Several boxes from the four major French operators would be affected by the Kr00k security breach, including two Freebox models.
A new WiFi flaw was discovered and presented at the RSA conference, which would affect more than a billion devices including several boxes from the four French operators, including the Freebox Revolution and the Freebox mini 4K.
A flaw in a chip present in many modems
The breach concerns Broadcom and Cypress WiFi chips, which equip many modems in France. Thus, on the Free side according to LCI, the Freebox Revolution and mini 4K would be concerned, but nothing is certain concerning the operator’s latest models, the Freebox Delta and the One. At Orange, Livebox 4 and 5 would be affected, as for SFR, the flaw could affect Box 8 and Box Fiber. Bouygues Télécom was not spared, the Bbox Sensations and the latest Fiber Bbox being on the list of boxes possibly exhibited at Kr00k.
Concretely, this flaw allows access to data encrypted by the WPA2 protocol, which should however protect communications. In fact, a malicious person would be able to exploit this flaw to “listen” to the traffic of a box, for example, and access the access point without a password. Note however that to exploit this flaw, this person must be within range of your network, which without mitigating the severity of the flaw, makes it more difficult to exploit on a large scale.
These are not the only devices affected by this flaw, since in total more than a billion devices ranging from smartphones to e-readers and Macbooks would be affected.
Kr00k was presented last February at the RSA conference by experts from ESET, an antivirus company. Note that if a patch was deployed following contact with companies by researchers who discovered the flaw, the correction does not necessarily affect all devices. Free and the other operators did not communicate on this subject.
A flaw that occurs when you log out
How does the flaw actually work? Well, when you cut your WiFi connection or leave the coverage area of a WiFi network, the chip empties the cached data, but in an unencrypted way, due to a bug.
The breach puts data prey to interception by a malicious person. Not to mention that there is the possibility of sending a frame to cause the dissociation phase between the device and the network.
–
