An gano wata lahani a dandalin Android (CVE-2022-20465) wanda ke ba da damar kashe makullin allo ta hanyar musanya katin SIM da shigar da lambar PUK. An nuna ikon kashe makullin akan na'urorin Google Pixel, amma tunda gyaran ya shafi babban lambar lambar Android, yana yiwuwa matsalar kuma ta shafi firmware daga wasu masana'anta. An magance matsalar a cikin Tsarin Tsaro na Android na Nuwamba. Mai binciken da ya ja hankali kan matsalar ya samu kyautar dala 70 daga Google.
Matsalar tana faruwa ne ta hanyar sarrafa buɗewa mara daidai bayan shigar da lambar PUK (Personal Unblocking Key) wacce ake amfani da ita don sake kunna katin SIM ɗin da aka kulle bayan shigar da PIN na kuskure da yawa. Don musaki makullin allo, duk abin da kuke buƙatar yi shine saka katin SIM ɗin ku a cikin wayarku, wanda ke da kariyar tushen PIN. Bayan canza katin SIM mai kariyar PIN, ana fara nuna buƙatun lambar PIN akan allon. Idan an shigar da lambar ba daidai ba sau uku, za a toshe katin SIM ɗin, bayan haka za a ba ku damar shigar da lambar PUK don buɗe shi. Ya bayyana cewa shigar da daidai na lambar PUK ba kawai buɗe katin SIM ba ne, amma yana kaiwa ga sauyawa zuwa babban dubawa ta hanyar ketare mai adana allo, ba tare da tabbatar da samun dama ta amfani da babban kalmar sirri ko tsari ba.
Rashin lahani yana faruwa ne ta hanyar kuskure a cikin dabaru don duba lambobin PUK a cikin mai kula da KeyguardSimPukViewController, wanda ke da alhakin nuna ƙarin allon tantancewa. Android tana amfani da nau'ikan allon tantancewa da yawa (na PIN, PUK, kalmar sirri, ƙirar ƙira, tantancewar biometric) kuma ana kiran waɗannan allon bi da bi lokacin da ake buƙatar tabbatarwa da yawa, kamar lokacin da ake buƙatar PIN da ƙirar duka.
Idan an shigar da lambar PIN daidai, mataki na biyu na tabbatarwa yana farawa, yana buƙatar shigar da babbar lambar buɗewa, amma lokacin shigar da lambar PUK, an tsallake wannan matakin kuma ana ba da damar shiga ba tare da neman babban kalmar sirri ko tsari ba. An zubar da mataki na gaba na buɗewa saboda lokacin da aka kira KeyguardSecurityContainerController#dismiss(), hanyar dubawa da ake tsammani da wucewa ba a kwatanta, watau. mai kulawa yayi la'akari da cewa canjin hanyar tabbatarwa bai faru ba kuma kammala tabbatar da lambar PUK yana nuna nasarar tabbatar da hukuma.
An gano raunin ne ta hanyar haɗari - wayar mai amfani da ita ta ƙare batir, kuma bayan caji da kunna ta, ya yi kuskure lokacin shigar da lambar PIN sau da yawa, bayan haka ya buɗe lambar PUK kuma ya yi mamakin yadda tsarin bai yi ba. nemi babban kalmar sirri da aka yi amfani da ita don warware bayanan, bayan haka ta rataye tare da saƙon "Pixel yana farawa ...". Mai amfani ya zama mai hankali, ya yanke shawarar gano abin da ke faruwa kuma ya fara gwaji tare da shigar da lambobin PIN da PUK ta hanyoyi daban-daban, har sai da gangan ya manta ya sake kunna na'urar bayan ya canza katin SIM kuma ya sami damar shiga muhalli maimakon. daskarewa.
Abin sha'awa na musamman shine martanin Google ga rahoton rauni. An aika da bayanai game da matsalar a watan Yuni, amma har zuwa Satumba, mai binciken ya kasa samun cikakkiyar amsa. Ya yi imanin cewa wannan hali ya faru ne saboda kasancewar ba shi ne ya fara ba da rahoton wannan kuskure ba. Zato cewa wani abu ba daidai ba ya taso a cikin Satumba lokacin da matsalar ta kasance ba a gyara ba bayan an sake sabunta firmware kwanaki 90 bayan da aka bayyana lokacin rashin bayyanawa ya riga ya ƙare.
Tun da duk ƙoƙarin gano matsayin rahoton matsalar da aka ƙaddamar kawai ya haifar da na'ura mai sarrafa kansa da ƙima, mai binciken ya yi ƙoƙarin tuntuɓar ma'aikatan Google da kansa don bayyana halin da ake ciki tare da shirye-shiryen gyara, har ma ya nuna rauni a ofishin Google na London. Sai kawai bayan haka, aikin don kawar da rashin lafiyar ya tashi daga ƙasa. A yayin binciken, an gano cewa wani ya riga ya ba da rahoton matsalar a baya, amma Google ya yanke shawarar yin keɓancewa tare da biyan tukwici don sake ba da rahoton matsalar, tunda godiya ce kawai ga jajircewar marubucin don gano matsalar. .
source: budenet.ru