Mathy Vanhoef, marubucin harin KRACK akan cibiyoyin sadarwar mara waya tare da WPA2, da Eyal Ronen, marubucin marubucin wasu hare-hare akan TLS, sun bayyana bayanai game da raunin shida (CVE-2019-9494 - CVE-2019-9499) a cikin fasaha. Kariyar cibiyoyin sadarwa mara waya ta WPA3, yana ba ka damar sake ƙirƙirar kalmar sirri ta haɗi da samun damar shiga cibiyar sadarwar mara waya ba tare da sanin kalmar wucewa ba. Lalacewar an haɗa su da sunan Dragonblood kuma suna ba da damar hanyar tattaunawar haɗin gwiwar Dragonfly, wanda ke ba da kariya daga tsinkayar kalmar sirri ta layi, a daidaita. Baya ga WPA3, ana kuma amfani da hanyar Dragonfly don karewa daga hasashen ƙamus a cikin ka'idar EAP-pwd da ake amfani da su a cikin Android, sabobin RADIUS da hostapd/wpa_supplicant.
Binciken ya gano manyan nau'ikan matsalolin gine-gine guda biyu a cikin WPA3. Duk nau'ikan matsalolin biyu za a iya amfani da su a ƙarshe don sake gina kalmar sirrin shiga. Nau'in farko yana ba ku damar komawa zuwa hanyoyin da ba a dogara da su ba (kai hari): kayan aikin don tabbatar da dacewa tare da WPA2 (yanayin wucewa, ba da damar yin amfani da WPA2 da WPA3) ba da damar maharan don tilasta abokin ciniki yin shawarwarin haɗin gwiwa na matakai huɗu. WPA2 ke amfani da shi, wanda ke ba da damar ƙarin amfani da kalmar sirrin kai hare-hare ta yau da kullun ga WPA2. Bugu da kari, an gano yuwuwar kai harin rage girman kai tsaye kan hanyar daidaita ma'amala ta hanyar Dragonfly, wanda ke ba mutum damar komawa zuwa nau'ikan lafuzza masu ƙarancin tsaro.
Nau'i na biyu na matsala yana haifar da zubar da bayanai game da halayen kalmar sirri ta hanyar tashoshi na ɓangare na uku kuma yana dogara ne akan kuskure a cikin hanyar shigar da kalmar sirri a Dragonfly, wanda ke ba da damar bayanan kai tsaye, kamar canje-canjen jinkiri yayin aiki, don sake ƙirƙirar kalmar sirri ta asali. . Dragonfly's hash-to-curve algorithm yana da saukin kamuwa da hare-haren cache, kuma hash-to-group algorithm nasa yana da saukin kamuwa da harin lokacin aiwatarwa.
Don aiwatar da harin ma'adinan cache, dole ne maharin ya iya aiwatar da lambar da ba ta da gata akan tsarin mai amfani da ke haɗawa da hanyar sadarwa mara waya. Duk hanyoyin biyu suna ba da damar samun bayanan da suka dace don fayyace daidai zaɓi na sassan kalmar sirri yayin aiwatar da zaɓin kalmar sirri. Tasirin harin yana da girma sosai kuma yana ba ku damar yin la'akari da kalmar sirri mai haruffa 8 wanda ya haɗa da ƙananan haruffa, tare da lokacin musafaha 40 kawai da kashe albarkatu daidai da hayar ƙarfin Amazon EC2 akan $125.
Dangane da raunin da aka gano, an gabatar da yanayin harin da dama:
- Kai hari kan WPA2 tare da ikon aiwatar da zaɓin ƙamus. A cikin mahallin da abokin ciniki da wurin samun damar ke tallafawa duka WPA3 da WPA2, mai hari zai iya tura wurin samun damar ɗan damfara tare da sunan cibiyar sadarwa iri ɗaya wanda ke goyan bayan WPA2 kawai. A cikin irin wannan hali, abokin ciniki zai yi amfani da hanyar sadarwar haɗin kai na WPA2, a lokacin da za a ƙayyade cewa ba za a yarda da wannan sake dawowa ba, amma za a yi haka a lokacin da aka aika saƙonnin shawarwari ta tashar da duk bayanan da suka dace. don harin ƙamus ya riga ya fado. Ana iya amfani da irin wannan hanyar don jujjuya juzu'in matsala na elliptical curves a cikin SAE.
Bugu da kari, an gano cewa iwd daemon, wanda Intel ya kirkira a matsayin madadin wpa_supplicant, da tari mara waya ta Samsung Galaxy S10 suna da saukin kamuwa da rage kai hare-hare ko da a cikin hanyoyin sadarwar da ke amfani da WPA3 kawai - idan wadannan na'urorin sun kasance a baya sun hada da hanyar sadarwa ta WPA3. , za su yi ƙoƙari su haɗa zuwa cibiyar sadarwar WPA2 mai lalata da suna iri ɗaya.
