Interesting

A vulnerability in the way that two Wi-Fi chipsets handled network interruptions and encryption keys could have given attackers the ability to decrypt some of the network packets sent by more than a billion common wireless devices and routers — including those from Amazon, Apple, and Samsung, security firm ESET said at the RSA Conference on Wednesday.Found in late 2018, the vulnerability — dubbed Kr00k and assigned CVE-2019-15126 — can force part of the wireless communication between devices to use all zeroes for the encryption key, allowing the attacker to eavesdrop on a limited amount of wireless data. The National Vulnerability Database assigned the vulnerability a base score of 3.1, which makes it low severity."If an attack is successful, several kilobytes of potentially sensitive information can be exposed," Miloš Čermák, the lead ESET researcher into the Kr00k vulnerability, said in a statement. "By repeatedly triggering disassociations, the attacker can capture a number of network packets with potentially sensitive data."