Billions of devices were exposed by a flaw affecting chips that power popular Wi-Fi routers.
According to researchers from ESET, a cyber security company based on Slovakia, the flaw was discovered in chips from Cypress Semiconductor and Broadcom and affected some of the most popular devices on the planet, including four generations of iPhone, one generation of Macbook and two generations of Amazon Echo.
Affected routers were made by two major purveyors of wireless technology, Asus and Huawei.
A patch has already been issued, but researchers, who publicly revealed the flaw for the first time at a security conference this week, say it exposed data being transmitted from a device over at-home and enterprise networks.
Specifically, the exploit, dubbed KrØØk allowed hackers to tinker with the encryption of data communicated between a device and the router, causing it to change from a random string of characters to all zeroes and effectively rending the encryption useless.
This decrypts witless 'packets' which are essentially shipments of data from a device to a router that are broken up into smaller parts and then reassembled at their destination. Those packets could contain anything from an email to an IP address and more.
'This results in scenarios where client devices that are unaffected (either patched or using different Wi-Fi chips not vulnerable to Kr00k) can be connected to an access point (often times beyond an individual’s control) that is vulnerable,' researchers wrote in a research paper.
'The attack surface is greatly increased, since an adversary can decrypt data that was transmitted by a vulnerable access point to a specific client (which may or may not be vulnerable itself).'
Researchers say that the vulnerability is related to a previously discovered vulnerability called KRACK (key re installation attacks) that affected routers using the WPA 2 protocol - a system used by many home consumer electronics for accessing the internet.
They say that KRØØk is likely to be one of the root causes of the KRACK flaw.
Though most companies have already issued a patch for the vulnerability which should have been downloaded automatically, researchers say that anyone worried about the security of their networks can make sure all of their hardware is safe by downloading the latest software update.
© Associated Newspapers Ltd.