Kubva kumushanduri uye TL;DR
-
TL; DR:
Zvinoita sekuti VoLTE yakave yakanyanya kuchengetedzwa kupfuura yekutanga Wi-Fi vatengi vane WEP. Iyo yakasarudzika yekuvaka miscalculation iyo inobvumidza iwe kuXOR traffic zvishoma uye kudzoreredza kiyi. Kurwiswa kunogoneka kana uri pedyo neanofona uye anofona nguva zhinji.
-
Ndatenda nezano uye TL; DR
-
Vatsvagiri vagadzira app kuti vaone kana mutakuri wako ari panjodzi, verenga zvakawanda . Govera mhedzisiro mune zvakataurwa, VoLTE yakaremara mudunhu rangu paMegafon.
Nezvomunyori
Matthew Green.
Ndiri criptographer uye purofesa paJohns Hopkins University. Ndakagadzira uye ndakaongorora masisitimu ekriptographic anoshandiswa mumatambo asina waya, masisitimu ekubhadhara, uye mapuratifomu ekuchengetedza zvemukati. Mukutsvaga kwangu, ndinotarisa nzira dzakasiyana dzekushandisa cryptography kuvandudza kuvanzika kwevashandisi.
Pave nenguva kubva pandakanyora fomati yekutumira , uye zvakandishungurudza. Kwete nekuti pakanga pasina kurwiswa, asi zvakanyanya nekuti pakanga pasina kurwiswa pane chimwe chinhu chakashandiswa zvakanyanya kuti ndibudise mubhuroko remunyori.
Asi nhasi ndauya inonzi ReVoLTE yemaprotocol andiri kunyanya kunakidzwa nekubira, kureva cellular network (izwi pamusoro) LTE protocol. Ndiri kufara nezveaya maprotocol-uye kurwiswa kutsva uku-nekuti kashoma kuona ma cellular network protocol uye mashandisirwo ari kubiwa. Kunyanya nekuti zviyero izvi zvakagadziridzwa mumakamuri akazadzwa nehutsi uye zvakanyorwa mumagwaro e12000-mapeji ayo asiri muongorori wese anogona kubata. Zvakare, kuita kurwiswa uku kunomanikidza vaongorori kushandisa yakaoma radio protocol.
Nokudaro, kukanganisa kwakakomba kwecryptographic kunogona kupararira pasi rose, zvichida kungoshandiswa nehurumende, muongorori asati aona. Asi nguva nenguva pane zvisizvo, uye kurwisa kwanhasi ndechimwe chazvo.
Authors Vabatsiri: David Rupprecht, Katharina Kohls, Thorsten Holz naChristina PΓΆpper vanobva kuRuhr-University Bochum uye New York University Abu Dhabi. Uku kurwiswa kukuru kudzoreredza kiyi muizwi protocol yauri kutoshandisa (tichifunga kuti unobva kuchizvarwa chekare chichiri kufona uchishandisa nharembozha).
Kutanga, rwendo rupfupi rwenhoroondo.
Chii chinonzi LTE uye VoLTE?
Hwaro hwemaitiro edu emazuva ano enharembozha akaiswa muEurope kumashure kuma80s nechiyero (Global System for Mobile Communications). GSM yaive yekutanga hombe yedhijitari nhare mbozha chiyero, iyo yakaunza akati wandei ekuchinja zvinhu, sekushandiswa. kuchengetedza mafoni. Early GSM yakagadzirirwa kunyanya kutaurirana kwezwi, kunyange zvazvo mari inogona kuva .
Sezvo kufambiswa kwedata kwakawedzera kukosha mukukurukurirana kweserura, Long Term Evolution (LTE) zviyero zvakagadziridzwa kukwenenzvera rudzi urwu rwekutaurirana. LTE yakavakirwa paboka rezviyero zvekare zvakaita seGSM, ΠΈ uye yakagadzirirwa kuwedzera kukurumidza kwekuchinjana data. Kune yakawanda yekumaka uye asi iyo TL; DR ndeyokuti LTE idhisheni yekufambisa data inoshanda sebhiriji pakati pekare packet data protocol uye ramangwana cellular data technologies. .
