Published on: 27 February 2020
ESET has published a security report revealing technical details about a vulnerability in FullMAC wireless chipset manufactured by Broadcom and Cypress. The vulnerability would only affect Wi-Fi networks using WPA2-Personal or WPA2-Enterprise protocol with AES-CMMP encryption. The vulnerability would let vulnerable devices clear the session key stored in the wireless chipset during the "disassociation" process and subsequently transmit wireless network packets encrypted by an all-zero session key. To trigger a "disassociation", an attacker within close proximity should send vulnerable devices a forged management data frame.
Devices using FullMAC wireless chipset manufactured by Broadcom and Cypress are affected. It is recommended to consult the device supplier or manufacturer if the mentioned chipset is used. Examples of affected products include:
Successful exploitation could lead to information disclosure from an affected system.
Some vendors including Apple have released patches or firmware upgrades to address the issue. Users and system administrators shall ascertain that their devices are updated with the latest patches and firmware once available. They could contact corresponding device manufacturers for the availability and details of the patches or firmware.
Users and system administrators should follow the security best practices to use additional encryption mechanisms, such as HTTP over TLS (HTTPS) or virtual private network (VPN), to protect all sensitive information to be sent over an insecure network.
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf
https://www.eset.com/int/kr00k/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15126