Masu bincike daga Eset a taron da ke gudana a kwanakin nan bayani game da () a cikin kwakwalwan kwamfuta mara waya ta Cypress da Broadcom, wanda ke ba ka damar ɓoye zirga-zirgar Wi-Fi da aka katange ta amfani da ka'idar WPA2. An sanya wa raunin suna Kr00k. Matsalar tana shafar kwakwalwan kwamfuta na FullMAC (ana aiwatar da tarin Wi-Fi a gefen guntu, ba gefen direba ba), ana amfani da su a cikin nau'ikan na'urori masu amfani da yawa, daga wayoyin hannu daga sanannun masana'antun (Apple, Xiaomi, Google, Samsung) zuwa masu magana mai wayo (Amazon Echo, Amazon Kindle) , allon (Raspberry Pi 3) da wuraren samun damar mara waya (Huawei, ASUS, Cisco).
Rashin lahani yana faruwa ta hanyar sarrafa maɓallan ɓoye ba daidai ba lokacin da aka cire haɗin () na'urori daga wurin shiga. Lokacin cire haɗin, maɓallin maɓalli da aka adana (PTK) zai sake saita guntu zuwa sifili, tunda ba za a aika ƙarin bayanai a cikin zaman na yanzu ba. Ma'anar raunin shi ne cewa bayanan da suka rage a cikin buffer na watsawa (TX) an rufaffen rufaffen su tare da maɓalli da aka riga aka share wanda ya ƙunshi sifilai kawai kuma, saboda haka, ana iya ɓoye su cikin sauƙi idan an kama su. Maɓallin fanko yana aiki ne kawai ga ragowar bayanai a cikin buffer, wanda shine ƴan kilobytes a girman.
Don haka, harin ya dogara ne akan aika ta wucin gadi na wasu firam ɗin da ke haifar da rarrabuwa, da kutse bayanan da aka aika na gaba. Ana amfani da rarrabuwar kawuna a cibiyoyin sadarwa mara waya don canzawa daga wurin shiga zuwa wani yayin yawo ko lokacin da sadarwa tare da hanyar shiga ta ɓace. Ana iya haifar da rabuwa ta hanyar aika firam ɗin sarrafawa, wanda aka watsa ba a ɓoye ba kuma baya buƙatar tantancewa (mai kai harin kawai yana buƙatar isar siginar Wi-Fi, amma baya buƙatar haɗa shi da hanyar sadarwa mara waya). An gwada harin ta amfani da ka'idar WPA2 kawai; ba a gwada yiwuwar kai hari kan WPA3 ba.
Dangane da kiyasi na farko, raunin na iya shafar biliyoyin na'urorin da ake amfani da su. Matsalar ba ta bayyana akan na'urori masu kwakwalwan Qualcomm, Realtek, Ralink da Mediatek ba. A lokaci guda, ɓarna zirga-zirga yana yiwuwa duka lokacin da na'urar abokin ciniki mai rauni ta shiga wurin shiga mara matsala, kuma lokacin da na'urar da matsalar ba ta shafa ba ta shiga wurin shiga wanda ke nuna rauni. Yawancin masana'antun na'urorin mabukaci sun riga sun fitar da sabuntawar firmware waɗanda ke magance raunin (misali, Apple raunin baya a watan Oktoban bara).
Ya kamata a lura cewa raunin yana rinjayar ɓoyewa a matakin cibiyar sadarwar mara waya kuma yana ba ku damar bincika haɗin haɗin da ba amintacce kawai wanda mai amfani ya kafa ba, amma baya sa ya yiwu a daidaita haɗin gwiwa tare da ɓoyewa a matakin aikace-aikacen (HTTPS, SSH, STARTTLS, DNS). sama da TLS, VPN, da sauransu). Har ila yau, haɗarin harin yana raguwa saboda gaskiyar cewa a lokaci guda maharin zai iya lalata wasu kilobytes na bayanan da ke cikin buffer watsawa a lokacin da aka cire haɗin. Don samun nasarar kama bayanan sirrin da aka aika ta hanyar haɗin da ba a tsare ba, dole ne mai hari ya san ainihin lokacin da aka aiko shi, ko kuma ya fara cire haɗin gwiwa koyaushe daga wurin shiga, wanda zai bayyana ga mai amfani saboda ci gaba da sake farawa da haɗin mara waya.
Wasu daga cikin na'urorin da Eset ta gwada don yuwuwar kai hari:
- Amazon Echo 2nd
- Amazon Kindle 8th Gen
- Apple iPad mini 2
- Apple iPhone 6, 6S, 8, XR
- Apple MacBook Air Retina 13-inch 2018
- Google Nexus 5
- Google Nexus 6
- Google Nexus 6S
- Rasberi PI 3
- Samsung Galaxy S4 GT-I9505
- Samsung Galaxy S8
- Xiaomi Redmi 3S
- Masu amfani da mara waya ta ASUS RT-N12, Huawei B612S-25d, Huawei EchoLife HG8245H, Huawei E5577Cs-321
source: budenet.ru