KrØØk Vulnerability, Unpatched Vacuum Cleaners, And Other Security Issues Discussed At RSA Conference 2020

  • The KrØØk vulnerability affects billions of smartphones, laptops, tablets, and other WiFi-capable devices.
  • The Ironpie M6 smart vacuum cleaner provided by Trifo is vulnerable to six flaws.

The much-talked-about RSA Conference 2020 is on its last legs. The event which started on February 24, 2020, saw the who’s who of the cybersecurity world come together to reshape the dialogue on security issues.

Apart from showcasing the latest developments in the cybersecurity world, the conference also threw light on some serious security lapses in several electronic devices. Following are some of the security flaws that were discussed by researchers at RSA Conference 2020.

KrØØk bug
Discovered and presented publicly for the first time at the RSA 2020 conference by researchers from ESET, the KrØØk vulnerability affects billions of smartphones, laptops, tablets, and other WiFi-capable devices that use WiFi chips designed by Broadcom and Cypress.

The flaw is related to KRACK (Key Reinstallation Attacks), discovered in 2017. The serious flaw is assigned CVE-2019-15126 and can allow an adversary to decrypt some wireless network packets transmitted by a vulnerable device. It affects both WPA2-Personal and WPA2-Enterprise protocols, with AES-CCMP encryption.

During the tests, the researchers found that some client devices by Amazon (Echo, Kindle), Apple (iPhone, iPad, MacBook), Google (Nexus), Samsung (Galaxy), Raspberry (Pi 3), Xiaomi (RedMi), as well as some access points by Asus and Huawei are vulnerable to KrØØk.

ESET researchers revealed that they had responsibly disclosed the bug to Broadcom and Cypress. Following this, the Wi-Fi chips manufacturers had released fixes for the issue. Users are now required to update their devices in order to ensure that communications from their Wi-Fi devices can’t be easily hacked and eavesdropped upon.

Hackable iBaby Monitor M6S camera
The widely used iBaby Monitor M6S camera is riddled with several security issues that can allow hackers to grab any saved pics or videos, view live video and even capture personal information.

The discovery is the result of an ongoing partnership between PCMag and the Bitdefender. iBaby’s developers were also reported about the issue in May 2019. However, the flaw still remains unpatched. With no response from iBaby, the research is now public and the same was presented during the RSA conference in SanFrancisco.

Vulnerable smart vacuum cleaner
A research performed by the Checkmarx Security Research Team found that the Ironpie M6 smart vacuum cleaner provided by Trifo is vulnerable to six flaws. In addition to these, the research also identified bad coding practices by Trifo.

The most severe vulnerability exists in Trifo’s Android app, called Trifo Home. The flaw has a score of 8.5 on the CVSS 3.0 scale. The other vulnerabilities include MQTT Insecure Encryption, RTMP Remote Video Access, Ironpie Local Video Access, and Vacuum Denial of Service. As far as the Checkmarx Research Team knows, the vulnerabilities still exist in the Trifo Ironpie ecosystem.