Ko da yake har yanzu ba a aiwatar da sabon ma'auni na WPA3 ba, kurakuran tsaro a cikin wannan ka'ida suna bawa maharan damar yin hacking na kalmomin shiga na Wi-Fi.
An ƙaddamar da Samun Kariyar Wi-Fi III (WPA3) a ƙoƙarin magance gazawar fasaha na WPA2, wanda aka daɗe ana ɗaukar rashin tsaro kuma yana da rauni ga KRACK (Key Reinstallation Attack). Duk da cewa WPA3 ya dogara da amintaccen musafaha da aka fi sani da Dragonfly, wanda ke da nufin kare hanyoyin sadarwar Wi-Fi daga hare-haren ƙamus na kan layi (ƙarfin banza), masu binciken tsaro Mathy Vanhoef da Eyal Ronen sun sami rauni a farkon aiwatar da WPA3-Personal wanda zai iya ba da izini. maharin don dawo da kalmomin shiga na Wi-Fi ta hanyar cin zarafin lokaci ko cache gefe.
"Masu hari na iya karanta bayanan da ya kamata WPA3 ta rufa masa asiri. Ana iya amfani da wannan don satar bayanai masu mahimmanci kamar lambobin katin kiredit, kalmomin sirri, saƙonnin taɗi, imel, da sauransu."
An buga yau , wanda ake kira DragonBlood, masu binciken sun yi nazari sosai kan nau'ikan nau'ikan ƙira guda biyu a cikin WPA3: na farko yana haifar da raguwar hare-hare, kuma na biyu yana haifar da leaks na cache gefe.
Harin tashar gefe na tushen cache
Algorithm ɗin kalmar sirri na Dragonfly, wanda kuma aka sani da farauta da pecking algorithm, ya ƙunshi rassa na sharadi. Idan mai kai hari zai iya tantance ko wane reshe ne na reshen idan-to-sai-can ya ɗauki, zai iya gano ko an sami ɓangaren kalmar sirri a cikin ƙayyadaddun yanayin wannan algorithm. A aikace, an gano cewa idan mai kai hari zai iya gudanar da lambar da ba ta da gata a kan kwamfutar da aka azabtar, yana yiwuwa a yi amfani da hare-haren da aka yi amfani da su don tantance ko wane reshe ne aka yi ƙoƙari a farkon ƙaddamar da algorithm na samar da kalmar sirri. Ana iya amfani da wannan bayanin don aiwatar da harin raba kalmar sirri (wannan yayi kama da harin ƙamus na layi).
Ana bin wannan raunin ta amfani da CVE-2019-9494.
Kariyar ta ƙunshi maye gurbin rassan sharadi waɗanda suka dogara da ƙimar sirri tare da abubuwan amfani na zaɓi na lokaci-lokaci. Dole ne kuma aiwatarwa suyi amfani da lissafi tare da m lokaci.
harin gefen tashar tashar aiki tare
Lokacin da musafaha Dragonfly yayi amfani da wasu rukunoni masu yawa, kalmar sirri da ke ɓoye algorithm ɗin tana amfani da adadin yawan maimaitawa don ɓoye kalmar sirri. Madaidaicin adadin maimaitawa ya dogara da kalmar wucewa da aka yi amfani da ita da adireshin MAC na wurin samun dama da abokin ciniki. Mai hari zai iya yin harin lokaci mai nisa a kan kalmar sirri da ke ɓoye algorithm don tantance yawan maimaitawar da ya ɗauka don ɓoye kalmar sirri. Ana iya amfani da bayanan da aka gano don yin harin kalmar sirri, wanda yayi kama da harin ƙamus na layi.
Don hana harin lokaci, masu aiwatarwa yakamata su kashe ƙungiyoyi masu yawa masu rauni. Daga mahangar fasaha, ƙungiyoyin MODP 22, 23 da 24 yakamata a kashe su. Hakanan ana ba da shawarar a kashe ƙungiyoyin MODP 1, 2 da 5.
Hakanan ana bin wannan raunin ta amfani da CVE-2019-9494 saboda kamanceceniya da aiwatar da harin.
Farashin WPA3
Tun lokacin da biliyoyin na'urori ke amfani da ƙa'idar WPA15 mai shekaru 2, ɗaukar WPA3 da yawa ba zai faru cikin dare ɗaya ba. Don tallafawa tsofaffin na'urori, na'urorin da aka tabbatar da WPA3 suna ba da "yanayin aiki na wucin gadi" wanda za'a iya saita shi don karɓar haɗin kai ta amfani da WPA3-SAE da WPA2.
Masu binciken sun yi imanin cewa yanayin wucin gadi yana da rauni ga raguwar hare-hare, wanda maharan za su iya amfani da su don ƙirƙirar wurin shiga damfara wanda kawai ke goyan bayan WPA2, tilasta na'urorin da ke kunna WPA3 don haɗawa ta hanyar amfani da musafaha na WPA2 mara tsaro.
"Mun kuma gano wani harin da aka yi wa SAE (Saitunan Tabbatar da Takwarorinsu na lokaci ɗaya, wanda aka fi sani da Dragonfly) da kanta, inda za mu iya tilasta na'urar ta yi amfani da lanƙwasa mai rauni fiye da na al'ada," in ji masu binciken.
Bugu da ƙari, matsayi na mutum-a-tsakiyar ba a buƙata don kai harin rage girman kai. Madadin haka, maharan kawai suna buƙatar sanin SSID na hanyar sadarwar WPA3-SAE.
Masu binciken sun ba da rahoton binciken nasu ga Wi-Fi Alliance, wata kungiya mai zaman kanta wacce ke ba da tabbacin ka'idodin WiFi da samfuran Wi-Fi don bin ka'idodin, wanda ya yarda da matsalolin kuma yana aiki tare da masu siyarwa don gyara na'urorin da aka tabbatar da WPA3.
PoC (404 a lokacin bugawa)
A matsayin hujja na ra'ayi, nan da nan masu binciken za su saki kayan aikin guda huɗu masu zuwa (a cikin ma'ajin GitHub da ke ƙasa) waɗanda za a iya amfani da su don gwada raunin da ya faru.
kayan aiki ne wanda zai iya gwada har zuwa lokacin da wurin shiga ke da rauni ga harin musafaha na WPA3 Dragonfly Dos.
- Kayan aikin gwaji don aiwatar da hare-hare na lokaci akan musafin Dragonfly.
kayan aiki ne na gwaji wanda ke samun bayanan dawowa daga harin lokaci kuma yana yin harin kalmar sirri.
- kayan aiki da ke kai hare-hare akan EAP-pwd.
Gidan yanar gizon aikin -
source: www.habr.com