Kunyangwe chiyero chitsva cheWPA3 chisati chaitwa zvizere, kukanganisa kwekuchengetedza muprotocol iyi kunobvumira vanorwisa kubira mapassword eWi-Fi.
Wi-Fi Yakachengetedzwa Kupinda III (WPA3) yakatangwa mukuyedza kugadzirisa kusakwana kwehunyanzvi hweWPA2 protocol, iyo yanga ichinzi haina kuchengetedzeka uye iri panjodzi yeKRACK (Key Reinstallation Attack). Kunyangwe WPA3 ichivimba nekubata maoko kwakachengeteka kunozivikanwa seDhikonifly, iyo ine chinangwa chekudzivirira maWi-Fi network kubva mukurwiswa kweduramazwi (offline brute force), vaongorori vezvekuchengetedza Mathy Vanhoef naEyal Ronen vakawana kushaya simba mukutanga kuita kweWPA3-Personal iyo inogona kubvumira. munhu anorwisa kuti awanezve mapassword eWi-Fi nekushandisa zvisizvo nguva kana mativi cache.
"Vanorwisa vanogona kuverenga ruzivo rwekuti WPA3 inofanirwa kuvharidzira zvakachengeteka. Izvi zvinogona kushandiswa kuba ruzivo rwakadzama senge nhamba dzekadhi rechikwereti, mapassword, mameseji ekutaura, maemail, nezvimwe."
Rakatsikiswa nhasi , inonzi DragonBlood, vatsvakurudzi vakanyatsotarisa marudzi maviri ekugadzirisa kukanganisa muWPA3: yekutanga inotungamirira pakuderedza kurwisa, uye yechipiri inotungamirira kudivi rekuvhara cache.
Cache-based side chiteshi kurwisa
Dragonfly's password encoding algorithm, inozivikanwawo seyokuvhima uye pecking algorithm, ine ane mamiriro matavi. Kana munhu anorwisa achigona kuona kuti ibazi ripi rebazi rekuti-kana-rimwe rakatorwa, anogona kuona kana password yakawanikwa mune imwe iteration yeiyo algorithm. Mukuita, zvakaonekwa kuti kana munhu anorwisa achigona kumhanyisa kodhi isina kurongeka pakombiyuta yakabatwa, zvinokwanisika kushandisa cache-based kurwisa kuona kuti nderipi bazi rakaedzwa mukutanga iteration yepassword generation algorithm. Ruzivo urwu runogona kushandiswa kuita password kupatsanura kurwisa (izvi zvakafanana nekurwisa duramazwi rekunze).
Kusagadzikana uku kuri kuteverwa uchishandisa CVE-2019-9494.
Dziviriro inosanganisira kutsiva matavi ane zvirevo anoenderana neakavanzika hunhu neanogara-nguva yekusarudza zvishandiso. Implementations inofanirawo kushandisa kuverenga nenguva isingaperi.
Synchronization-based side-channel kurwisa
Kana iyo Dragonfly handshake ichishandisa mamwe mapoka anowanza, password encoding algorithm inoshandisa nhamba yakasiyana yekudzokororwa kuvharidzira password. Huwandu chaihwo hwekudzokororwa hunoenderana nepassword inoshandiswa uye kero yeMAC yenzvimbo yekupinda uye mutengi. Anorwisa anogona kuita kure kure nguva kurwisa papassword encoding algorithm kuti aone kuti mangani ekudzokororwa kwaakatora kuti encode password. Ruzivo rwakadzoserwa runogona kushandiswa kuita password kurwisa, iyo yakafanana nekurwisa duramazwi rekunze.
Kudzivirira kurwiswa kwenguva, kuita kunofanirwa kudzima mapoka ari munjodzi anowanza. Kubva pakuona kwehunyanzvi, maMODP mapoka 22, 23 uye 24 anofanira kunge akaremara. Inokurudzirwa zvakare kudzima MODP mapoka 1, 2 uye 5.
Kusagadzikana uku kunoteverwa zvakare uchishandisa CVE-2019-9494 nekuda kwekufanana mukuitwa kwekurwisa.
WPA3 kuderedza
Sezvo 15-year-old WPA2 protocol yave kushandiswa zvakanyanya nemabhiriyoni emidziyo, kupararira kutorwa kweWPA3 hakuzoitiki nehusiku humwe. Kuti utsigire zvishandiso zvekare, WPA3-yakasimbiswa zvishandiso zvinopa "transitional operating mode" inogona kugadzirwa kuti igamuchire zvinongedzo uchishandisa ese WPA3-SAE neWPA2.
Vatsvagiri vanotenda kuti nzira yenguva pfupi iri panjodzi yekudzikisira kurwiswa, iyo vanorwisa vanogona kushandisa kugadzira nzvimbo ine hutsinye inongotsigira WPA2, ichimanikidza WPA3-inogonesa michina yekubatanidza uchishandisa isina kuchengetedzeka WPA2 nzira ina.
"Takawanawo kurwiswa kwakaderera kunopesana neSAE (Simultaneous Authentication of Peers, inowanzonzi Dragonfly) kubata maoko pachayo, kwatinogona kumanikidza mudziyo kushandisa isina kusimba elliptic curve pane yakajairika," vaongorori vakadaro.
Uyezve, nzvimbo yemurume-yepakati-yepakati haidiwe kuita kurwisa kwekudzikisa. Pane kudaro, vanorwisa vanongoda kuziva iyo SSID yeWPA3-SAE network.
Vatsvakurudzi vakashuma zvavakawana kuWi-Fi Alliance, sangano risingabatsiri rinopa zviyero zveWiFi uye zvigadzirwa zveWi-Fi kuti zvitevedzerwe, iyo yakabvuma matambudziko uye iri kushanda nevatengesi kugadzirisa midziyo iripo yeWPA3-yakasimbiswa.
PoC (404 panguva yekuburitswa)
Sehumbowo hwepfungwa, ivo vaongorori vachakurumidza kuburitsa anotevera maturusi mana akaparadzana (muGitHub repositories hyperlinked pazasi) anogona kushandiswa kuyedza kusasimba.
chishandiso chinogona kuyedza kusvika papi nzvimbo yekupinda iri panjodzi yekurwiswa neDos paWPA3 Dragonfly kubata maoko.
-Chishandiso chekuyedza kuita nguva yakatarwa kurwisa Dragonfly kubata maoko.
chishandiso chekuyedza chinowana ruzivo rwekudzoreredza kubva pakurwisa nguva uye kuita password yekurwiswa.
- chishandiso chinoita kurwisa EAP-pwd.
Project webhusaiti -
Source: www.habr.com