Ofufuza zachitetezo ochokera ku F-Secure zokhoma zitseko zanzeru KeyWe Smart Lock ndikuwulula zovuta , zomwe zimalola kugwiritsa ntchito kwa Bluetooth Low Energy ndi Wireshark kuti azitha kuwongolera kuchuluka kwa magalimoto ndikuchotsamo kiyi yachinsinsi yomwe imagwiritsidwa ntchito kutsegula loko kuchokera pa foni yamakono.
Vutoli likukulirakulira chifukwa zotsekera sizigwirizana ndi zosintha za firmware ndipo chiwopsezocho chimangokhazikitsidwa mugulu latsopano la zida. Ogwiritsa ntchito omwe alipo amatha kungochotsa vutoli posintha loko kapena kusiya kugwiritsa ntchito foni yamakono kuti atsegule chitseko. KeyWe amatseka malonda a $155 ndipo amagwiritsidwa ntchito pazitseko zanyumba ndi zamalonda. Kuphatikiza pa kiyi yokhazikika, loko imathanso kutsegulidwa ndi kiyi yamagetsi kudzera pa foni yam'manja kapena kugwiritsa ntchito chibangili chokhala ndi tag ya NFC.
Kuteteza njira yolumikizirana yomwe malamulo amatumizidwa kuchokera ku pulogalamu yam'manja, algorithm ya AES-128-ECB imagwiritsidwa ntchito, koma chinsinsi cha encryption chimapangidwa kutengera makiyi awiri odziwikiratu - kiyi wamba ndi kiyi yowonjezera yowerengera, yomwe ingakhale yosavuta. wotsimikiza. Kiyi yoyamba imapangidwa kutengera magawo olumikizana ndi Bluetooth monga adilesi ya MAC, dzina la chipangizocho ndi mawonekedwe a chipangizocho.
Algorithm yowerengera kiyi yachiwiri imatha kuzindikirika pakuwunika kwa pulogalamu yam'manja. Popeza zidziwitso zopangira makiyi zimadziwika poyambilira, kubisa kumakhala kokhazikika komanso kuthyola loko ndikokwanira kudziwa magawo a loko, kutsekereza gawo lotsegulira chitseko ndikuchotsamo nambala yoloweramo. Zida zowunikira njira yolumikizirana ndi loko ndikuzindikira makiyi olowera pa GitHub.
Source: opennet.ru