Zvechokwadi, nhoroondo inotitaurira kuti kana paine zvakakwana (IP) bandwidth iripo, pfungwa dzakadai se "inzwi" uye "data" dzichatanga kusvibiswa. Izvo zvinoshandawo kune azvino cellular protocol. Kuita kuti shanduko iyi ive nyore, LTE zviyero zvinotsanangura (VoLTE), inova IP chiyero chekutakura mafoni ezwi zvakananga pamusoro peiyo data ndege yeLTE system, ichipfuura iyo dial-up chikamu cheserura network zvachose. Sezvakaita standard ,VoLTE mafoni anogona kugumiswa neserura opareta uye akabatana kune yakajairwa nhare network. Kana (sezvazviri kuwedzera kuwanda) ivo zvakananga kubva kune imwe cellular mutengi kune imwe, uye kunyangwe pakati pevanopa vakasiyana.
Kufanana neVoIP yakajairwa, VoLTE yakavakirwa pamapato maviri anozivikanwa IP-based: Session Initiation Protocol ( - SIP) yekuseta kufona, uye chaiyo-nguva yekufambisa protocol (, iyo inofanirwa kunzi RTTP asi inodaidzwa kuti RTP) yekugadzirisa data yezwi. VoLTE inowedzerawo mamwe ekuwedzera bandwidth optimizations, senge musoro compression.
Zvakanaka, izvi zvinei nechekuita nekunyorera?
LTE, kufanana , ine yakajairwa seti yekriptographic protocol ye encrypting mapaketi sezvaanofambiswa pamusoro pemhepo. Iwo anonyanya kugadzirwa kuchengetedza data rako sezvainofamba pakati pefoni (inonzi mushandisi mudziyo, kana UE) uye nhare nhare (kana chero chero mupi wako anosarudza kumisa kubatana). Izvi zvinodaro nekuti ma cellular providers anoona ekunze avesdropping zvishandiso sevavengi. Zvakanaka, hongu.
(Zvisinei, chokwadi chekuti VoLTE kubatana kunogona kuitika zvakananga pakati pevatengi pane akasiyana network network zvinoreva kuti VoLTE protocol pachayo ine mamwe ekuwedzera uye esarudzo encryption protocol anogona kuitika pakakwirira network layer. Izvi hazvikodzeri kuchinyorwa chazvino, kunze kwekunge vanogona kuparadza zvose (tichataura pamusoro pavo muchidimbu chinotevera).
Nhoroondo, encryption muGSM yanga iri : zvakaipa , mapuroteni umo chete foni yakatenderwa shongwe (zvinoreva kuti munhu anorwisa anogona kutevedzera shongwe, achigadzira ) zvichingoenda zvakadaro. LTE yakagadzirisa akawanda emabhugi ari pachena uku ichichengetedza yakawanda yakafanana chimiro.
Ngatitange ne encryption pachayo. Tichifunga kuti kusikwa kwakakosha kwatoitika - uye tichataura nezvazvo muminiti - ipapo pakiti yega yega yedata yakavharidzirwa uchishandisa stream encryption uchishandisa chimwe chinhu chinonzi "EEA" (iyo mukuita inogona kuitwa uchishandisa zvinhu zvakaita seAES). Chaizvoizvo, iyo encryption mechanism iri pano sepazasi:
Iyo huru encryption algorithm yeVoLTE mapaketi (mabviro: ) EEA icipher, "COUNT" ndeye 32-bit counter, "BEARER" ideti yakasarudzika inoparadzanisa makubatanidza eVoLTE kubva kune yakajairika Internet traffic. "DIRECTION" inoratidza nzira iyo traffic irikuyerera - kubva kuUE kuenda kushongwe kana zvinopesana.
Sezvo iyo encryption algorithm pachayo (EEA) inogona kushandiswa uchishandisa yakasimba cipher seAES, hazviite kuti pachave nekurwiswa kwakananga pacipher pachayo seizvi. . Nekudaro, zviri pachena kuti kunyangwe paine yakasimba cipher, iyi encryption chirongwa inzira yakanaka yekupfura iwe pachako mutsoka.
Kunyanya: iyo LTE chiyero inoshandisa (isina kutenderwa) rwizi cipher ine modhi inozonyanya kutambudzika kana iyo counter - uye zvimwe zvinopinda zvakaita se "mutakuri" uye "direction" - zvakamboshandiswa zvakare. Mukutaura kwemazuva ano, izwi reiyi pfungwa ndere "nonce reuse kurwisa," asi njodzi dzinogona kuitika pano hachisi chinhu chazvino. Ivo vane mukurumbira uye vekare, vanodzokera kumazuva eglam metal uye kunyange disco.
