1 00:00:01,100 --> 00:00:04,160 covering the week stop next door it's 2 00:00:04,160 --> 00:00:04,170 covering the week stop next door it's 3 00:00:04,170 --> 00:00:06,579 covering the week stop next door it's like Linux bias cybersecurity 4 00:00:06,579 --> 00:00:06,589 like Linux bias cybersecurity 5 00:00:06,589 --> 00:00:11,470 like Linux bias cybersecurity researchers today uncovered a new highly 6 00:00:11,470 --> 00:00:11,480 researchers today uncovered a new highly 7 00:00:11,480 --> 00:00:15,259 researchers today uncovered a new highly severe Hardware vulnerability residing 8 00:00:15,259 --> 00:00:15,269 severe Hardware vulnerability residing 9 00:00:15,269 --> 00:00:17,029 severe Hardware vulnerability residing in the widely used Wi-Fi chips 10 00:00:17,029 --> 00:00:17,039 in the widely used Wi-Fi chips 11 00:00:17,039 --> 00:00:20,830 in the widely used Wi-Fi chips manufactured by Broadcom and Cypress 12 00:00:20,830 --> 00:00:20,840 manufactured by Broadcom and Cypress 13 00:00:20,840 --> 00:00:24,050 manufactured by Broadcom and Cypress apparently they power over a billion 14 00:00:24,050 --> 00:00:24,060 apparently they power over a billion 15 00:00:24,060 --> 00:00:27,109 apparently they power over a billion devices including smartphones tablets 16 00:00:27,109 --> 00:00:27,119 devices including smartphones tablets 17 00:00:27,119 --> 00:00:31,519 devices including smartphones tablets laptops routers and IOT gadgets dubbed 18 00:00:31,519 --> 00:00:31,529 laptops routers and IOT gadgets dubbed 19 00:00:31,529 --> 00:00:36,950 laptops routers and IOT gadgets dubbed crook kr0 0k the flock had let nearby 20 00:00:36,950 --> 00:00:36,960 crook kr0 0k the flock had let nearby 21 00:00:36,960 --> 00:00:40,100 crook kr0 0k the flock had let nearby remote attackers intercept and decrypt 22 00:00:40,100 --> 00:00:40,110 remote attackers intercept and decrypt 23 00:00:40,110 --> 00:00:43,180 remote attackers intercept and decrypt some wireless network packets 24 00:00:43,180 --> 00:00:43,190 some wireless network packets 25 00:00:43,190 --> 00:00:46,580 some wireless network packets transmitted over the air by a vulnerable 26 00:00:46,580 --> 00:00:46,590 transmitted over the air by a vulnerable 27 00:00:46,590 --> 00:00:50,869 transmitted over the air by a vulnerable device the attacker doesn't need to be 28 00:00:50,869 --> 00:00:50,879 device the attacker doesn't need to be 29 00:00:50,879 --> 00:00:52,700 device the attacker doesn't need to be connected to the victims wireless 30 00:00:52,700 --> 00:00:52,710 connected to the victims wireless 31 00:00:52,710 --> 00:00:55,910 connected to the victims wireless network and the flaw works against 32 00:00:55,910 --> 00:00:55,920 network and the flaw works against 33 00:00:55,920 --> 00:00:59,360 network and the flaw works against vulnerable devices using wpa2 personal 34 00:00:59,360 --> 00:00:59,370 vulnerable devices using wpa2 personal 35 00:00:59,370 --> 00:01:06,190 vulnerable devices using wpa2 personal or wpa2 Enterprise protocols with AES 36 00:01:06,190 --> 00:01:06,200 or wpa2 Enterprise protocols with AES 37 00:01:06,200 --> 00:01:10,700 or wpa2 Enterprise protocols with AES CCMP encryption ESET researchers said 38 00:01:10,700 --> 00:01:10,710 CCMP encryption ESET researchers said 39 00:01:10,710 --> 00:01:13,910 CCMP encryption ESET researchers said quote our tests confirmed some client 40 00:01:13,910 --> 00:01:13,920 quote our tests confirmed some client 41 00:01:13,920 --> 00:01:19,700 quote our tests confirmed some client devices by Amazon echo Kindle Apple the 42 00:01:19,700 --> 00:01:19,710 devices by Amazon echo Kindle Apple the 43 00:01:19,710 --> 00:01:23,840 devices by Amazon echo Kindle Apple the iPhone iPad MacBook Google's Nexus 44 00:01:23,840 --> 00:01:23,850 iPhone iPad MacBook Google's Nexus 45 00:01:23,850 --> 00:01:27,100 iPhone iPad MacBook Google's Nexus