Billions of Devices Open to Wi-Fi Eavesdropping Attacks
A serious vulnerability in Wi-Fi chips manufactured by Broadcom and Cypress has been discovered. The flaw reveals communications from devices from Amazon, Google, Samsung, and others, allowing attackers to eavesdrop on Wi-Fi communications. The bug breaks the WPA2-Personal and WPA-2 Enterprise security protocols as it stems from the use of an all-zero encryption key, which results in data decryption.
Researchers at ESET found that the vulnerable chips are found in smartphones, tablets, and laptops using Broadcom silicon and in IoT devices using Cypress chips that include several generations of products that are widely popular such as the Amazon Echo and Kindle, the Apple iPhone, iPad, and Macbook, the Samsung Galaxy and the Google Nexus. The bug may also be present in access points and routers by Asus and Huawei according to ESET. Researchers have estimated that the bug affects more than a billion devices.