Kurwiswa kwekusamboshandiswazve muCTR modhi yaivepo kunyangwe Poison payakazivikanwa
Kutaura chokwadi, zviyero zveLTE zvinoti, "Ndokumbirawo usashandisezve mamita aya." Asi zviyero zveLTE zvinosvika zviuru zvinomwe zvemapeji kureba, uye chero zvazvingava, zvakafanana nekukumbira vana kuti vasatambe nepfuti. Vachaita saizvozvo, uye zvinhu zvinotyisa zvichaitika. Pfuti yekupfura munyaya iyi ndeye keystream reuse kurwisa, umo mameseji maviri akasiyana akavanzika XOR akafanana keystream bytes. Zvinozivikanwa kuti izvi .
Chii chinonzi ReVoLTE?
Kurwiswa kweReVoLTE kunoratidza kuti, mukuita, iyi yakaoma encryption dhizaini inoshandiswa zvisizvo nechaiyo-nyika hardware. Kunyanya, vanyori vanoongorora mafoni eVoLTE chaiwo anoitwa vachishandisa michina yekutengesa uye vanoratidza kuti vanogona kushandisa chimwe chinhu chinonzi "kiyi reinstallation kurwisa." (Chikwereti chakawanda chekutsvaga dambudziko iri chinoenda (Raza & Lu), avo vaive vekutanga kutaura nezvekusagadzikana. Asi ReVoLTE tsvagiridzo inoishandura kuita kurwisa kunoshanda).
Rega ndikuratidze muchidimbu kukosha kwekurwiswa, kunyangwe iwe unofanirwa kutarisa uye .
Mumwe anogona kufunga kuti kana LTE ikamisa packet data yekubatanidza, basa rezwi pamusoro peLTE rinongova nyaya yekufambisa mapeketi ezwi pamusoro pekubatana ikoko pamwe chete nese traffic yako. Mune mamwe mazwi, VoLTE ichave pfungwa inongovapo pamusoro [OSI mhando - approx.]. Ichi hachisi chokwadi zvachose.
Muchokwadi, iyo LTE link layer inosuma iyo pfungwa ye "mutakuri". Vatakuri zviziviso zvechikamu zvakasiyana zvinoparadzanisa marudzi akasiyana epacket traffic. Yenguva dzose internet traffic (yako Twitter uye Snapchat) inopfuura nemutakuri mumwe. SIP siginecha yeVoIP inoenda neimwe, uye izwi traffic mapaketi anogadziriswa kuburikidza nechetatu. Ini handisi ruzivo rwakanyanya nezve LTE redhiyo uye network routing masisitimu, asi ndinotenda kuti zvakaitwa nenzira iyi nekuti LTE network inoda kumanikidza QoS (mhando yebasa) maitiro kuitira kuti nzizi dzepaketi dzakasiyana dzigadziriswe pamatanho akasiyana ekutanga: i.e. yako chechipiri-chiyero TCP yekubatanidza kuFacebook inogona kuve nechemberi yakaderera pane yako chaiyo-nguva yezwi kufona.
Izvi kazhinji harisi dambudziko, asi mhedzisiro yacho ndeyotevera. Makiyi eLTE encryption anogadzirwa zvakasiyana pese painoiswa "mutakuri" mutsva. Chaizvoizvo, izvi zvinofanirwa kuitika zvakare pese paunofona patsva. Izvi zvinozoita kuti imwe encryption kiyi ishandiswe pakufona kwega kwega, zvichibvisa mukana wekushandisa zvakare kiyi imwe chete encrypt maviri akasiyana seti yemapaketi ekufona. Chokwadi, iyo LTE standard inotaura chimwe chinhu senge "iwe unofanirwa kushandisa kiyi yakasiyana pese paunoisa mutakuri mutsva kubata runhare rutsva." Asi izvi hazvirevi kuti izvi zvinoitika.
Muchokwadi, mukuita kwehupenyu chaihwo, mafoni maviri akasiyana anoitika padyo nepedyo nguva achashandisa kiyi imwechete - kunyangwe ichokwadi chekuti vatakuri vatsva vezita rimwe chete vakagadzirirwa pakati pavo. Shanduko chete inoshanda inoitika pakati pemafoni aya ndeyekuti iyo encryption counter inoiswa patsva kusvika zero. Muzvinyorwa izvi dzimwe nguva zvinodanwa . Mumwe anogona kupokana kuti ichi chikanganiso chekuita, kunyangwe mune iyi nyaya njodzi dzinoita kunge dzakanyanya kubva pachiyero pachacho.
