Skip to content

ESET highlights leading research at Black Hat USA 2020 with KrØØk and Stantinko at center stage

BRATISLAVA – ESET, a global leader in IT security, will highlight its latest research during Black Hat USA 2020. ESET researchers Robert Lipovský, Štefan Svorenčík and Vladislav Hrčka will present this Thursday, August 6, on “KrØØk: Serious Vulnerability Affected Encryption of Billion+ Wi-Fi Devices” and “Stantinko Deobfuscation Arsenal.” Black Hat is the world’s leading information security event, which is being held completely virtually this year due to the COVID-19 crisis. After the conclusion of the event, ESET will make the findings available to the research community, media and the general public.

The presentation about KrØØk by Robert Lipovský and Štefan Svorenčík will take place on Thursday, August 6, at 12:30 – 1:10 PDT (21:30 – 22:10 CEST). The talk will disclose the most recent discoveries that more Wi-Fi chip manufacturers, specifically Qualcomm and Mediatek, have also been affected by variants of the KrØØk vulnerability.

KrØØk is a vulnerability originally discovered in Broadcom and Cypress Wi-Fi chips that allows unauthorized decryption of some WPA2-encrypted traffic. Exploiting KrØØk allows adversaries to intercept and decrypt (potentially sensitive) data, but with a significant advantage for the attackers: While they need to be in range of the Wi-Fi signal, they do not need to be authenticated and associated to the WLAN. In other words, the attackers do not need to know the Wi-Fi password.  
The KrØØk findings were first presented at the RSA Conference 2020 in February. After publication, the vulnerability was brought to the attention of many more chipset and device manufacturers. Some manufacturers have since discovered their products to be vulnerable and have deployed patches. 

The second talk will aid malware researchers and reverse engineers to analyze Stantinko, a botnet performing click fraud, ad injection, social network fraud, password stealing attacks and cryptomining. The Black Hat Arsenal format will predominantly focus on Stadeo, a set of tools we developed primarily to facilitate the analysis of Stantinko but that can also be helpful when analyzing other malware strains utilizing similar techniques, including the infamous Emotet crimeware. Stadeo will be demonstrated for the first time at Black Hat USA 2020 and subsequently published for free use. 

The demo will be provided by ESET researcher Vladislav Hrčka on Thursday, August 6, at 11:00 – 12:00 PDT (20:00 – 21:00 CEST).

For more information, visit Black Hat USA and WeLiveSecurity, where the research will be subsequently published. Make sure to follow ESET research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.