/
======
detaro
previously:
[https://news.ycombinator.com/item?id=22425615](https://news.ycombinator.com/item?id=22425615)

~~~
teunispeters
Kr00k – formally known as CVE-2019-15126 – is a vulnerability in Broadcom and
Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted
traffic. (from link on this link)

Headline above on top is too alarmist - and largely wrong.

------
TekMol
As everybody is using random Wi-Fi spots all the time, is Wi-Fi encryption
still important?

I thought we rely on https and ssh these days?

~~~
roblabla
It still allows to snoop on people's browsing history by looking at DNS
lookups. And even mount some attacks against insecure client software that you
might be running.

The solutions to DNS snooping and tampering (DoH, DoTLS, DNSSEC, etc...) are
still not wildly deployed or supported, and it'll take a while until they are.
Even if browsers implement DoH, there is a large amount of software that does
DNS requests using the system's default, insecure resolver. Those software
might not have secure encryption (e.g. using their own protocol), or might be
using outdated encryption software (e.g. using an old version of OpenSSL). If
those software have vulnerabilities in them, anyone on an unencrypted WiFi can
spoof your DNS and exploit this vulnerability.

~~~
tptacek
DNSSEC is not a solution to snooping _or_ tampering in this setting.
Ironically, against link-layer attacks like this, DoH does address both.

~~~
kevincox
DoH is good for tampering but doesn't help much against snooping since
generally you will then connect to (almost) every site with a plaintext SNI.

~~~
tptacek
The attack we're talking about on this thread is people using KROOK to snoop
on DNS lookups. DoH decisively addresses that threat, and DNSSEC does
literally nothing about it; it doesn't even address integrity in this setting;
link-layer DNS attacks will reveal QIDs that can be used to spoof AD=1
responses to DNSSEC-validated queries, and that obviously doesn't work against
DoH.

------
ArinaLy
In February 2020, ESET released the KR00K - CVE-2019-15126 SERIOUS
VULNERABILITY DEEP INSIDE YOUR WI-FI ENCRYPTION research. Based on this
research, the Hexway team created and published a PoC exploit of the kr00k
attack. ([https://hexway.io/research/r00kie-
kr00kie/#description](https://hexway.io/research/r00kie-kr00kie/#description))

------
ThePowerOfFuet
> These findings were presented publicly for the first time at the RSA
> Conference 2020.

Why anyone would choose to have any association with RSA since Dual_EC_DRBG is
a mystery. There are far more credible conferences at which to present
findings.

------
HomeComp2020
Does anyone know a good way I can test to see if my router is vulnerable?