Mukuita, kurwiswa uku kunoguma nekushandiswa zvakare kwerukova, apo anorwisa anogona kuwana mapaketi akavharidzirwa $inline$C_1 = M_1 oplus KS$inline$ uye $inline$C_2 = M_2 oplus KS$inline$, zvichibvumira kuverenga kwe $inline$. C_1 kuwedzera C_2 = M_1 kuwedzera M_2$inline$. Zvitori nani, kana munhu anorwisa achiziva imwe ye$inline$M_1$inline$ kana $inline$M_2$inline$,anogona kudzosera imwe yacho ipapo ipapo. Izvi zvinomupa kurudziro yakasimba tsvaga chimwe chezvikamu zviviri zvisina kunyorwa.
Izvi zvinotisvitsa kune yakakwana uye inoshanda zvakanyanya kurwisa mamiriro. Funga nezvemunhu anorwisa anogona kumisa redhiyo traffic pakati penhare yaivavarirwa nenharembozha, uye ndiani anoita rombo rakanaka kurekodha mafoni maviri akasiyana, yechipiri ichiitika pakarepo mushure mekutanga. Zvino fungidzira kuti neimwe nzira anogona kufungidzira izvo zvisina kunyorwa zveimwe yekufona. Nevakadaro serendipity mutambi wedu anogona kunyatso decrypt yekutanga kufona achishandisa iri nyore XOR pakati pemaseti maviri emapaketi.
Chokwadi, mhanza haina chokuita nayo. Sezvo mafoni akagadzirwa kuti agamuchire nhare, munhu anorwisa anogona kunzwa runhare rwekutanga achakwanisa kuridza runhare rwechipiri panguva chaiyo inopera yekutanga. Kufona kwechipiri uku, kana kiyi imwechete yekuvharidzira ikashandiswa zvakare nekaunda reset kusvika zero, inobvumira iyo data isina kuvharidzirwa kuti idzorerwe. Uyezve, sezvo munhu wedu anorwisa achinyatso kudzora data panguva yekufona kwechipiri, anogona kudzoreredza zviri mukati mekufona kwekutanga - nekuda kwevakawanda vakanyatso itwa. zvinhu zvidiki, achitamba padivi pake.
Heino mufananidzo we general attack plan yakatorwa kubva :
Attack overview kubva . Ichi chirongwa chinofungidzira kuti mafoni maviri akasiyana anoitwa pachishandiswa kiyi imwechete. Anorwisa anodzora passive sniffer (kumusoro kuruboshwe), pamwe nefoni yechipiri, yaanogona kufona nayo kechipiri kufoni yemunhu akabatwa.
Saka kurwisa kunoshanda zvechokwadi here?
Kune rimwe divi, uyu ndiwo mubvunzo mukuru wechinyorwa nezve ReVoLTE. Mazano ese ari pamusoro akakura mudzidziso, asi anosiya mibvunzo yakawanda. Zvakaita se:
- Zvinogoneka here (kune vaongorori vezvidzidzo) kuti vatore kubatana kweVoLTE?
- Ko chaiwo maLTE masisitimu anonyatso rekey?
- Unogona here kutanga kufona kechipiri nekukurumidza uye nekuvimbika zvakakwana kuti foni neshongwe ishandisezve kiyi?
- Kunyangwe masisitimu achidzoreredza, unogona here kuziva izvo zvisina kuvharirwa zvefoni yechipiri - zvakapihwa kuti zvinhu zvakaita semacodecs uye transcoding zvinogona kunyatso chinja (bit-by-bit) zvemukati zvekufona kwechipiri, kunyangwe iwe uchikwanisa kuwana "bits". "kuuya kubva pafoni yako yekurwisa?
Basa reReVoLTE rinopindura mimwe yemibvunzo iyi mukusimbisa. Vanyori vanoshandisa yekushambadzira software-reconfigurable radio stream sniffer inonzi kubata VoLTE kufona kubva kudivi redownlink. (Ini ndinofunga kungobata nesoftware uye kuwana zano rakashata rekuti inoshanda sei zvakatora mwedzi kubva pahupenyu hwevarombo vakapedza kudzidza - zvinova zvakajairwa nerudzi urwu rwekutsvagisa kwedzidzo).
Vatsvakurudzi vakaona kuti kuitira kushandiswazve kwakakosha kushanda, kudana kwechipiri kwaifanira kuitika nokukurumidza zvakakwana mushure mokunge yekutanga yapera, asi kwete nekukurumidza-anenge masekonzi gumi kune vashandi vavakaedza. Sezvineiwo, hazvina basa kuti mushandisi anopindura kufona mukati menguva ino - iyo "ring" kureva. Iyo SIP yekubatanidza pachayo inomanikidza mushandisi kushandisa zvakare kiyi imwechete.
