A watan Fabrairu Matsalar dandali na Android ta gyara (CVE-2020-0022) a cikin tarin Bluetooth, wanda ke ba da damar aiwatar da lambar nesa ta hanyar aika fakitin Bluetooth da aka kera na musamman. Mai kai hari na iya gano matsalar ba tare da an gano shi ba a cikin kewayon Bluetooth. Yana yiwuwa za a iya amfani da rashin lafiyar don ƙirƙirar tsutsotsi da ke cutar da na'urorin makwabta a cikin sarkar.
Don harin, ya isa ya san adireshin MAC na na'urar wanda aka azabtar (ba a buƙatar riga-kafi ba, amma Bluetooth dole ne a kunna na'urar). A wasu na'urori, ana iya ƙididdige adireshin MAC na Bluetooth bisa ga adireshin MAC na Wi-Fi. Idan an yi nasarar cin gajiyar raunin, maharin na iya aiwatar da lambar sa tare da haƙƙin tsarin baya wanda ke daidaita aikin Bluetooth a cikin Android.
Matsalar ta keɓance ga tarin Bluetooth da ake amfani da su a cikin Android (dangane da lambar daga aikin BlueDroid daga Broadcom) kuma baya bayyana a cikin tarin BlueZ da aka yi amfani da shi akan Linux.
Masu binciken da suka gano matsalar sun iya shirya samfurin aiki na amfani, amma cikakkun bayanai game da amfani za su kasance. daga baya, bayan an fitar da gyara ga yawancin masu amfani. An sani kawai cewa raunin yana cikin lambar don sake gina fakiti da lissafin da ba daidai ba na girman L2CAP (Madaidaicin hanyar haɗin gwiwa da ka'idar daidaitawa) fakiti, idan bayanan da mai aikawa ya aika ya wuce girman da ake sa ran.
A cikin Android 8 da 9, matsalar na iya haifar da aiwatar da code, amma a cikin Android 10 yana iyakance ga faduwar tsarin Bluetooth na baya. Tsofaffin abubuwan da aka saki na Android suna iya shafar lamarin, amma ba a gwada amfani da raunin ba. An shawarci masu amfani da su shigar da sabuntawar firmware da wuri-wuri, kuma idan hakan bai yiwu ba, kashe Bluetooth ta tsohuwa, hana gano na'urar, kuma kunna Bluetooth a wuraren jama'a kawai lokacin da ya zama dole (ciki har da maye gurbin belun kunne mara waya tare da waya).
Baya ga matsalar da aka lura a ciki Saitin gyare-gyaren tsaro don Android ya kawar da lahani 26, wanda wani rauni (CVE-2020-0023) aka sanya wani muhimmin matakin haɗari. Lalacewar ta biyu kuma ita ce Tarin Bluetooth kuma yana da alaƙa da sarrafa ba daidai ba na gata BLUETOOTH_PRIVILEGED a cikin setbookAccessPermission. Dangane da raunin da aka yiwa alama a matsayin babban haɗari, an magance batutuwan 7 a cikin tsari da aikace-aikace, 4 a cikin abubuwan tsarin, 2 a cikin kwaya, da 10 a cikin buɗaɗɗen tushe da abubuwan mallakar mallaka don kwakwalwan kwamfuta na Qualcomm.
source: budenet.ru