game da harin (Maɓallin Tattaunawa Na Bluetooth), wanda ke ba ku damar tsara tsangwama da musanya bayanai a cikin rufaffiyar zirga-zirgar Bluetooth. Samun ikon toshe watsa fakiti kai tsaye yayin aiwatar da shawarwari na na'urorin Bluetooth, maharin zai iya cimma amfani da maɓallan da ke ɗauke da 1 byte na entropy kawai don zaman, wanda ke ba da damar yin amfani da hanyar ƙarfi don tantance maɓallin ɓoyewa.
Matsalar tana haifar da lahani (CVE-2019-9506) a cikin ƙayyadaddun Bluetooth BR/EDR Core 5.1 da sigogin farko, waɗanda ke ba da damar amfani da gajerun maɓallan ɓoyewa kuma baya hana maharin tsoma baki a matakin tattaunawar haɗin gwiwa ya faɗi. komawa zuwa irin waɗannan maɓallan da ba za a iya dogaro da su ba (wanda ba shi da tabbas zai iya musanya fakiti). Ana iya kai harin a lokacin da na'urorin ke yin shawarwarin haɗin kai (wanda aka riga aka kafa zaman ba za a iya kai hari ba) kuma yana da tasiri kawai don haɗin kai a cikin BR/EDR (Bluetooth Basic Rate/Ingantattun Rate Data) idan na'urorin biyu suna da rauni. Idan an zaɓi maɓallin cikin nasara, maharin na iya ɓata bayanan da aka watsa kuma, ba tare da sanin wanda aka azabtar ba, ya maye gurbin saƙo na sabani a cikin zirga-zirga.
Lokacin kafa haɗin kai tsakanin masu sarrafa Bluetooth guda biyu A da B, mai sarrafawa A, bayan an tabbatar da su ta amfani da maɓallin hanyar haɗin gwiwa, na iya ba da shawarar yin amfani da bytes na entropy 16 don maɓallin ɓoyewa, kuma mai sarrafa B na iya yarda da wannan ƙimar ko ƙididdige ƙimar ƙasa, a cikin harka idan ba zai yiwu a samar da maɓalli na girman da aka tsara ba. Don amsawa, mai sarrafawa A na iya karɓar shawarar amsawa kuma ya kunna tashar sadarwar rufaffen. A wannan mataki na shawarwarin ma'auni, ba a amfani da ɓoyayyen ɓoyewa, don haka maharin yana da damar ƙulla musayar bayanai tsakanin masu sarrafawa da maye gurbin fakiti tare da girman entropy da aka tsara. Tunda girman maɓalli mai inganci ya bambanta daga 1 zuwa 16 bytes, mai sarrafawa na biyu zai karɓi wannan ƙimar kuma ya aika da tabbacinsa yana nuna girman irin wannan.
Don sake haifar da rauni a cikin yanayin dakin gwaje-gwaje (aikin wanda ya kai harin ya fito a daya daga cikin na'urorin), an ba da shawarar.
don kai hari.
Don kai hari na gaske, mai kai harin dole ne ya kasance a cikin wurin karɓar na'urorin waɗanda abin ya shafa kuma yana da ikon toshe siginar a taƙaice daga kowace na'ura, wanda aka ba da shawarar aiwatar da shi ta hanyar sarrafa sigina ko cunkoso.
Bluetooth SIG, ƙungiyar da ke da alhakin haɓaka ƙa'idodin Bluetooth, daidaita lambar ƙayyadaddun 11838, wanda a cikin abin da matakan toshe raunin da aka ba da shawarar aiwatarwa ta masana'antun (an ƙara girman girman maɓallin ɓoyewa daga 1 zuwa 7). Matsala in daidaitattun ma'auni na Bluetooth da firmware guntu na Bluetooth, gami da samfura Broadcom , , , Qualcomm, Linux, , и (cikin guntu 14 da aka gwada, duk suna da rauni). A cikin Linux kernel Bluetooth stack gyara don ba da damar canza ƙaramin girman maɓallin ɓoyewa.
source: budenet.ru