Through this security hole, hackers can actually spy on encrypted transmitted information or even inject their own data packages.
According to researchers from the security company eset, the new security hole called "kr00k" is in WLAN chips made by broadcom and cypress. Billions of devices worldwide are affected, including products from amazon (echo, kindle), apple (iphone, ipad, macbook), google (nexus), samsung (galaxy), raspberry (pi 3) and xiaomi (redmi) as well as WLAN routers from asus and huawei. However, the error can be corrected by software updates.
A spokesman for eset stressed that the security breach had been reported to the chip manufacturers, who had already released patches. "Numerous manufacturers have already published updates for affected devices. All owners should immediately update their devices if this was not done automatically."
The first indications of the basic problem were discovered a year ago, when a vulnerability was found in amazon's smart speaker echo, which is equipped with a WLAN chip from cypress. Later, the gap was also detected in broadcom's processors. The two manufacturers had begun to close the loopholes with security updates in the fourth quarter of 2019. However, researchers assume that millions of devices are still in operation without a security patch.