Masu bincike daga Red Balloon sun ba da rahoton lahani guda biyu da aka gano a cikin jerin hanyoyin sadarwa na Cisco 1001-X. Rashin lahani a cikin kayan aikin cibiyar sadarwa na Cisco ba labari bane, amma gaskiyar rayuwa. Cisco na ɗaya daga cikin manyan masu kera hanyoyin sadarwa da sauran na'urorin cibiyar sadarwa, don haka ana samun ƙarin sha'awar amincin samfuran sa duka daga ƙwararrun kariyar bayanai da kuma mahangar maharan.
Idan muka duba gaba, mun lura cewa ƙwararrun Red Balloon sun sanar da Cisco game da sabbin raunin watanni da suka gabata, don haka an warware matsalar ko ta yaya, ko kuma aƙalla Cisco ya san yadda za a magance ta. Ɗaya daga cikin lahani guda biyu za a iya rufe shi da sauƙi ta hanyar sabunta firmware, kuma kamfanin ya saki irin wannan firmware jiya a cikin jama'a, rahoton da aka buga ta kan layi. . Muna magana ne game da kwaro da aka samo a cikin tsarin aiki na Cisco IOS wanda ke ba wa mai hari tushen damar zuwa hanyoyin hanyoyin da aka ƙayyade.
Rashin lahani na biyu wani abu ne na musamman kuma mai matukar hatsari, in ji masu binciken. Ya taɓa tushen tsaro ga ɗaruruwan miliyoyin na'urorin sadarwar kamfani, daga masu amfani da hanyar sadarwa zuwa masu sauyawa zuwa wuta. Kwararrun Red Balloon sun sami damar ketare irin wannan kariyar kayan aikin Cisco kamar Trust Anchor. "Trust Anchor," kamar yadda za'a iya fassara wannan kalma, ci gaba ne na samfuran tabbatar da amincin kayan aikin mallakar kamfani (tsohon ACT). An gabatar da tsarin ACT don kariya daga jabu kuma daga baya aka canza shi zuwa wani tsari don lura da amincin sashin software na na'urorin sadarwar Cisco. A yau, Trust Anchor yana cikin duk kayan aikin cibiyar sadarwa na kamfanin. Ba shi da wuya a yi tunanin abin da sulhu na Trust Anchor zai haifar. Hanyoyin sadarwa a kan kayan aikin Cisco ba za su ƙara amincewa da su ba.
Masu bincike sun samo hanyar yaudarar Trust Anchor. Kayan aikin da aka yi kutse sun ci gaba da sanar da abokan ciniki game da rashin tsangwama, yayin da kwararru suka yi duk abin da suke so da shi. Wannan, ta hanyar, yana sa mu yi tunani game da makomar irin wannan ci gaba ta hanyar ARM (TrustZone), Intel (SGX) da sauran hanyoyi masu kama da kayan aiki don kare tsarin kwamfuta. Da alama wannan shine mafita ga rufe ramuka a cikin gine-ginen na'ura. Amintaccen guntu ko module a cikin kwakwalwan kwamfuta na iya sa kwamfutoci su sami amintaccen kariya daga hacking. A aikace, an sami rami ko damar da za a ketare kariyar ko da a cikin wani bayani inda shigarwa ya ke da iyaka kuma yawanci yana yiwuwa ne kawai a cikin yanayin samar da kayan.
Halin na ƙarshe zai zama mahimmanci don rufe ramukan da ke da alaƙa da sasantawa na amintattun kayayyaki na Trust Anchor. Ko da yake Cisco ya yi alƙawarin sakin faci don gyara ƙayyadaddun raunin Trust Anchor ga duk kayan aikin sa, zazzage sabuntawa na iya ba zai magance wannan matsalar ba. Cisco ya ce wannan zai buƙaci "sake tsara tsarin gida," ma'ana ba zai yiwu a sabunta kayan aikin ba daga nesa. Da kyau, kwanakin aiki suna jiran ma'aikata masu ba da sabis na cibiyoyin sadarwa ta amfani da kayan aikin Cisco. Kuma rani na gabatowa ba shi da alaƙa da wannan.
source: 3dnews.ru