Now-Fixed WiFi Vulnerability Left Apple Devices Open to Attack

by

A vulnerability in WiFi chips made by Cypress Semiconductor and Broadcom left billions of devices susceptible to an attack that allowed nearby attackers to decrypt sensitive data sent over the air.

ipad iphone duo ios 12
The security flaw was detailed at the RSA security conference today (via Ars Technica), and for Apple users, the issue was addressed in the iOS 13.2 and macOS 10.15.1 updates that were released back in late October.

Dubbed Kr00k, the WiFi chip flaw caused vulnerable devices to use an all-zero encryption key to encrypt part of a user's communications. When applied successfully, the attack let hackers decrypt some wireless network packets sent by a vulnerable device. As described by Ars Technica:

Kr00k exploits a weakness that occurs when wireless devices disassociate from a wireless access point. If either the end-user device or the access point is vulnerable, it will put any unsent data frames into a transmit buffer and then send them over the air. Rather than encrypt this data with the session key negotiated earlier and used during the normal connection, vulnerable devices use a key consisting of all zeros, a move that makes decryption trivial.

Chips from Broadcom and Cypress are used in many modern WiFi devices like smartphones, laptops, Internet of Things products, WiFi access points, and routers.

Our tests confirmed that prior to patching, some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei, were vulnerable to KrØØk. This totaled to over a billion Wi-Fi-capable devices and access points, at a conservative estimate. Further, many other vendors whose products we did not test also use the affected chipsets in their devices.

According to ESET Research, which published details on the vulnerability, it was disclosed to Broadcom and Cypress along with potentially affected parties. At this time, patches for devices from most major manufacturers have been released.

ESET Research recommends making sure all of the latest updates have been applied to WiFi capable devices to patch the vulnerability.

Popular Stories

Alleged iPhone 17 Pro Antenna Design

Two All-New iPhone 17 Colors Seemingly Confirmed

Monday August 25, 2025 4:22 am PDT by
Apple will offer the upcoming iPhone 17 Pro and iPhone 17 Pro Max in a new orange color, according to Bloomberg's Mark Gurman. Gurman made the claim in the latest edition of his Power On newsletter, adding that the new iPhone 17 Air – replacing the iPhone 16 Plus – will come in a new light blue color. We've heard multiple rumors about a new iPhone 17 Pro color being a shade of orange. The ...
Read Full Article65 comments
AirPods Pro 3 Heart Rate Tracking Feature

AirPods Pro 3 Expected to Launch This Year With Key New Feature

Sunday August 24, 2025 7:16 am PDT by
Bloomberg's Mark Gurman expects Apple to release new AirPods Pro this year, and he said the earbuds will have a key new feature: heart rate monitoring. From his Power On newsletter today, with emphasis added:As for Apple's other devices, there's a lot in the fall pipeline — though many of the new products are only incremental upgrades. There will be Apple Watch updates, faster Vision...
Read Full Article73 comments
iPhone 17 Pro on Desk Centered 1

iPhone 17 Pro Coming Soon With These 12 New Features

Sunday August 24, 2025 6:00 am PDT by
Apple's iPhone 17 Pro and iPhone 17 Pro Max should be unveiled in a few more weeks, and there are plenty of rumors about the devices. In his Power On newsletter today, Bloomberg's Mark Gurman corroborated a rumor that iPhone 17 Pro models will be "available in an orange color." Below, we recap key changes rumored for the iPhone 17 Pro models: Aluminum frame: iPhone 17 Pro models are...
Read Full Article46 comments
Awe Dropping Apple Event Feature

Five Things to Expect From Apple's 'Awe Dropping' September 9 Event

Tuesday August 26, 2025 4:17 pm PDT by
Apple today announced its "Awe Dropping" iPhone-centric event, which is set to take place on Tuesday, September 9 at 10:00 a.m. Pacific Time. There are a long list of products that are coming, but we thought we'd pull out five feature highlights to look forward to. That Super Thin iPhone - Apple's September 9 event will see the unveiling of the first redesigned iPhone we've had in years, ...
Read Full Article108 comments
awe dropping event