- Harin gefen tashar tashar da ke fitar da bayanai daga cache mai sarrafawa. Algorithm ɗin ɓoye kalmar sirri a cikin Dragonfly yana ƙunshe da reshe na sharadi da mai kai hari, yana da damar aiwatar da lambar akan tsarin mai amfani da mara waya, na iya, dangane da nazarin halayen cache, tantance wanene daga cikin toshe fursunoni idan-to-sai kuma aka zaɓi. . Ana iya amfani da bayanin da aka samu don aiwatar da ƙimantan kalmar sirri ta hanyar amfani da hanyoyi kama da harin ƙamus na layi akan kalmomin shiga na WPA2. Don kariya, an ba da shawarar canzawa zuwa yin amfani da ayyuka tare da lokacin aiwatarwa akai-akai, ba tare da yanayin yanayin bayanan da ake sarrafa ba;
- Harin tashoshi na gefe tare da kimanta lokacin aiwatar da aiki. Lambar Dragonfly tana amfani da ƙungiyoyi masu yawa masu yawa (MODP) don ɓoye kalmomin shiga da adadin adadin maimaitawa, adadin wanda ya dogara da kalmar sirri da aka yi amfani da ita da adireshin MAC na wurin shiga ko abokin ciniki. Mai kai hari mai nisa zai iya tantance yawan maimaitawar da aka yi yayin ɓoye kalmar sirri kuma ya yi amfani da su azaman nuni don ci gaba da tsinkayar kalmar sirri.
- Ƙin kiran sabis. Mai kai hari zai iya toshe ayyukan wasu ayyuka na wurin shiga saboda gajiyar da ake samu ta hanyar aika buƙatun shawarwarin tashar sadarwa da yawa. Don ƙetare kariyar ambaliya da WPA3 ke bayarwa, ya isa ya aika buƙatun daga adiresoshin MAC masu ƙima.
- Komawa ga ƙungiyoyin sirrin sirri marasa tsaro da aka yi amfani da su a cikin tsarin tattaunawar haɗin WPA3. Misali, idan abokin ciniki yana goyan bayan masu lanƙwasa P-521 da P-256, kuma yana amfani da P-521 azaman zaɓi na fifiko, to maharin, ba tare da la’akari da tallafi ba.
P-521 a gefen hanyar samun dama zai iya tilasta abokin ciniki ya yi amfani da P-256. Ana kai harin ne ta hanyar tace wasu saƙon yayin aiwatar da shawarwarin haɗin gwiwa da aika saƙon karya tare da bayanai game da rashin tallafi ga wasu nau'ikan lanƙwasa.
Don bincika na'urori don rashin lahani, an shirya rubutun da yawa tare da misalan hare-hare:
- Dragonslayer - aiwatar da hare-hare akan EAP-pwd;
- Dragondrain abu ne mai amfani don bincika raunin wuraren samun damar samun rauni a cikin aiwatar da hanyar shawarwarin haɗin gwiwa ta SAE (Tabbacin Daidaita Daidaitawa), wanda za'a iya amfani dashi don fara ƙin sabis;
- Dragontime - rubutun don gudanar da harin tashoshi na gefe a kan SAE, la'akari da bambance-bambancen lokacin sarrafa lokacin aiki yayin amfani da ƙungiyoyin MODP 22, 23 da 24;
- Dragonforce kayan aiki ne don maido da bayanai (citan kalmar sirri) dangane da bayanai game da lokutan aiki daban-daban ko tantance riƙe bayanai a cikin cache.
Wi-Fi Alliance, wanda ke haɓaka ƙa'idodi don cibiyoyin sadarwar mara waya, ya sanar da cewa matsalar tana shafar ƙayyadaddun adadin farkon aiwatarwa na WPA3-Personal kuma ana iya daidaita shi ta hanyar firmware da sabunta software. Babu wasu bayanan da aka rubuta na rashin lahani da ake amfani da su don yin munanan ayyuka. Don ƙarfafa tsaro, Wi-Fi Alliance ta ƙara ƙarin gwaje-gwaje a cikin shirin ba da takardar shaida na na'urar mara waya don tabbatar da daidaiton aiwatarwa, sannan kuma ta kai ga masana'antun na'urori don haɗa haɗin gyare-gyare don abubuwan da aka gano. An riga an fitar da faci don hostap/wpa_supplicant. Ana samun sabuntawar fakitin don Ubuntu. Debian, RHEL, SUSE/openSUSE, Arch, Fedora da FreeBSD har yanzu suna da batutuwan da ba a gyara su ba.
source: budenet.ru