ESET to highlight KrØØk and Stantinko at Black Hat USA 2020

ESET, will highlight its latest research during Black Hat USA 2020. ESET researchers Robert Lipovský, Štefan Svorenčík and Vladislav Hrčka will present this today, on “KrØØk: Serious Vulnerability Affected Encryption of Billion+ Wi-Fi Devices” and “Stantinko Deobfuscation Arsenal.”

Black Hat is the world’s leading information security event, which is being held completely virtually this year due to the COVID-19 crisis. After the conclusion of the event, ESET will make the findings available to the research community, media and the general public.

The presentation about KrØØk by Robert Lipovský and Štefan Svorenčík will take place on today, August 6, at 12:30 – 1:10 PDT (21:30 – 22:10 CEST). The talk will disclose the most recent discoveries that more Wi-Fi chip manufacturers, specifically Qualcomm and Mediatek, have also been affected by variants of the KrØØk vulnerability.

KrØØk is a vulnerability originally discovered in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic. Exploiting KrØØk allows adversaries to intercept and decrypt (potentially sensitive) data, but with a significant advantage for the attackers: While they need to be in range of the Wi-Fi signal, they do not need to be authenticated and associated to the WLAN. In other words, the attackers do not need to know the Wi-Fi password.

The second talk will aid malware researchers and reverse engineers to analyze Stantinko, a botnet performing click fraud, ad injection, social network fraud, password stealing attacks and cryptomining. The Black Hat Arsenal format will predominantly focus on Stadeo, a set of tools we developed primarily to facilitate the analysis of Stantinko but that can also be helpful when analyzing other malware strains utilizing similar techniques, including the infamous Emotet crimeware. Stadeo will be demonstrated for the first time at Black Hat USA 2020 and subsequently published for free use.

The demo will be provided by ESET researcher Vladislav Hrčka on Thursday, August 6, at 11:00 – 12:00 PDT (20:00 – 21:00 CEST).