Masu binciken tsaro daga F-Secure Kofa mai wayo yana kulle KeyWe Smart Lock kuma ya bayyana mai tsanani , wanda ke ba da damar amfani don Ƙananan Makamashi na Bluetooth da Wireshark don hana zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirgar zirga-zirga da ciro maɓalli na sirri daga gare ta da ake amfani da shi don buɗe kulle daga wayar hannu.
Matsalar ta tsananta ta gaskiyar cewa makullai ba sa goyan bayan sabunta firmware kuma za a gyara raunin kawai a cikin sabbin na'urori. Masu amfani da ke da za su iya kawar da matsalar kawai ta hanyar maye gurbin kulle ko dakatar da amfani da wayoyinsu don buɗe kofa. KeyWe yana kulle dillali akan $155 kuma yawanci ana amfani dashi akan ƙofofin zama da na kasuwanci. Baya ga maɓalli na yau da kullun, ana iya buɗe makullin tare da maɓallin lantarki ta hanyar aikace-aikacen hannu akan wayar hannu ko ta amfani da munduwa mai alamar NFC.
Don kare tashar sadarwa ta hanyar da ake watsa umarni daga aikace-aikacen wayar hannu, ana amfani da AES-128-ECB algorithm, amma ana ƙirƙirar maɓallin ɓoyewa bisa maɓallan da za a iya gani guda biyu - maɓalli na gama gari da ƙarin maɓalli mai ƙididdigewa, wanda zai iya zama sauƙi. ƙaddara. Maɓalli na farko an ƙirƙira shi bisa sigogin haɗin Bluetooth kamar adireshin MAC, sunan na'ura da halayen na'ura.
Algorithm don ƙididdige maɓalli na biyu ana iya ƙaddara ta hanyar nazarin aikace-aikacen hannu. Tun da farko an san bayanin don ƙirƙirar maɓallai, ɓoyewa kawai na tsari ne kawai kuma don fashe makullin ya isa a tantance sigogin makullin, kutse zaman buɗe ƙofar kuma cire lambar shiga daga gare ta. Kayan aiki don nazarin tashar sadarwa tare da kulle da ƙayyade maɓallan shiga ku GitHub.
source: budenet.ru