Billions of devices could be tapped because of flaws in WiFi chips produced by Cypress Semiconductor and Broadcom. The vulnerability was announced by researchers at today’s RSA Security Conference, and most device manufacturers have patched the vulnerability. The vulnerability mainly affects FullMAC WLAN chips produced by Cypress and Broadcom. Cybersecurity researchers said the chips are used in billions of devices, including those made by Apple, such as the iPhone, iPad, and Mac. The researchers said the vulnerability allowed nearby attackers to decrypt sensitive data sent by the device. Researchers say they found this previously unknown vulnerability in the WiFi chip and named it Krook.
An Apple spokesperson confirmed that they had patched the vulnerability in macOS, iOS and iPadOS systems through a system upgrade last October. Affected devices include the iPad mini 2, iPhone 6, 6S, 8, and XR, as well as the 2018 MacBook Air. For Apple users, as long as you have upgraded your device to the latest versions of iOS, iPadOS, and macOS, this vulnerability will not affect you. However, some devices from Google, Samsung, and Amazon (such as Echo), could also be vulnerable to attacks. So far, researchers haven’t seen any attacks in the wild exploiting this vulnerability though, governments in the U.S., the U.K., and elsewhere are urging IoT vendors to build more security into their products.
According to the researcher who presented his findings on February 26th at the RSA Conference in San Francisco, the utilization of consumer IoT devices is increasing the cyber risks for enterprises. He emphasized that although the vulnerability cannot be used to break HTTPs and TLS, which provide an extra layer of encryption for communications, there are still plenty of opportunities for hackers to intercept WiFi data using Krook. In this case, your organization will need the Cyber Resilience and Response Subscription Program from LIFARS for the manpower and expertise to immediately respond and remediate to cyber incidents and breaches, in addition to providing a full array of services to increase your company’s cyber resiliency.
Contact LIFARS Immediately for