device Samsung's Galaxy devices 46 00:01:27,100 --> 00:01:27,110 device Samsung's Galaxy devices 47 00:01:27,110 --> 00:01:32,149 device Samsung's Galaxy devices raspberry PI's PI 3 and show meas read 48 00:01:32,149 --> 00:01:32,159 raspberry PI's PI 3 and show meas read 49 00:01:32,159 --> 00:01:35,480 raspberry PI's PI 3 and show meas read me as well as some access points by a 50 00:01:35,480 --> 00:01:35,490 me as well as some access points by a 51 00:01:35,490 --> 00:01:39,460 me as well as some access points by a soos and Huawei were vulnerable to crook 52 00:01:39,460 --> 00:01:39,470 soos and Huawei were vulnerable to crook 53 00:01:39,470 --> 00:01:42,740 soos and Huawei were vulnerable to crook now the attack relies on the fact that 54 00:01:42,740 --> 00:01:42,750 now the attack relies on the fact that 55 00:01:42,750 --> 00:01:45,020 now the attack relies on the fact that when a device suddenly gets disconnected 56 00:01:45,020 --> 00:01:45,030 when a device suddenly gets disconnected 57 00:01:45,030 --> 00:01:48,160 when a device suddenly gets disconnected from the wireless network the Wi-Fi chip 58 00:01:48,160 --> 00:01:48,170 from the wireless network the Wi-Fi chip 59 00:01:48,170 --> 00:01:51,789 from the wireless network the Wi-Fi chip clears the session key in the memory and 60 00:01:51,789 --> 00:01:51,799 clears the session key in the memory and 61 00:01:51,799 --> 00:01:55,010 clears the session key in the memory and it sets it to zero but see the chip 62 00:01:55,010 --> 00:01:55,020 it sets it to zero but see the chip 63 00:01:55,020 --> 00:01:58,249 it sets it to zero but see the chip inadvertently transmits all data frames 64 00:01:58,249 --> 00:01:58,259 inadvertently transmits all data frames 65 00:01:58,259 --> 00:02:02,389 inadvertently transmits all data frames left in the buffer with an all Z with an 66 00:02:02,389 --> 00:02:02,399 left in the buffer with an all Z with an 67 00:02:02,399 --> 00:02:05,899 left in the buffer with an all Z with an all zero encryption key even after the 68 00:02:05,899 --> 00:02:05,909 all zero encryption key even after the 69 00:02:05,909 --> 00:02:09,139 all zero encryption key even after the disassociation so it's actually pushing 70 00:02:09,139 --> 00:02:09,149 disassociation so it's actually pushing 71 00:02:09,149 --> 00:02:13,620 disassociation so it's actually pushing out that data without encryption 72 00:02:13,620 --> 00:02:13,630 73 00:02:13,630 --> 00:02:16,780 so therefore of course an attacker in a 74 00:02:16,780 --> 00:02:16,790 so therefore of course an attacker in a 75 00:02:16,790 --> 00:02:19,480 so therefore of course an attacker in a near proximity to vulnerable devices can 76 00:02:19,480 --> 00:02:19,490 near proximity to vulnerable devices can 77 00:02:19,490 --> 00:02:22,660 near proximity to vulnerable devices can use the flaw to repeat a repeatedly 78 00:02:22,660 --> 00:02:22,670 use the flaw to repeat a repeatedly 79 00:02:22,670 --> 00:02:25,920 use the flaw to repeat a repeatedly trigger disassociation by sending D 80 00:02:25,920 --> 00:02:25,930 trigger disassociation by sending D 81 00:02:25,930 --> 00:02:29,230 trigger disassociation by sending D authentication packets over-the-air to 82 00:02:29,230 --> 00:02:29,240 authentication packets over-the-air to 83 00:02:29,240 --> 00:02:31,360 authentication packets over-the-air to capture more data frames quote 84 00:02:31,360 --> 00:02:31,370 capture more data frames quote 85 00:02:31,370 --> 00:02:33,840 capture more data frames quote potentially containing sensitive data 86 00:02:33,840 --> 00:02:33,850 potentially containing sensitive data 87 00:02:33,850 --> 00:02:40,410 potentially containing sensitive data including DNS ARP ICMP HTTP TCP and TLS 88 00:02:40,410 --> 00:02:40,420 including DNS ARP ICMP HTTP TCP and TLS 89 00:02:40,420 --> 00:02:42,970 including DNS ARP ICMP HTTP TCP and TLS packets