Ofufuza ochokera ku Eset kusinthika kwatsopano (CVE-2020-3702) pachiwopsezo , yogwiritsidwa ntchito ku Qualcomm ndi MediaTek opanda zingwe tchipisi. Monga , zomwe zidakhudza tchipisi ta Cypress ndi Broadcom, kusatetezeka kwatsopano kumakupatsani mwayi kuti muchepetse kuchuluka kwa magalimoto a Wi-Fi otetezedwa pogwiritsa ntchito protocol ya WPA2.
Tiyeni tikumbukire kuti kusatetezeka kwa Kr00k kumayambitsidwa ndi kukonza kolakwika kwa makiyi obisa pomwe chipangizocho chimachotsedwa (chosiyana) ndi malo ofikira. Mu mtundu woyamba wa chiwopsezo, pakutha, kiyi ya gawo (PTK) yosungidwa mu kukumbukira kwa chip idakhazikitsidwanso, popeza palibe deta ina yomwe ingatumizidwe mu gawoli. Pamenepa, deta yomwe yatsala mu transmission buffer (TX) idabisidwa ndi kiyi yomwe yafufutidwa kale yokhala ndi ziro zokha ndipo, molingana ndi izi, imatha kumasuliridwa mosavuta mukadutsa. Chinsinsi chopanda kanthu chimangogwira ntchito ku data yotsalira mu buffer, yomwe ndi ma kilobytes ochepa kukula kwake.
Kusiyana kwakukulu pakati pa chiwopsezo chachiwiri, chomwe chimapezeka mu tchipisi ta Qualcomm ndi MediaTek, ndikuti m'malo mosungidwa ndi kiyi ya zero, deta pambuyo pa dissociation imafalitsidwa mosadziwika konse, ngakhale kuti mbendera zobisika zimayikidwa. Pazida zomwe zayesedwa kuti zikhale zosatetezeka kutengera tchipisi ta Qualcomm, D-Link DCH-G020 Smart Home Hub ndi rauta yotseguka zidadziwika. . Pazida zotengera tchipisi ta MediaTek, rauta ya ASUS RT-AC52U ndi mayankho a IoT otengera Microsoft Azure Sphere pogwiritsa ntchito MediaTek MT3620 microcontroller adayesedwa.
Kuti agwiritse ntchito mitundu yonse iwiri yazovuta, wowukira amatha kutumiza mafelemu apadera omwe amayambitsa kudzipatula ndikusokoneza zomwe zimatumizidwa pambuyo pake. Kudzilekanitsa kumagwiritsidwa ntchito kwambiri pamanetiweki opanda zingwe kuti asinthe kuchoka pamalo ena olowera kupita ku ena akamayendayenda kapena kulumikizana ndi malo omwe akupezekapo kukutayika. Kudzilekanitsa kungayambitsidwe ndi kutumiza chimango chowongolera, chomwe chimaperekedwa mosadziwika bwino ndipo sichifuna kutsimikizika (wowukirayo amangofunika kufikira chizindikiro cha Wi-Fi, koma safunikira kulumikizidwa ndi netiweki yopanda zingwe). Kuwukira kumatheka pomwe chipangizo cha kasitomala chomwe chili pachiwopsezo chikafika pamalo osatetezeka, komanso pomwe chida chomwe sichinakhudzidwe chikafika pamalo omwe amawonetsa chiwopsezo.
Chiwopsezochi chimakhudza kubisala pa intaneti yopanda zingwe ndikukulolani kuti muwunike maulalo osatetezedwa omwe amakhazikitsidwa ndi wogwiritsa ntchito (mwachitsanzo, DNS, HTTP ndi traffic traffic), koma sikukulolani kusokoneza kulumikizana ndi kubisa pamlingo wogwiritsa ntchito (HTTPS, SSH, STARTTLS, DNS pa TLS, VPN ndi zina). Kuopsa kwa kuwukira kumachepetsedwanso chifukwa chakuti panthawi yomwe wowukirayo amatha kutsitsa ma kilobytes angapo a data yomwe inali mu buffer yopatsirana panthawi yolumikizidwa. Kuti mugwire bwino zinsinsi zomwe zatumizidwa pa intaneti yopanda chitetezo, wowukirayo ayenera kudziwa nthawi yomwe adatumizidwa, kapena nthawi zonse yambitsani kulumikizidwa komwe kumawonekera, zomwe zidzawonekere kwa wogwiritsa ntchito chifukwa choyambiranso kulumikizana popanda zingwe.
Vutoli lidakonzedwa pakusinthidwa kwa Julayi kwa madalaivala amtundu wa tchipisi ta Qualcomm komanso mu Epulo pomwe madalaivala a tchipisi cha MediaTek. Kukonzekera kwa MT3620 kunaperekedwa mu Julayi. Ofufuza omwe adazindikira vutoli alibe chidziwitso chokhudza kuphatikizidwa kwa zosintha mu driver waulere wa ath9k. Kuyesa zida kuti ziwonetsedwe ku zovuta zonse ziwiri m'chinenero cha Python.
Kuphatikiza apo, zitha kuzindikirika Ofufuza ochokera ku Checkpoint adazindikira ziwopsezo zisanu ndi chimodzi mu tchipisi ta Qualcomm DSP, zomwe zimagwiritsidwa ntchito pa 40% ya mafoni am'manja, kuphatikiza zida za Google, Samsung, LG, Xiaomi ndi OnePlus. Tsatanetsatane wa zofooka siziperekedwa mpaka zovutazo zitathetsedwa ndi opanga. Popeza chipangizo cha DSP ndi "bokosi lakuda" lomwe silingathe kulamulidwa ndi wopanga mafoni a m'manja, kukonza kungatenge nthawi yaitali ndipo kudzafuna kugwirizana ndi DSP chip wopanga.
Tchipisi za DSP zimagwiritsidwa ntchito m'mafoni amakono kuti azichita zinthu monga ma audio, zithunzi ndi makanema, pakompyuta yamakina owonjezereka, masomphenya apakompyuta ndi kuphunzira pamakina, komanso kukhazikitsa njira yolipirira mwachangu. Zina mwa ziwopsezo zomwe ziwopsezo zozindikirika zimalola zimatchulidwa: Kudutsa njira yowongolera - kujambulidwa kosazindikirika kwa data monga zithunzi, makanema, zojambulira mafoni, deta yochokera pa maikolofoni, GPS, ndi zina zambiri. Kukana ntchito - kutsekereza kupeza zidziwitso zonse zosungidwa. Kubisa ntchito yoyipa - kupanga zinthu zosawoneka komanso zosachotsedwa.
Source: opennet.ru