Ngakhale mulingo watsopano wa WPA3 sunakwaniritsidwebe, zolakwika zachitetezo mu protocol iyi zimalola oukira kuthyola mawu achinsinsi a Wi-Fi.
Wi-Fi Protected Access III (WPA3) idakhazikitsidwa pofuna kuthana ndi zolakwika zaukadaulo za WPA2, zomwe kwa nthawi yayitali zimawonedwa ngati zosatetezeka komanso zosatetezeka ku KRACK (Key Reinstallation Attack). Ngakhale WPA3 imadalira kugwirana chanza kotetezeka kwambiri komwe kumadziwika kuti Dragonfly, komwe cholinga chake ndi kuteteza maukonde a Wi-Fi kuti asasokonezedwe ndi mtanthauzira mawu osagwiritsa ntchito intaneti (gulu lankhondo lopanda intaneti), ofufuza zachitetezo Mathy Vanhoef ndi Eyal Ronen adapeza zofooka pakukhazikitsa koyambirira kwa WPA3-Personal komwe kungalole wowukira kuti apezenso mapasiwedi a Wi-Fi pogwiritsa ntchito molakwika nthawi kapena ma cache am'mbali.
"Owukira amatha kuwerenga zambiri zomwe WPA3 ikuyenera kubisa mosamala. Izi zitha kugwiritsidwa ntchito kuba zidziwitso zachinsinsi monga manambala a kirediti kadi, mawu achinsinsi, mauthenga ochezera, maimelo, ndi zina. β
Lofalitsidwa lero , yotchedwa DragonBlood, ofufuzawo adayang'anitsitsa mitundu iwiri ya zolakwika za mapangidwe mu WPA3: yoyamba imatsogolera kuukira kwapansi, ndipo yachiwiri imatsogolera ku kutuluka kwa cache.
Kuukira kwa tchanelo kutengera posungira
Ma algorithm achinsinsi a chinjoka cha dragonfly, omwe amadziwikanso kuti hunting and pecking algorithm, ali ndi nthambi zokhazikika. Ngati wowukira atha kudziwa kuti ndi nthambi iti ya nthambi ngati-ndiye-mwina yomwe idatengedwa, atha kudziwa ngati mawu achinsinsi adapezeka pakubwereza kwina kwa algorithm imeneyo. M'malo mwake, zapezeka kuti ngati wowukira atha kuyendetsa nambala yosavomerezeka pakompyuta yovutitsidwa, ndizotheka kugwiritsa ntchito ma cache kuti adziwe kuti ndi nthambi iti yomwe idayesedwa pakubwereza koyambirira kwa algorithm yopanga mawu achinsinsi. Izi zitha kugwiritsidwa ntchito pogawa mawu achinsinsi (izi zikufanana ndi kuwukira kwa mtanthauzira mawu osalumikizana ndi intaneti).
Chiwopsezo ichi chikutsatiridwa pogwiritsa ntchito CVE-2019-9494.
Chitetezo chimapangidwa ndikusintha nthambi zokhazikika zomwe zimadalira zinsinsi zachinsinsi ndi zosankha zanthawi zonse. Zokhazikitsa ziyeneranso kugwiritsa ntchito mawerengedwe ndi nthawi yokhazikika.
Kuwukira kotengera njira yam'mbali mwa kulunzanitsa
Pamene kugwirana chanza kwa Dragonfly kumagwiritsa ntchito magulu ena ochulukitsitsa, mawu achinsinsi osunga mawu achinsinsi amagwiritsa ntchito manambala obwereza kuti alembe mawu achinsinsi. Chiwerengero chenicheni cha kubwereza chimadalira mawu achinsinsi omwe amagwiritsidwa ntchito ndi adilesi ya MAC ya malo olowera ndi kasitomala. Wowukira atha kuchita chiwopsezo chanthawi yakutali pamakina achinsinsi achinsinsi kuti adziwe kuchuluka kwazomwe zidatenga kuti alembe mawu achinsinsi. Zomwe zapezedwa zitha kugwiritsidwa ntchito popanga mawu achinsinsi, omwe ali ngati kuwukira kwa mtanthauzira mawu osalumikizidwa pa intaneti.
Pofuna kupewa kuwononga nthawi, kugwiritsa ntchito kuyenera kulepheretsa magulu ochulukitsa omwe ali pachiwopsezo. Kuchokera pamalingaliro aukadaulo, magulu a MODP 22, 23 ndi 24 akuyenera kukhala olumala. Ndikulimbikitsidwanso kuletsa magulu a MODP 1, 2 ndi 5.
Chiwopsezochi chimatsatiridwanso pogwiritsa ntchito CVE-2019-9494 chifukwa cha kufanana pakukhazikitsa kuwukira.
WPA3 kusintha
Popeza protocol ya WPA15 yazaka 2 yakhala ikugwiritsidwa ntchito kwambiri ndi mabiliyoni a zida, kufalikira kwa WPA3 sikudzachitika mwadzidzidzi. Kuthandizira zida zakale, zida zovomerezeka za WPA3 zimapereka "njira yosinthira" yomwe ingasinthidwe kuti ivomereze kulumikizana pogwiritsa ntchito WPA3-SAE ndi WPA2.
Ofufuzawo akukhulupirira kuti mawonekedwe osakhalitsa amakhala pachiwopsezo chochepetsera ziwopsezo, zomwe owukira angagwiritse ntchito kuti apange malo opanda pake omwe amangothandizira WPA2, kukakamiza zida zothandizidwa ndi WPA3 kuti zilumikizane pogwiritsa ntchito WPA2 yosagwirizana ndi njira zinayi.
"Tinapezanso kuukira kotsikirako motsutsana ndi SAE (Simultaneous Authentication of Peers, yomwe imadziwika kuti Dragonfly) pogwirana chanza, pomwe titha kukakamiza chipangizocho kuti chigwiritse ntchito njira yocheperako kuposa momwe timakhalira," ofufuzawo adatero.
Komanso, malo apakati-wapakati safunikira kuti achite kuwukira. M'malo mwake, owukira amangofunika kudziwa SSID ya netiweki ya WPA3-SAE.
Ofufuzawa adafotokoza zomwe adapeza ku Wi-Fi Alliance, bungwe lopanda phindu lomwe limatsimikizira miyezo ya WiFi ndi mankhwala a Wi-Fi kuti azitsatira, omwe adavomereza mavutowa ndipo akugwira ntchito ndi ogulitsa kuti akonze zida zomwe zilipo kale za WPA3.
PoC (404 panthawi yofalitsidwa)
Monga umboni wa lingaliro, ofufuza atulutsa posachedwa zida zinayi zotsatirazi (mu GitHub repositories hyperlinked pansipa) zomwe zingagwiritsidwe ntchito kuyesa kusatetezeka.
ndi chida chomwe chimatha kuyesa momwe malo ofikira ali pachiwopsezo cha Dos pakugwirana chanza kwa WPA3 Dragonfly.
- Chida choyesera chochitira zowukira munthawi yake motsutsana ndi kugwirana chanza kwa Dragonfly.
ndi chida choyesera chomwe chimapeza zidziwitso zakuchira kuchokera pakuwukiridwa nthawi ndikuchita mawu achinsinsi.
- chida chomwe chimalimbana ndi EAP-pwd.
Webusaiti ya polojekiti -
Source: www.habr.com