Cov kws tshawb fawb los ntawm Eset ntawm lub rooj sab laj uas muaj hnub no cov ntaub ntawv hais txog () nyob rau hauv Cypress thiab Broadcom wireless chips, uas tso cai rau koj mus decrypt intercepted Wi-Fi tsheb tiv thaiv siv WPA2 raws tu qauv. Qhov tsis zoo tau raug codenamed Kr00k. Qhov teeb meem cuam tshuam rau FullMAC chips (Wi-Fi pawg yog siv rau sab nti, tsis yog sab tsav), siv ntau yam ntawm cov neeg siv khoom siv, los ntawm cov smartphones los ntawm cov tuam txhab paub zoo (Apple, Xiaomi, Google, Samsung) mus rau ntse hais lus (Amazon Echo, Amazon Kindle), boards (Raspberry Pi 3) thiab cov ntsiab lus nkag wireless (Huawei, ASUS, Cisco).
Qhov tsis zoo yog tshwm sim los ntawm kev ua tsis raug ntawm cov yuam sij encryption thaum disconnecting () cov khoom siv los ntawm qhov chaw nkag. Thaum disconnecting, khaws cia qhov tseem ceeb (PTK) nti rov qab mus rau xoom, vim tsis muaj cov ntaub ntawv ntxiv yuav raug xa mus rau hauv qhov kev sib kho tam sim no. Lub ntsiab lus ntawm qhov tsis zoo yog tias cov ntaub ntawv tseem tshuav nyob rau hauv kev sib kis (TX) tsis yog encrypted nrog ib qho tseem ceeb uas twb tau tshem tawm uas tsuas yog xoom thiab, raws li, tuaj yeem yooj yim decrypted yog cuam tshuam. Tus yuam sij khoob tsuas yog siv rau cov ntaub ntawv seem hauv qhov tsis, uas yog ob peb kilobytes loj.
Yog li, qhov kev tawm tsam yog raws li cov khoom xa tawm ntawm qee cov thav ntawv uas ua rau muaj kev sib cais, thiab kev cuam tshuam ntawm cov ntaub ntawv xa mus tom ntej. Disassociation feem ntau yog siv nyob rau hauv wireless networks hloov los ntawm ib qho chaw nkag mus rau lwm qhov thaum roaming lossis thaum kev sib txuas lus nrog qhov chaw nkag tam sim no ploj. Disassociation tuaj yeem tshwm sim los ntawm kev xa cov qauv tswj, uas yog kis tsis tau thiab tsis tas yuav muaj kev lees paub (tus neeg tawm tsam tsuas yog xav tau qhov ncav cuag ntawm Wi-Fi teeb liab, tab sis tsis tas yuav txuas nrog lub wireless network). Qhov kev tawm tsam tau sim tsuas yog siv WPA2 raws tu qauv; qhov ua tau ntawm kev tawm tsam ntawm WPA3 tsis tau sim.
Raws li kev kwv yees ua ntej, qhov tsis zoo tuaj yeem cuam tshuam txog ntau lab ntawm cov khoom siv hauv kev siv. Qhov teeb meem tsis tshwm sim ntawm cov khoom siv nrog Qualcomm, Realtek, Ralink thiab Mediatek chips. Nyob rau tib lub sijhawm, kev decryption tsheb tuaj yeem ua tau ob qho tib si thaum tus neeg siv khoom tsis zoo nkag mus rau qhov chaw tsis muaj teeb meem, thiab thaum lub cuab yeej tsis cuam tshuam los ntawm qhov teeb meem nkag mus rau qhov chaw nkag uas pom muaj qhov tsis zoo. Ntau tus neeg siv khoom siv khoom lag luam tau tso tawm firmware hloov tshiab uas hais txog qhov tsis zoo (piv txwv li Apple vulnerability rov qab rau lub Kaum Hlis xyoo tas los).
Nws yuav tsum raug sau tseg tias qhov tsis zoo cuam tshuam rau encryption ntawm qib wireless network thiab tso cai rau koj los tshuaj xyuas tsuas yog kev sib txuas tsis ruaj ntseg tsim los ntawm tus neeg siv, tab sis tsis ua kom muaj kev cuam tshuam kev sib txuas nrog encryption ntawm qib kev thov (HTTPS, SSH, STARTTLS, DNS. dhau TLS, VPN, thiab lwm yam). Qhov txaus ntshai ntawm kev tawm tsam kuj txo qis los ntawm qhov tseeb tias ib lub sijhawm tus neeg tawm tsam tsuas tuaj yeem txiav txim siab ob peb kilobytes ntawm cov ntaub ntawv uas nyob rau hauv kev sib kis tsis tau thaum lub sijhawm txiav tawm. Txhawm rau kom ua tiav cov ntaub ntawv tsis pub lwm tus paub xa mus rau qhov kev sib txuas tsis ruaj ntseg, tus neeg tawm tsam yuav tsum paub meej thaum nws raug xa mus, lossis tas li pib qhov kev cuam tshuam los ntawm qhov chaw nkag, uas yuav pom tseeb rau cov neeg siv vim qhov rov ua haujlwm tas li ntawm kev sib txuas wireless.
Qee cov khoom siv tau sim los ntawm Eset rau qhov muaj peev xwm ua rau muaj kev tawm tsam:
- Amazon Echo thib ob
- Amazon zes 8th gen
- Kua iPad mini 2
- Kua iPhone 6, 6S, 8, XR
- Kua MacBook Cua Retina 13-nti 2018
- Google Nexus 5
- Google Nexus 6
- Google Nexus 6S
- Txiv pos Pi 3
- Samsung Galaxy S4 GT-I9505
- Samsung Galaxy S8
- Xiaomi Redmi 3S
- Wireless routers ASUS RT-N12, Huawei B612S-25d, Huawei EchoLife HG8245H, Huawei E5577Cs-321
Tau qhov twg los: opennet.ru