Nekudaro, mazhinji ematambudziko akanyanya akatarisana nedambudziko (4) - kugamuchira zvimedu zvezvisina kuvharidzirwa zvemukati runhare rwakatangwa neanorwisa. Izvi zvinodaro nekuti zvakawanda zvinogona kuitika kune zvako zvirimo sezvazvinofamba kubva parunhare rweanorwisa kuenda kunhare yemunhu akabatwa pamusoro peserura network. Semuenzaniso, matipi akasviba akadai sekudzoreredza encoded audio stream, iyo inosiya ruzha rwakafanana, asi inoshandura zvachose iyo bhinari inomiririra. LTE network inoshandisawo RTP header compression, iyo inogona kuchinja zvakanyanya yakawanda yeRTP packet.
Pakupedzisira, mapaketi anotumirwa neanorwisa anofanira kunge achienderana nemapaketi anotumirwa panguva yekutanga kufona. Izvi zvinogona kunetsa nekuti kugadzirisa kunyarara panguva yekufona kunoguma nemeseji mapfupi (aka nyaradzo ruzha) iyo inogona kusakwana zvakanaka nekufona kwekutanga.
Zvakakodzera kuverenga zvakadzama. Inogadzirisa zvakawanda zvenyaya dziri pamusoro - kunyanya, vanyori vakaona kuti mamwe macodecs haana kunyorwazve, uye kuti ingangoita 89% yeinomiririra yekufona inomiririra inogona kudzoserwa. Izvi ndezvechokwadi kune vangangoita vaviri vekuEurope vanoshanda vakaedzwa.
Uku kunoshamisa kwekubudirira kwepamusoro, uye kutaura chokwadi kwakakwira kupfuura zvandaitarisira pandakatanga kushanda pagwaro iri.
Saka tingaitei kuti tigadzirise?
Mhinduro yekukurumidza kumubvunzo uyu iri nyore kwazvo: sezvo musimboti wekusagadzikana kuri kushandiswa patsva (kuiswazve) kurwisa, ingogadzirisa dambudziko. Ita shuwa kuti kiyi nyowani yawanikwa pakufona kwega kwega, uye usambobvumira pakaunda yepakiti kuti idzore kaunda kudzokera ku zero uchishandisa kiyi imwechete. Dambudziko ragadziriswa!
Kana kuti zvimwe kwete. Izvi zvinoda kusimudzira michina yakawanda, uye, kutaura chokwadi, kugadzirisa kwakadaro pachayo hakuna kuvimbika kwakanyanya. Zvingave zvakanaka kana zviyero zvikakwanisa kuwana nzira yakachengeteka yekushandisa yavo encryption modes iyo isiri yekusagadzikana ine njodzi kumatambudziko akakosha ekushandisa zvakare.
Imwe sarudzo inogoneka ndeye kushandisa . Izvi zvinogona kunge zvakadhura kune zvimwe zvazvino hardware, asi zvirokwazvo inzvimbo vagadziri vanofanirwa kufunga nezvayo mune ramangwana, kunyanya sezvo 5G zviyero zvave kuda kutora nyika.
Ichi chidzidzo chitsva chinomutsawo mubvunzo wakajairika wekuti sei , mazhinji ayo anoshandisa madhizaini nemaprotocol akafanana. Paunenge watarisana nedambudziko rekudzoreredza kiyi imwechete kune akawanda anoshandiswa zvakanyanya maprotocol seWPA2, haufunge kuti ingangove nguva yekuita kuti zvaunofunga uye maitiro ekuyedza awedzere kusimba? Rega kubata vatevedzeri vezviyero sevadikani vane pfungwa vanoteerera yambiro yako. Vabate sevadzivisi (vasingafungi) vanozokanganisa zvinhu.
Kana, neimwe nzira, isu tinogona kuita izvo makambani akaita seFacebook neApple ari kuwedzera kuita: ita kuti izwi rekufona encryption riitike pamwero wepamusoro weOSI network stack, pasina kuvimba nevagadziri vemidziyo yemafoni. Tinogona kutosundira kumagumo-kusvika-kumagumo encryption yemafoni ezwi, sezviri kuita WhatsApp neSignal neFaceTime, tichifunga kuti hurumende yeUS inongomira. . Zvino (kunze kweimwe metadata) mazhinji ematambudziko aya anongonyangarika. Iyi mhinduro inonyanya kukosha munyika umo .
Kana kuti isu tinogona kungoita izvo zvatoitwa nevana vedu: rega kupindura idzo nhare dzinogumbura.
Source: www.habr.com