UNITED STATES (OBSERVATORY NEWS) — The Wi-Fi chips made by Cypress and Broadcom made a critical mistake that made billions of devices vulnerable to wiretapping.
This was reported by experts from cyber defense company ESET at the RSA 2020 conference in San Francisco.
The malfunction allows nearby attackers to intercept and decrypt data transmitted over a wireless network.
FullMAC WLAN chips from Cypress and Broadcom turned out to be leaked, which are installed on iPhone, Mac computers, Asus and Huawei routers, Android smartphones, Amazon Echo smart speakers and other equipment, writes Ars Technica.
Data packets transmitted inside a wireless network are usually encrypted with a unique key, which is generated based on the Wifi password.
However, during the disconnection – when the connection is lost or the signal becomes too weak – the Cypress and Broadcom chips reset the value of this key to zeros. According to experts, hackers can force vulnerable devices to disconnect, intercept data packets and decrypt them using a key consisting of zeros.
Most companies, including Google, Apple and Microsoft, have already fixed the vulnerability by releasing patches at the end of last year. “Depending on the type of device, you need to make sure that the latest versions of operating systems and software updates are installed (Android, Apple and Windows; some devices of the Internet of things), but firmware updates (access points, routers and some devices of the Internet of things may also be required),” said the ESET researchers.
This article is written and prepared by our foreign editors writing for OBSERVATORY NEWS from different countries around the world – material edited and published by OBSERVATORY staff in our newsroom.
Contact us: [email protected]