basically it's like a 90 00:02:42,970 --> 00:02:42,980 packets basically it's like a 91 00:02:42,980 --> 00:02:45,280 packets basically it's like a man-in-the-middle without actually 92 00:02:45,280 --> 00:02:45,290 man-in-the-middle without actually 93 00:02:45,290 --> 00:02:47,970 man-in-the-middle without actually having to be in the middle 94 00:02:47,970 --> 00:02:47,980 having to be in the middle 95 00:02:47,980 --> 00:02:51,340 having to be in the middle besides this since the flaw also affects 96 00:02:51,340 --> 00:02:51,350 besides this since the flaw also affects 97 00:02:51,350 --> 00:02:55,300 besides this since the flaw also affects chips embedded into wireless routers the 98 00:02:55,300 --> 00:02:55,310 chips embedded into wireless routers the 99 00:02:55,310 --> 00:02:57,100 chips embedded into wireless routers the issue also makes it possible for 100 00:02:57,100 --> 00:02:57,110 issue also makes it possible for 101 00:02:57,110 --> 00:02:59,170 issue also makes it possible for attackers to intercept and decrypt 102 00:02:59,170 --> 00:02:59,180 attackers to intercept and decrypt 103 00:02:59,180 --> 00:03:01,210 attackers to intercept and decrypt network traffic transmitted from 104 00:03:01,210 --> 00:03:01,220 network traffic transmitted from 105 00:03:01,220 --> 00:03:03,040 network traffic transmitted from connected devices that are not 106 00:03:03,040 --> 00:03:03,050 connected devices that are not 107 00:03:03,050 --> 00:03:06,100 connected devices that are not vulnerable to crook either attached or 108 00:03:06,100 --> 00:03:06,110 vulnerable to crook either attached or 109 00:03:06,110 --> 00:03:09,670 vulnerable to crook either attached or using different Wi-Fi chips so consider 110 00:03:09,670 --> 00:03:09,680 using different Wi-Fi chips so consider 111 00:03:09,680 --> 00:03:12,130 using different Wi-Fi chips so consider that if you are connecting to a Wi-Fi 112 00:03:12,130 --> 00:03:12,140 that if you are connecting to a Wi-Fi 113 00:03:12,140 --> 00:03:16,720 that if you are connecting to a Wi-Fi hotspot whose hotspot is vulnerable you 114 00:03:16,720 --> 00:03:16,730 hotspot whose hotspot is vulnerable you 115 00:03:16,730 --> 00:03:19,830 hotspot whose hotspot is vulnerable you are susceptible to crook 116 00:03:19,830 --> 00:03:19,840 are susceptible to crook 117 00:03:19,840 --> 00:03:22,509 are susceptible to crook Apple has already released patches for 118 00:03:22,509 --> 00:03:22,519 Apple has already released patches for 119 00:03:22,519 --> 00:03:24,640 Apple has already released patches for its users some should have issued 120 00:03:24,640 --> 00:03:24,650 its users some should have issued 121 00:03:24,650 --> 00:03:27,970 its users some should have issued advisories or security patches at the 122 00:03:27,970 --> 00:03:27,980 advisories or security patches at the 123 00:03:27,980 --> 00:03:30,550 advisories or security patches at the time of the publication and other 124 00:03:30,550 --> 00:03:30,560 time of the publication and other 125 00:03:30,560 --> 00:03:32,320 time of the publication and other vendors are still testing the issue 126 00:03:32,320 --> 00:03:32,330 vendors are still testing the issue 127 00:03:32,330 --> 00:03:35,050 vendors are still testing the issue against their devices watch for patch 128 00:03:35,050 --> 00:03:35,060 against their devices watch for patch 129 00:03:35,060 --> 00:03:39,250 against their devices watch for patch for patches to mitigate this problem via 130 00:03:39,250 --> 00:03:39,260 for patches to mitigate this problem via 131 00:03:39,260 --> 00:03:42,820 for patches to mitigate this problem via software or firmware updates for your 132 00:03:42,820 --> 00:03:42,830 software or firmware updates for your 133 00:03:42,830 --> 00:03:51,190 software or firmware updates for your device 134 00:03:51,190 --> 00:03:51,200 135 00:03:51,200 --> 00:03:54,240 [Music]