ProHoster > Блог > labaran intanet > FragAttacks - jerin lahani a cikin matakan Wi-Fi da aiwatarwa

FragAttacks - jerin lahani a cikin matakan Wi-Fi da aiwatarwa

Mathy Vanhoef, marubucin harin KRACK a kan cibiyoyin sadarwa mara waya, ya bayyana bayanai game da lahani 12 da ke shafar na'urorin mara waya daban-daban. An gabatar da matsalolin da aka gano a ƙarƙashin lambar sunan FragAttacks kuma suna rufe kusan dukkanin katunan mara waya da wuraren samun damar amfani da su - daga cikin na'urori 75 da aka gwada, kowannensu yana da sauƙi ga aƙalla ɗaya daga cikin hanyoyin kai hari.

Matsalolin sun kasu kashi biyu: an gano raunin 3 kai tsaye a cikin ma'aunin Wi-Fi kuma sun rufe duk na'urorin da ke goyan bayan ka'idojin IEEE 802.11 na yanzu (an gano matsalolin tun 1997). Rashin lahani 9 yana da alaƙa da kurakurai da lahani a cikin takamaiman aiwatar da tari mara waya. Babban haɗari yana wakilta ta kashi na biyu, tun da shirya hare-hare akan rashi a cikin ma'auni yana buƙatar kasancewar takamaiman saitunan ko aiwatar da wasu ayyuka ta wanda aka azabtar. Duk rashin lahani yana faruwa ba tare da la’akari da ka’idojin da ake amfani da su don tabbatar da tsaron Wi-Fi ba, gami da lokacin amfani da WPA3.

Yawancin hanyoyin kai hari da aka gano suna ba wa maharin damar musanya firam ɗin L2 a cikin hanyar sadarwa mai kariya, wanda ke ba da damar shiga cikin zirga-zirgar wanda aka azabtar. Mafi haƙiƙanin yanayin harin shine ɓarna martanin DNS don jagorantar mai amfani zuwa ga mai harin maharin. Ana kuma ba da misali na yin amfani da rashin lahani don ƙetare mai fassarar adireshi akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa da tsara hanyar shiga kai tsaye zuwa na'ura akan hanyar sadarwa ta gida ko watsi da hani na Firewall. Sashi na biyu na rashin ƙarfi, wanda ke da alaƙa da sarrafa firam ɗin rarrabuwa, yana ba da damar fitar da bayanai game da zirga-zirgar ababen hawa a kan hanyar sadarwa mara waya da kuma satar bayanan mai amfani da aka watsa ba tare da ɓoyewa ba.

Mai binciken ya shirya zanga-zangar da ke nuna yadda za a iya amfani da rashin lahani wajen toshe kalmar sirri da ake yadawa yayin shiga wani shafi ta HTTP ba tare da boye-boye ba.Haka zalika ya nuna yadda ake kai hari kan soket mai wayo da aka sarrafa ta hanyar Wi-Fi da amfani da shi a matsayin allo don ci gaba da kai harin. akan na'urorin da ba a sabunta su ba akan hanyar sadarwar gida waɗanda ke da raunin da ba a daidaita su ba (misali, yana yiwuwa a kai hari kan kwamfutar da ba a sabunta ba tare da Windows 7 akan hanyar sadarwa ta ciki ta hanyar NAT traversal).

Don yin amfani da lahani, dole ne maharin ya kasance tsakanin kewayon na'urar mara waya da aka yi niyya don aika saƙon firam na musamman ga wanda abin ya shafa. Matsalolin sun shafi duka na'urorin abokin ciniki da katunan mara waya, da wuraren samun damar shiga da masu amfani da hanyar Wi-Fi. Gabaɗaya, yin amfani da HTTPS a haɗe tare da ɓoyayyen zirga-zirgar DNS ta amfani da DNS akan TLS ko DNS akan HTTPS ya wadatar azaman mafita. Amfani da VPN kuma ya dace da kariya.

Mafi haɗari sune lahani guda huɗu a cikin aiwatar da na'urorin mara waya, waɗanda ke ba da damar hanyoyin da ba su da tushe don cimma maye gurbin firam ɗin su da ba a ɓoye su:

  • Lalacewar CVE-2020-26140 da CVE-2020-26143 suna ba da izinin yin firam akan wasu wuraren samun dama da katunan mara waya akan Linux, Windows, da FreeBSD.
  • Rashin lahani VE-2020-26145 yana ba da damar sarrafa gutsuttsuran ɓoyayyiyar watsa shirye-shirye azaman cikakkun firam akan macOS, iOS da FreeBSD da NetBSD.
  • Rashin lahani CVE-2020-26144 yana ba da damar sarrafa firam ɗin A-MSDU waɗanda ba a haɗa su ba tare da EtherType EAPOL a cikin Huawei Y6, Nexus 5X, FreeBSD da LANCOM AP.

