Masu bincike daga Eset sabon bambance-bambancen (CVE-2020-3702) na rauni , ya dace da kwakwalwan kwamfuta mara waya ta Qualcomm da MediaTek. Kamar , wanda ya shafi kwakwalwan Cypress da Broadcom, sabon rashin lahani yana ba ku damar ɓoye zirga-zirgar Wi-Fi da aka katange ta amfani da ka'idar WPA2.
Bari mu tuna cewa raunin Kr00k yana faruwa ne ta hanyar sarrafa maɓallan ɓoye ba daidai ba lokacin da aka cire haɗin na'urar (rabe) daga wurin shiga. A cikin sigar farko ta rashin lahani, bayan an cire haɗin, an sake saita maɓallin zaman (PTK) da aka adana a ƙwaƙwalwar guntu, tunda ba za a aika ƙarin bayanai a cikin zaman na yanzu ba. A wannan yanayin, bayanan da suka rage a cikin buffer watsawa (TX) an rufaffen su tare da maɓalli da aka riga aka share wanda ya ƙunshi sifilai kawai kuma, saboda haka, ana iya ɓoye su cikin sauƙi yayin shiga tsakani. Maɓallin fanko yana aiki ne kawai ga ragowar bayanai a cikin buffer, wanda shine ƴan kilobytes a girman.
Babban bambanci tsakanin nau'i na biyu na raunin rauni, wanda ya bayyana a cikin kwakwalwan Qualcomm da MediaTek, shine cewa maimakon a rufaffen su da maɓallin sifili, bayanan bayan rabuwa ana watsa su ba tare da rufaffiyar gaba ɗaya ba, duk da cewa an saita tutocin ɓoyewa. Daga cikin na'urorin da aka gwada don rashin ƙarfi dangane da kwakwalwan Qualcomm, an lura da D-Link DCH-G020 Smart Home Hub da na'ura mai ba da hanya tsakanin hanyoyin sadarwa. . Daga cikin na'urorin da suka dogara da kwakwalwan kwamfuta na MediaTek, ASUS RT-AC52U na'ura mai ba da hanya tsakanin hanyoyin sadarwa da mafita na IoT dangane da Microsoft Azure Sphere ta amfani da MediaTek MT3620 microcontroller an gwada su.
Don yin amfani da nau'ikan lahani guda biyu, mai kai hari na iya aika firam ɗin sarrafawa na musamman waɗanda ke haifar da rarrabuwa da tsaga bayanan da aka aika daga baya. Ana amfani da rarrabuwar kawuna a cibiyoyin sadarwa mara igiyar waya don canzawa daga wurin shiga zuwa wani yayin yawo ko lokacin da sadarwa tare da hanyar shiga ta ɓace. Ana iya haifar da rabuwa ta hanyar aika firam ɗin sarrafawa, wanda aka watsa ba a ɓoye ba kuma baya buƙatar tantancewa (mai kai harin kawai yana buƙatar isar siginar Wi-Fi, amma baya buƙatar haɗa shi da hanyar sadarwa mara waya). Harin yana yiwuwa duka biyu lokacin da na'urar abokin ciniki mai rauni ta shiga wurin shiga mara lahani, da lokacin da na'urar da ba ta shafa ba ta shiga wurin shiga wanda ke nuna rauni.
Rashin lahani yana rinjayar ɓoyewa a matakin cibiyar sadarwar mara waya kuma yana ba ku damar bincika haɗin haɗin da ba amintacce kawai wanda mai amfani ya kafa (alal misali, DNS, HTTP da zirga-zirgar mail), amma baya ba ku damar daidaita haɗin gwiwa tare da ɓoyewa a matakin aikace-aikacen (HTTPS). SSH, STARTTLS, DNS akan TLS, VPN da sauransu). Har ila yau, haɗarin harin yana raguwa saboda gaskiyar cewa a lokaci guda maharin zai iya lalata wasu kilobytes na bayanan da ke cikin buffer watsawa a lokacin da aka cire haɗin. Don samun nasarar kama bayanan sirrin da aka aika ta hanyar haɗin da ba a tsare ba, dole ne mai hari ya san ainihin lokacin da aka aiko shi, ko kuma ya fara cire haɗin gwiwa koyaushe daga wurin shiga, wanda zai bayyana ga mai amfani saboda ci gaba da sake farawa da haɗin mara waya.
An gyara matsalar a cikin sabuntawar Yuli na direbobi masu mallakar kwakwalwan kwamfuta na Qualcomm kuma a cikin sabuntawar Afrilu na direbobi don kwakwalwan kwamfuta na MediaTek. An gabatar da gyara don MT3620 a watan Yuli. Masu binciken da suka gano matsalar ba su da wani bayani game da haɗa gyare-gyare a cikin direban ath9k kyauta. Don gwada na'urori don fallasa ga lahani biyu a cikin harshen Python.
Bugu da ƙari, ana iya lura da shi Masu bincike daga Checkpoint sun gano raunin shida a cikin kwakwalwan Qualcomm DSP, waɗanda ake amfani da su akan 40% na wayoyin hannu, gami da na'urori daga Google, Samsung, LG, Xiaomi da OnePlus. Ba za a bayar da cikakkun bayanai game da lahanin ba har sai masana'antun sun warware matsalolin. Tun da guntu DSP shine "akwatin baƙar fata" wanda masana'antun wayoyin hannu ba za su iya sarrafa su ba, gyaran zai iya ɗaukar lokaci mai tsawo kuma zai buƙaci haɗin kai tare da masu sana'a na DSP.
Ana amfani da chips ɗin DSP a cikin wayoyin hannu na zamani don aiwatar da ayyuka kamar sarrafa sauti, hoto da bidiyo, a cikin ƙididdigewa don ingantaccen tsarin gaskiya, hangen nesa na kwamfuta da koyon injin, da kuma aiwatar da yanayin caji cikin sauri. Daga cikin hare-haren da aka gano raunin da aka ba da izini an ambaci: Ketare tsarin kula da shiga - kama bayanai da ba a gano ba kamar hotuna, bidiyo, rikodin kira, bayanai daga makirufo, GPS, da sauransu. Ƙin sabis - toshe damar shiga duk bayanan da aka adana. Boye mugun aiki - ƙirƙirar gaba ɗaya ganuwa kuma mara cirewa qeta abubuwa.
source: budenet.ru