za kuukira (Key Negotiation Of Bluetooth), yomwe imakupatsani mwayi wokonzekera kulandidwa ndikusintha zidziwitso mumayendedwe obisika a Bluetooth. Pokhala ndi kuthekera koletsa kufalikira kwa mapaketi mwachindunji pakukambirana kwa zida za Bluetooth, wowukira amatha kugwiritsa ntchito makiyi omwe ali ndi 1 byte ya entropy pagawolo, zomwe zimapangitsa kugwiritsa ntchito njira ya brute-force kudziwa chinsinsi cha encryption.
Vutoli limayamba chifukwa cha zolakwika (CVE-2019-9506) mu Bluetooth BR/EDR Core 5.1 mafotokozedwe ndi mitundu yoyambirira, yomwe imalola kugwiritsa ntchito makiyi amfupi kwambiri obisala ndipo samalepheretsa wowukira kusokoneza pagawo lazokambirana kuti agwe. kubwerera ku makiyi osadalirika otere (mapaketi amatha kulowetsedwa ndi wowukira wosavomerezeka). Kuwukiraku kutha kuchitika panthawi yomwe zida zikukambirana za kulumikizana (magawo omwe adakhazikitsidwa kale sangathe kuwukiridwa) ndipo ndiwothandiza polumikizana ndi BR/EDR (Bluetooth Basic Rate/Enhanced Data Rate) ngati zida zonse zili pachiwopsezo. Ngati kiyiyo yasankhidwa bwino, wowukirayo amatha kumasulira zomwe zatumizidwa, ndipo, wozunzidwayo asakudziwa, amalowetsa mawu osamveka m'malo mwamsewu.
Mukakhazikitsa kulumikizana pakati pa olamulira awiri a Bluetooth A ndi B, wolamulira A, atatsimikizira kugwiritsa ntchito kiyi yolumikizira, atha kuganiza kuti agwiritse ntchito ma byte 16 a entropy pa kiyi ya encryption, ndipo wowongolera B akhoza kuvomereza mtengo uwu kapena kutchula mtengo wotsika, mu ngati sikutheka kupanga kiyi ya kukula komwe akufunsidwa. Poyankha, wolamulira A atha kuvomera kuyankha ndikuyambitsa njira yolumikizirana yobisidwa. Panthawi imeneyi ya zokambirana za parameter, kubisa sikugwiritsidwa ntchito, kotero wowukira ali ndi mwayi wosinthana pakati pa olamulira ndikusintha paketi ndi kukula kwa entropy. Popeza makiyi ovomerezeka amasiyana kuchokera ku 1 mpaka 16 bytes, wolamulira wachiwiri adzavomereza mtengo uwu ndikutumiza chitsimikiziro chake chosonyeza kukula kwake.
Kuchulukitsa chiopsezo m'malo a labotale (ntchito ya wowukirayo idatulutsidwa pazida zina), idaperekedwa.
kuchita chiwembu.
Pachiwopsezo chenicheni, wowukirayo ayenera kukhala pamalo olandirira zida za omwe akuzunzidwayo ndikutha kuletsa mwachidule chizindikiro kuchokera pa chipangizo chilichonse, chomwe chikuyenera kukhazikitsidwa kudzera mukusintha ma siginecha kapena kuponderezana mwachangu.
Bluetooth SIG, bungwe lomwe limayang'anira kukhazikitsa miyezo ya Bluetooth, Kusintha kwa chiwerengero cha nambala 11838, momwe njira zoletsera chiwopsezo zimapangidwira kuti zikhazikitsidwe ndi opanga (kuchepa kwachinsinsi chachinsinsi kwawonjezeka kuchokera 1 mpaka 7). Vuto mu ma stacks a Bluetooth ovomerezeka ndi Bluetooth chip firmware, kuphatikiza zinthu Broadcom , , , Qualcomm, Linux, , ΠΈ (mwa tchipisi 14 zoyesedwa, onse anali pachiwopsezo). Lowani mu Linux kernel Bluetooth stack kukonza kuti mulole kukula kocheperako kwa kiyibodi kusinthidwa.
Source: opennet.ru