ESET to highlight KrØØk and Stantinko at Black Hat USA 2020

In News

ESET, will highlight its latest research during Black Hat USA 2020. ESET researchers Robert Lipovský, Štefan Svorenčík and Vladislav Hrčka will present this today, on “KrØØk: Serious Vulnerability Affected Encryption of Billion+ Wi-Fi Devices” and “Stantinko Deobfuscation Arsenal.”

Black Hat is the world’s leading information security event, which is being held completely virtually this year due to the COVID-19 crisis. After the conclusion of the event, ESET will make the findings available to the research community, media and the general public.

The presentation about KrØØk by Robert Lipovský and Štefan Svorenčík will take place on today, August 6, at 12:30 – 1:10 PDT (21:30 – 22:10 CEST). The talk will disclose the most recent discoveries that more Wi-Fi chip manufacturers, specifically Qualcomm and Mediatek, have also been affected by variants of the KrØØk vulnerability.

KrØØk is a vulnerability originally discovered in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic. Exploiting KrØØk allows adversaries to intercept and decrypt (potentially sensitive) data, but with a significant advantage for the attackers: While they need to be in range of the Wi-Fi signal, they do not need to be authenticated and associated to the WLAN. In other words, the attackers do not need to know the Wi-Fi password.

The second talk will aid malware researchers and reverse engineers to analyze Stantinko, a botnet performing click fraud, ad injection, social network fraud, password stealing attacks and cryptomining. The Black Hat Arsenal format will predominantly focus on Stadeo, a set of tools we developed primarily to facilitate the analysis of Stantinko but that can also be helpful when analyzing other malware strains utilizing similar techniques, including the infamous Emotet crimeware. Stadeo will be demonstrated for the first time at Black Hat USA 2020 and subsequently published for free use.

The demo will be provided by ESET researcher Vladislav Hrčka on Thursday, August 6, at 11:00 – 12:00 PDT (20:00 – 21:00 CEST).

Comments

You may also read!

Clear strategy and good communication is important

Security is a bit of a mixed bag for companies, now with the entire work from home situation. We

Read More...

ESET to highlight new cyber espionage at VB2020

ESET, today announced that it will highlight its top research for 2020 during the VB2020 localhost conference. This year,

Read More...

MEA Tec announces partnership with renowned Cyber Security vendors

MEA Tec has announced its landmark partnership with nine renowned Cyber Security vendors from the US, Australia, and the

Read More...

Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu