Kr00k Vulnerability Information | Zebra

Kr00k Vulnerability Information

The Kr00k vulnerability potentially affects all WiFi-capable devices that use WiFi chips made by Broadcom or Cypress. This includes several Zebra mobile computers and tablets. 

The vulnerability exploits a temporary disconnect of the WiFi signal (state transition/disassociation). A malicious actor could force devices into a prolonged disassociated state, receive WiFi packets meant for the attacked device, and then use the Kr00k bug to decrypt WiFi traffic.

Only the following products are affected. Other Zebra mobile devices, handheld devices, barcode scanners and printers are not impacted.

Impacted Zebra Products

 

Product Release Date
TC51/56 Oreo 5-May
TC70x/75x Oreo
5-May
MC33 Oreo  11-May
VC80 Oreo 11-May
WT6000 Lollipop
15-May
WT6000 Nougat
8-June
TC51/56 Nougat
11-June
TC70x/75x Nougat
11-June
MC33 Nougat 11-June
VC80 Nougat 11-June
ET50/55 Marshmallow
July

Disclaimer: Zebra makes every attempt to release security updates on or about the time that Google releases its respective security bulletin. However, delivery time of security updates may vary depending on the region, product model, and third party software suppliers. Under some circumstances, the OS must be updated to the latest maintenance release prior to installing the security updates. Individual product updates will provide specific guidance.

Unless otherwise noted, there have been no reports of active customer exploitation or abuse from these newly reported issues.



Are you aware of a potential security issue with a Zebra Technologies product?