Sauran lahani a cikin aiwatarwa suna da alaƙa da matsalolin da ake fuskanta lokacin sarrafa firam ɗin da aka rarrabuwa:

  • CVE-2020-26139: Yana ba da damar sake jujjuya firam ɗin tare da tutar EAPOL wanda mai aikawa mara inganci ya aiko (yana shafar amintattun wuraren samun damar 2/4, da kuma tushen tushen NetBSD da FreeBSD).
  • Cve-2020-26146: Yana ba da damar sake shigar da gutsuttsarin ɓoyewar ɓoyayyiyar ƙasa ba tare da bincika lambar lambar tsari ba.
  • Cve-2020: Bada izinin sake ganowa a cikin gauraye da ba a daɗe ba.
  • CVE-2020-26142: Yana ba da damar rarrabuwar kawuna don a kula da su azaman cikakkun firam (yana shafar OpenBSD da ESP12-F module mara waya).
  • CVE-2020-26141: TKIP MIC rajistan shiga ya ɓace don ɓangarorin firam.

Batutuwa Takaice:

  • CVE-2020-24588 - kai hari kan firam ɗin da aka tara (tutar "an tara" ba ta da kariya kuma ana iya maye gurbin ta da mai hari a cikin firam ɗin A-MSDU a cikin WPA, WPA2, WPA3 da WEP). Misalin harin da aka yi amfani da shi shine tura mai amfani zuwa uwar garken DNS mara kyau ko ta hanyar NAT.
    FragAttacks - jerin lahani a cikin matakan Wi-Fi da aiwatarwa
  • CVE-2020-245870 shine babban harin haɗakarwa (ba da izinin ɓoyayyen ɓoyayyen ɓoyayyen ta amfani da maɓalli daban-daban a cikin WPA, WPA2, WPA3 da WEP don sake haɗuwa). Harin yana ba ku damar tantance bayanan da abokin ciniki ya aiko, alal misali, tantance abubuwan da ke cikin kuki lokacin shiga kan HTTP.
    FragAttacks - jerin lahani a cikin matakan Wi-Fi da aiwatarwa
  • CVE-2020-24586 hari ne akan ma'ajin juzu'i (ma'auni da ke rufe WPA, WPA2, WPA3 da WEP baya buƙatar cire ɓangarorin da aka riga aka shigar a cikin cache bayan sabon haɗin yanar gizo). Yana ba ku damar tantance bayanan da abokin ciniki ya aiko da kuma musanya bayanan ku.
    FragAttacks - jerin lahani a cikin matakan Wi-Fi da aiwatarwa

Don gwada matakin raunin na'urorin ku zuwa matsaloli, an shirya kayan aiki na musamman da kuma shirye-shiryen Live hoto don ƙirƙirar kebul na USB mai bootable. A Linux, matsaloli suna bayyana a cikin mac80211 raga mara igiyar waya, kowane direba mara waya, da firmware da aka ɗora akan katunan mara waya. Don kawar da raunin da ya faru, an ba da shawarar saitin faci waɗanda ke rufe tarin mac80211 da direbobin ath10k/ath11k. Wasu na'urori, kamar katunan mara waya na Intel, suna buƙatar ƙarin sabuntawar firmware.

Gwajin na'urori na yau da kullun:

FragAttacks - jerin lahani a cikin matakan Wi-Fi da aiwatarwa

Gwajin katunan mara waya a cikin Linux da Windows:

FragAttacks - jerin lahani a cikin matakan Wi-Fi da aiwatarwa

Gwajin katunan mara waya a cikin FreeBSD da NetBSD:

FragAttacks - jerin lahani a cikin matakan Wi-Fi da aiwatarwa

An sanar da masana'antun matsalolin watanni 9 da suka wuce. Irin wannan dogon lokacin takunkumi an bayyana shi ta hanyar haɗin gwiwar shirye-shiryen sabuntawa da jinkiri a cikin shirye-shiryen canje-canje ga ƙayyadaddun bayanai na ƙungiyoyin ICASI da Wi-Fi Alliance. Da farko an shirya bayyana bayanan ne a ranar 9 ga Maris, amma bayan kwatanta kasadar, an yanke shawarar dage bugawa na wasu watanni biyu domin a ba da karin lokaci don shirya faci, la'akari da yanayin sauye-sauyen da ba karamin abu ba. ana yi da kuma matsalolin da ke tasowa saboda cutar ta COVID-19.

Abin lura ne cewa duk da takunkumin, Microsoft ya gyara wasu lahani a gaban jadawalin a cikin sabuntawar Windows na Maris. An dage bayyanar da bayanan mako guda kafin ranar da aka tsara asali kuma Microsoft ba ta da lokaci ko kuma ba ta son yin canje-canje ga sabuntawar da aka shirya don bugawa, wanda ya haifar da barazana ga masu amfani da wasu tsarin, tunda maharan na iya samun bayanai game da su. rauni ta hanyar injiniyan juzu'i da abubuwan da ke cikin sabuntawa.

source: budenet.ru

Add a comment