Apple Event Announced for September 9: 'Awe Dropping'

Tuesday August 26, 2025 9:01 am PDT by
Apple will hold its annual iPhone-centric event on Tuesday, September 9 at the Apple Park campus in Cupertino, California, according to an announcement that went out today. The event will start at 10:00 a.m., with select members of the media invited to attend. At the September 2025 iPhone event, Apple will unveil the iPhone 17 lineup, which includes an all-new ultra-thin iPhone 17 Air. It...
Read Full Article217 comments
iPhone 17 Air Thumb 2 Blue Electric Boogaloo

Apple Has Reportedly Considered Releasing iPhone 17 Air Bumper Case

Sunday August 24, 2025 12:40 pm PDT by
Apple has "considered" releasing a bumper case for the upcoming iPhone 17 Air, according to Bloomberg's Mark Gurman. Similar to the bumper case that Apple introduced for the iPhone 4 in 2010, Gurman said the iPhone 17 Air version of the case would cover the edges of the device, but not the back of it. Those bumper cases were made of rubber. Given that the iPhone 17 Air is expected to have ...
Read Full Article90 comments
Awe Dropping Apple Event Feature

Apple Event Logo Hints at Two iPhone 17 Pro Features

Wednesday August 27, 2025 6:36 am PDT by
Apple's logo for its upcoming September 9 event hints at two rumored iPhone 17 Pro features, including new color options and a vapor chamber cooling system. Of course, this is all just speculation for fun, as we count down the final days until the event. New Colors Last month, Macworld's Filipe Espósito reported that orange and dark blue would be two out of the five color options...
Read Full Article112 comments
airpods pro 2 gradient

AirPods Pro 3: Four Key Design Changes Anticipated

Tuesday August 26, 2025 4:05 am PDT by
Apple hasn't updated the AirPods Pro since 2022 other than a shift from Lightning to USB-C, and the earbuds are due for a refresh. According to Bloomberg's Mark Gurman, Apple will launch AirPods Pro 3 later this year, and apart from new features like heart rate monitoring, we're also expecting a few design changes. The fourth‑generation AirPods offer useful clues to Apple's design cues for ...
Read Full Article34 comments

Top Rated Comments

Cosmosent Avatar
Cosmosent
72 months ago
Anybody know if it's fixed in Mojave 10.14.6 ?
Score: 5 Votes (Like | Disagree)
now i see it Avatar
now i see it
72 months ago
but we were assured that iOS devices were secure...
Score: 5 Votes (Like | Disagree)
cmaier Avatar
cmaier
72 months ago

They are as secure as anything else. But Apple designs some of their chips, they don't make them. Contractors do. So the vulnerabilities can still be introduced into the supply chain through the same vector; chip providers... just like the vulnerabilities can be introduced by Apple themselves... or the chip makers suppliers... or...

Most of this stuff is scarier in theory than in practice.
It would be very unlikely for a vulnerability that does not exist in the design to exist in the manufactured silicon. When we design chips, and have them made, we test them extremely thoroughly to make sure they behave identically to the RTL and simulated netlist.

And since the manufacturer does not have a simulate-able netlist, it would be very difficult to introduce intentional flaws while still maintaining full functionality so as to fool this testing.
Score: 4 Votes (Like | Disagree)
1345873 Avatar
1345873
72 months ago

Anybody know if it's fixed in Mojave 10.14.6 ?
it's not there, no problem with Mojave and WiFi..

why the angry faces? Apple hasn’t confirmed it, so there’s no problem..
Score: 4 Votes (Like | Disagree)
allpar Avatar
allpar
72 months ago

this is why you keep your devices updated because of security risks - most people forget that
Yeah, well, if they make new versions compatible with old software, I can do that, but I'm not spending ten grand to move to Catalina.
Score: 3 Votes (Like | Disagree)
iapplelove Avatar
iapplelove
72 months ago

No we were assured that “what happens on the iPhone stays in the iPhone” and “it just works”.
I never understood the “ what happens on my iPhone stays on my iPhone” campaign.
Doesnt make much sense to me when I rely on iCloud so much.
Score: 3 Votes (Like | Disagree)
Read All Comments