Kr00k Vulnerability Information
The Kr00k vulnerability potentially affects all WiFi-capable devices that use WiFi chips made by Broadcom or Cypress. This includes several Zebra mobile computers and tablets.
The vulnerability exploits a temporary disconnect of the WiFi signal (state transition/disassociation). A malicious actor could force devices into a prolonged disassociated state, receive WiFi packets meant for the attacked device, and then use the Kr00k bug to decrypt WiFi traffic.
Only the following products are affected. Other Zebra mobile devices, handheld devices, barcode scanners and printers are not impacted.
Impacted Zebra Products
Product | Release Date |
TC51/56 Oreo | 5-May |
TC70x/75x Oreo |
5-May |
MC33 Oreo | 11-May |
VC80 Oreo | 11-May |
WT6000 Lollipop |
15-May |
WT6000 Nougat |
8-June |
TC51/56 Nougat |
11-June |
TC70x/75x Nougat |
11-June |
MC33 Nougat | 11-June |
VC80 Nougat | 11-June |
ET50/55 Marshmallow |
July |
Disclaimer: Zebra makes every attempt to release security updates on or about the time that Google releases its respective security bulletin. However, delivery time of security updates may vary depending on the region, product model, and third party software suppliers. Under some circumstances, the OS must be updated to the latest maintenance release prior to installing the security updates. Individual product updates will provide specific guidance.
Unless otherwise noted, there have been no reports of active customer exploitation or abuse from these newly reported issues.
Are you aware of a potential security issue with a Zebra Technologies product?