Masu bincike daga Eset
Bari mu tuna cewa raunin Kr00k yana faruwa ne ta hanyar sarrafa maɓallan ɓoye ba daidai ba lokacin da aka cire haɗin na'urar (rabe) daga wurin shiga. A cikin sigar farko ta rashin lahani, bayan an cire haɗin, an sake saita maɓallin zaman (PTK) da aka adana a ƙwaƙwalwar guntu, tunda ba za a aika ƙarin bayanai a cikin zaman na yanzu ba. A wannan yanayin, bayanan da suka rage a cikin buffer watsawa (TX) an rufaffen su tare da maɓalli da aka riga aka share wanda ya ƙunshi sifilai kawai kuma, saboda haka, ana iya ɓoye su cikin sauƙi yayin shiga tsakani. Maɓallin fanko yana aiki ne kawai ga ragowar bayanai a cikin buffer, wanda shine ƴan kilobytes a girman.
Babban bambanci tsakanin nau'i na biyu na raunin rauni, wanda ya bayyana a cikin kwakwalwan Qualcomm da MediaTek, shine cewa maimakon a rufaffen su da maɓallin sifili, bayanan bayan rabuwa ana watsa su ba tare da rufaffiyar gaba ɗaya ba, duk da cewa an saita tutocin ɓoyewa. Daga cikin na'urorin da aka gwada don rashin ƙarfi dangane da kwakwalwan Qualcomm, an lura da D-Link DCH-G020 Smart Home Hub da na'ura mai ba da hanya tsakanin hanyoyin sadarwa.
Don yin amfani da nau'ikan lahani guda biyu, mai kai hari na iya aika firam ɗin sarrafawa na musamman waɗanda ke haifar da rarrabuwa da tsaga bayanan da aka aika daga baya. Ana amfani da rarrabuwar kawuna a cibiyoyin sadarwa mara igiyar waya don canzawa daga wurin shiga zuwa wani yayin yawo ko lokacin da sadarwa tare da hanyar shiga ta ɓace. Ana iya haifar da rabuwa ta hanyar aika firam ɗin sarrafawa, wanda aka watsa ba a ɓoye ba kuma baya buƙatar tantancewa (mai kai harin kawai yana buƙatar isar siginar Wi-Fi, amma baya buƙatar haɗa shi da hanyar sadarwa mara waya). Harin yana yiwuwa duka biyu lokacin da na'urar abokin ciniki mai rauni ta shiga wurin shiga mara lahani, da lokacin da na'urar da ba ta shafa ba ta shiga wurin shiga wanda ke nuna rauni.
Rashin lahani yana rinjayar ɓoyewa a matakin cibiyar sadarwar mara waya kuma yana ba ku damar bincika haɗin haɗin da ba amintacce kawai wanda mai amfani ya kafa (alal misali, DNS, HTTP da zirga-zirgar mail), amma baya ba ku damar daidaita haɗin gwiwa tare da ɓoyewa a matakin aikace-aikacen (HTTPS). SSH, STARTTLS, DNS akan TLS, VPN da sauransu). Har ila yau, haɗarin harin yana raguwa saboda gaskiyar cewa a lokaci guda maharin zai iya lalata wasu kilobytes na bayanan da ke cikin buffer watsawa a lokacin da aka cire haɗin. Don samun nasarar kama bayanan sirrin da aka aika ta hanyar haɗin da ba a tsare ba, dole ne mai hari ya san ainihin lokacin da aka aiko shi, ko kuma ya fara cire haɗin gwiwa koyaushe daga wurin shiga, wanda zai bayyana ga mai amfani saboda ci gaba da sake farawa da haɗin mara waya.
An gyara matsalar a cikin sabuntawar Yuli na direbobi masu mallakar kwakwalwan kwamfuta na Qualcomm kuma a cikin sabuntawar Afrilu na direbobi don kwakwalwan kwamfuta na MediaTek. An gabatar da gyara don MT3620 a watan Yuli. Masu binciken da suka gano matsalar ba su da wani bayani game da haɗa gyare-gyare a cikin direban ath9k kyauta. Don gwada na'urori don fallasa ga lahani biyu
Bugu da ƙari, ana iya lura da shi
Ana amfani da chips ɗin DSP a cikin wayoyin hannu na zamani don aiwatar da ayyuka kamar sarrafa sauti, hoto da bidiyo, a cikin ƙididdigewa don ingantaccen tsarin gaskiya, hangen nesa na kwamfuta da koyon injin, da kuma aiwatar da yanayin caji cikin sauri. Daga cikin hare-haren da aka gano raunin da aka ba da izini an ambaci: Ketare tsarin kula da shiga - kama bayanai da ba a gano ba kamar hotuna, bidiyo, rikodin kira, bayanai daga makirufo, GPS, da sauransu. Ƙin sabis - toshe damar shiga duk bayanan da aka adana. Boye mugun aiki - ƙirƙirar gaba ɗaya ganuwa kuma mara cirewa qeta abubuwa.
source: budenet.ru