On Thursday, February 27, 2020, at the RSA Security conference in San Francisco, it was revealed that a new vulnerability, called Kr00k, could potentially affect devices with Wi-Fi chips manufactured by Broadcom and Cypress. It is believed these Wi-Fi chips are in use on many laptops, smartphones, and IoT devices.
Please note: this vulnerability has a rating of ‘Low’ in the CVSS rating scale.
Kr00k Vulnerability Details
Specifics pertaining to this Wi-Fi Kr00k vulnerability can be found on the U.S. Department of Commerce's National Institute of Standards and Technology's National Vulnerability Database, which includes references to advisories, solutions, and tools.
Ayla Networks’ device security team has analyzed the report and conducted an internal investigation. Our findings reveal that our customer's data is not vulnerable because the Ayla platform provides an additional layer of end-to-end security. Ayla independently authenticates devices and encrypts data between our device agents, the Ayla cloud service, and local mobile apps that access the device. Consequently, we do not rely on the Wi-Fi network itself to provide any level of security.
By connecting to Ayla's IoT platform, devices with the reported chips are protected against the Kr00k vulnerability regarding access to the device and security of customer data. In the event that Broadcom and/or Cypress release a patch or security update, Ayla will provide updated code by request.