Security bug could let attackers snoop on Wi-Fi traffic

The vulnerability called Krook affected Wi-Fi chips from Broadcom and Cypress.

Carrie Mihalcik Former Managing Editor / News

Carrie was a managing editor at CNET focused on breaking and trending news. She'd been reporting and editing for more than a decade, including at the National Journal and Current TV.

Expertise Breaking News, Technology Credentials

Carrie has lived on both coasts and can definitively say that Chesapeake Bay blue crabs are the best.

See full bio

Carrie Mihalcik

Feb. 26, 2020 9:03 a.m. PT

cybersecurity-hacking-7 — Broadcom and Cypress have already released updates to patch the Krook vulnerability.
Graphic by Pixabay/Illustration by CNET

A new security vulnerability called Krook could have let attackers intercept and decrypt some Wi-Fi traffic. The bug affected Wi-Fi chips from Broadcom and Cypress that are used in devices like phones and laptops , as well as some access points and routers, according to security researchers from antivirus firm ESET. They estimate up to a billion devices could have been vulnerable to Krook.

The good news? Broadcom and Cypress have already released updates to patch the vulnerability, according to ESET. The firm said it also worked with industry groups to make sure potentially affected parties, including device manufacturers, were aware of Krook.

Before patches were issued, ESET researchers said they tested and confirmed that Krook impacted some devices from Amazon , Apple , Google , Samsung , Raspberry and Xiaomi , as well as access points from Asus and Huawei .

Broadcom and Cypress didn't immediately respond to requests for comment.

The exploit was detailed Wednesday by ESET researchers as part of the RSA security conference in San Francisco.

Watch this: Time to delete your (unused) apps

01:06