A cikin Oktoba 2017, ba zato ba tsammani ya bayyana cewa akwai babban lahani a cikin ka'idar Kariyar Wi-Fi ta II (WPA2) don ɓoye zirga-zirgar Wi-Fi, wanda ke ba da damar bayyana kalmomin shiga na mai amfani sannan kuma sauraron musayar bayanan wanda aka azabtar. An ba wa raunin suna KRACK (gajeren Maɓallin Sake Shigarwa) kuma ƙwararrun Mathy Vanhoef da Eyal Ronen ne suka gano su. Bayan da aka gano raunin KRACK, an rufe shi da gyara firmware don na'urori, kuma ka'idar WPA2, wacce ta maye gurbin WPA3 a bara, yakamata ta manta gaba daya game da matsalolin tsaro a cikin hanyoyin sadarwar Wi-Fi.
Alas, masana guda sun gano babu karancin raunin rauni a cikin WP3 Prorcol. Sabili da haka, ya zama dole a sake jira da fatan sabon firmware don wuraren samun damar mara waya da na'urori, in ba haka ba za ku rayu tare da ilimin raunin gida da cibiyoyin sadarwar Wi-Fi na jama'a. Lalacewar da aka samu a cikin WPA3 ana kiransu tare da Dragonblood.
Tushen matsalar, kamar yadda yake a baya, yana cikin aikin hanyar sadarwa ko, kamar yadda ake kiran su a cikin ma'auni, "musafaha". Wannan tsari a cikin ma'aunin WPA3 ana kiransa Dragonfly (dragonfly). Kafin gano Dragonblood, an dauke shi da kyau. Gabaɗaya, kunshin Dragonblood ya haɗa da bambance-bambancen lahani guda biyar: ƙin sabis, lahani guda biyu tare da raguwar kariyar hanyar sadarwa (raguwa) da lahani biyu tare da kai hari kan tashoshi na gefe (tashar gefe).
Ƙin sabis ba ya haifar da ɗibar bayanai, amma yana iya zama wani abu mara daɗi ga mai amfani wanda ya kasa haɗawa akai-akai zuwa wurin shiga. Ragowar raunin da ya rage yana ba mai hari damar dawo da kalmomin shiga don haɗa mai amfani zuwa wurin shiga da kuma bin diddigin duk wani bayani da ke da mahimmanci ga mai amfani.
Hare-hare na raguwar hanyar sadarwa yana ba ku damar tilasta canzawa zuwa tsohuwar sigar ƙa'idar WPA2 ko zuwa mafi raunin bambance-bambancen ɓoye na WPA3 algorithms, sannan ku ci gaba da hacking ta amfani da sanannun hanyoyin. Hare-haren tashoshi na gefe suna cin gajiyar abubuwan algorithms na WPA3 da aiwatar da su, wanda a ƙarshe kuma yana ba da damar amfani da hanyoyin fasa kalmar sirri da aka sani a baya. Kara karantawa anan. Za'a iya samun kayan aikin rashin lahani na Dragonblood a wannan hanyar haɗin gwiwa.
Ƙungiyar Wi-Fi, wacce ke da alhakin haɓaka ƙa'idodin Wi-Fi, an sanar da ita game da raunin da aka samu. An ba da rahoton cewa masu kera kayan masarufi suna shirya gyare-gyaren firmware don rufe ramukan tsaro da aka gano. Ba a buƙatar sauyawa da dawo da kayan aiki.
source: 3dnews.ru