Masu bincike daga Jami'ar California, Riverside, sun ƙirƙiro (PDF) wani sabon nau'in hare-hare akan hanyoyin sadarwa mara waya da ake kira AirSnitch. Waɗannan hare-haren suna bawa mahari damar ketare hanyoyin keɓance hanyar sadarwar Wi-Fi waɗanda ke hana abokan ciniki yin mu'amala kai tsaye da juna. A cikin mafi munin yanayi, waɗannan hare-haren suna bawa mahari damar karkatar da zirga-zirgar wanda abin ya shafa ta hanyar kansu (hare-haren mutum-in-the-middle) don yin nazari ko gyara buƙatun da ba a ɓoye ba, da kuma buƙatun gidan yanar gizo na bogi ta hanyar gubar cache na DNS.
Domin kai hare-hare, dole ne maharin ya iya haɗawa da hanyar sadarwa ta mara waya iri ɗaya da wanda aka azabtar ko kuma zuwa hanyar sadarwa ta baƙo da ke wurin shiga iri ɗaya. Misali, ana iya amfani da hare-hare a kan hanyoyin sadarwa na jama'a marasa waya guda tara. Daga cikin samfuran wuraren shiga mara waya guda tara da aka gwada, gami da waɗanda suka fito daga Netgear, Tenda, D-LINK, TP-LINK, ASUS, Ubiquiti, LANCOM, da Cisco, da kuma na'urorin da ke gudanar da firmware na DD-WRT da OpenWrt, duk na'urori sun kasance masu sauƙin kamuwa da aƙalla hanyar kai hari ɗaya.
An gano matsaloli guda uku da ke ba da damar kai harin. Matsala ta farko tana ba da damar kauce wa keɓewa tsakanin abokan ciniki saboda rashin ingantaccen tsarin sarrafa maɓalli da ake amfani da shi don kare firam ɗin watsa shirye-shirye. Matsala ta biyu ta faru ne saboda gaskiyar cewa keɓewa yawanci ana amfani da shi a matakin MAC ko IP, amma ba duka biyun ba. Matsala ta uku ta faru ne sakamakon rashin ingantaccen daidaitawa na gano abokan ciniki a duk faɗin tarin hanyar sadarwa, wanda ke ba da damar katse zirga-zirgar masu shigowa da masu fita daga wasu abokan ciniki.
Wuraren shiga mara waya na zamani suna haɗa ayyukan mai watsa rediyo da maɓallin hanyar sadarwa (Layer 2 Switch). Ba kamar hanyoyin sadarwa masu waya ba, maɓallin yana amfani da haɗin ma'ana ga tashar mara waya maimakon ɗaure abokin ciniki zuwa tashar jiragen ruwa ta zahiri. Wannan haɗin yana amfani da adireshin MAC na abokin ciniki azaman mai ganowa, wanda ke da alaƙa da tashar a cikin teburin adireshin MAC na musamman. Idan abokin ciniki ya canza zuwa wata tashar daban (misali, daga 2.4 GHz zuwa 5 GHz), bayanan da ke cikin teburin za a sabunta su.
Ana kai harin a matakai na farko (tashar rediyo ta zahiri) da kuma na biyu (hanyar haɗi, adireshin MAC) na tsarin hanyar sadarwa ta OSI. Maharin, wanda aka haɗa shi da wurin shiga iri ɗaya amma yana amfani da wani mita daban da wanda aka azabtar (misali, 2.4 GHz maimakon 5 GHz), yana aika buƙatar haɗi (musayar hannu ta hanyoyi 4) wanda ke ƙayyade adireshin MAC na wanda aka azabtar (kamar yadda ake yin ɓoyayyen ARP a cikin hanyoyin sadarwar Ethernet). Tunda ana gano abokan ciniki ta adireshin MAC, wurin shiga yana ɗauka cewa abokin ciniki ya canza zuwa wani tasha daban kuma ya canza shigarwar a cikin teburin adireshin MAC ɗinsa. Bayan haka, duk zirga-zirgar da ke shigowa daga wurin shiga ana aika su zuwa na'urar maharin.
Don yin katsewar hanya biyu, maharin, bayan ya karɓi bayanai da aka aika wa wanda aka yi wa fashi, zai sake saita teburin adireshin MAC zuwa yanayinsa na asali. Ana cimma wannan ta hanyar aika fakitin "ICMP Ping" tare da adireshin MAC bazuwar da kuma ɓoye fakitin da GTK (Ƙungiyar Maɓallin Lokaci na Ƙungiya), maɓalli da ya saba wa duk abokan cinikin cibiyar sadarwa mara waya. Bayan karɓar wannan fakitin, wurin shiga zai sake haɗa adireshin MAC na wanda aka yi wa fashi zuwa tashar mara waya ta asali. Ana yin kutse ta hanyar yin zamba ta hanyar zamba ta hanyar zagaye da sake saita shigarwar teburin adireshin MAC.
source: budenet.ru
