Kr00k might be reason behind disconnecting... connecting...

Have you just noticed a series of connect and disconnects with your wifi? Well your might be under kr00k attack. And someone might be stealing your data, which might be something really confidential.

"Wait what? I am connected over WPA2. Its safe without any doubt."

If you also have same thought, then rethink. Because its not always when software have vulnerability, but sometimes hardwares also do.

"Okay tell me what the heck is kr00k?"

Before that, let's recall, how you connect over wifi.

Say you connect via very popular WPA2 protocol. There happens a 4 way handshake between your device and wifi router, to exchange the keys (Temporal or session key, a AES-CCMP encryption key) for encryption of frames, which are stored on wifi chips.

So here the device is associated with access point (or router). And this is called association. And yes opposite of that, when device is not longer want to be in connection with wifi, then process is called dis-association. And also when device reconnects, its called re-association

The problem is that the specific association and dis-association happens over unauthenticated and unencrypted frames.

Here comes the problem with unauthenticated and unencrypted frames.

The attacker can send some dis-association frames that will make device to start dis-association. And the Temporal key will switch to all zeros.

Since that is all zeros, that means those are constant and effectively unecrypted.

Now whats actual problem. Well this all zero key is used to encrypt all the remaining data is flushed to transmit buffer of wifi. Which can be upto 32KB.

Here attacker might sit in between router and device to capture all the "unencrypted" data. And guess what attacker will try to re-associate once again with router (again since its unauthenticated), and will do dis-associate again so that next buffer also becomes unencrypted.

So after a series of dis-associations and re-associations, the attacker has stack of all the data "unencrypted".

and that's what kr00k attack is.

Little more info

Kr00k has double zeros (0) in it, as the vulnerability is based on an all-zero encryption key to encrypt part of data.

It is marked serious vulnerability CVE-2019-15126.

This vulnerability is found in billions, if not trillions, of wifi devices (including mobile, IoT, laptops, etc) across globe, that uses either Broadcom or Cypress wifi chips.

Kr00k is more or less similar to KRACK (Key re-installation attacks)

Google about these terms to find out more.

What's the solution?

As guessed, wifi chips need to be upgraded / patched.

How can i be safe untill then?

Use only https. With https your end device and the service is end-to-end encrypted via TLS. So attacker will recieve an encrypted data with session keys shared by your client and end service.

By the way, more safe solution would be to use VPN.