Hello, welcome to the Thursday, February 27th, 2020 edition of the Santernut Storm Center's Stormcast.

My name is Johannes Ulrich, and the am recording from San Francisco, California.

Got an interesting new Wi-Fi vulnerability to talk about.

This is a vulnerability that's hardware specific. It's inherent to

prodcom and cypress chipsets and it does weaken WPA 2 encryption. It's currently being

tracked as Crook or CVE 2019 15126. Now what's happening here is that if you are losing the connection to a wireless

access point, then of course the encryption kind of is being reset. But what happens in these

chipsets is that there's if there's still data left over in the buffer of the chipset,

that data is being sent with an all-serre encryption key, which of course makes it trivial to

decrypt the data. So in essence, it does not reveal your Wi-Fi passphrase.

It does not break anything else you're doing like TLS or the like.

But yes, an attacker, in particular if the attacker can trigger the disconnect, then the

attacker will be able to essentially get a few packets here and there are usually a few kilobytes of data.

Now, this particular chip set is quite common and in the news release, they mentioned, for example, Apple products like it, Amazon, Raspberry Pi 3 likes it,

Samsung, also in its galaxy models and Google Nexus phones,

all of these devices use vulnerable chipsets.

Patches are available for this vulnerability. Apple, for example, already released patches in its

reason update to its devices.

Other devices have done so as well.

So make sure that your wireless firmware is up to days.

It can be sometimes a little bit tricky for some of the Linux-ish devices, but you should

actually be getting firmware updates.

...