nezvekurwisa (Kiyi Kukurukurirana kweBluetooth), iyo inokutendera iwe kuronga kubatwa uye kutsiviwa kweruzivo mune yakavharidzirwa Bluetooth traffic. Kuve nekugona kuvharidzira kutapurirana kwakananga kwemapaketi panguva yekutaurirana kwemidziyo yeBluetooth, anorwisa anogona kuwana makiyi ane chete 1 byte yeentropy yechikamu, izvo zvinoita kuti zvikwanise kushandisa brute-force nzira kuona encryption kiyi.
Dambudziko rinokonzerwa nekukanganisa (CVE-2019-9506) muBluetooth BR/EDR Core 5.1 kududzirwa uye shanduro dzekare, izvo zvinobvumira kushandiswa kwemakiyi mapfupi ekunyorera uye hazvidzivise anorwisa kupindira padanho rekutaurirana kudonha. dzokera kumakiyi asina kuvimbika akadaro (mapaketi anogona kutsiviwa neanorwisa asina kutenderwa ). Kurwiswa kwacho kunogona kuitwa panguva iyo michina iri kutaurirana yekubatanidza (yakatosimbiswa masesheni haigone kurwiswa) uye inongoshanda pakubatanidza muBR/EDR (Bluetooth Basic Rate/Enhanced Data Rate) modhi kana zvese zviri panjodzi. Kana kiyi yasarudzwa zvakabudirira, anorwisa anogona kubvisa data rakafambiswa uye, asingazive kune anenge abatwa, anotsiva anopokana ciphertext mutraffic.
Pakuisa hukama pakati pevaviri maBluetooth controllers A uye B, controller A, mushure mekusimbiswa uchishandisa kiyi yekubatanidza, inogona kufunga kushandisa 16 bytes ye entropy yekiyi yekuvharidzira, uye controller B anogona kubvumirana neichi kukosha kana kutsanangura kukosha kwakaderera, mu kesi kana zvisingaite kugadzira kiyi yehukuru hwakarongwa. Mukupindura, mutongi A anogona kugamuchira chikumbiro chekupindura uye kumisa iyo encrypted yekutaurirana chiteshi. Pane ino nhanho yekutaurirana kweparameter, encryption haishandiswe, saka munhu anorwisa ane mukana wekuchinjisa dhata kuchinjanisa pakati pevatongi uye kutsiva pakiti neyakarongwa entropy saizi. Sezvo saizi yakakosha yekiyi inosiyana kubva pa1 kusvika ku16 bytes, wechipiri controller anobvuma kukosha uku uye kutumira simbiso yayo inoratidza saizi yakafanana.
Kuberekazve kusagadzikana mumamiriro erabhoritari (chiitiko cheanorwisa chakabudiswa pane chimwe chezvishandiso), zvakarongwa.
kuita kurwisa.
Kurwiswa chaiko, anorwisa anofanira kunge ari munzvimbo inogashira yemidziyo yevakabatwa uye ave nekwaniso yekuvharisa muchidimbu chiratidzo kubva kune yega yega mudziyo, iyo inofungidzirwa kuti iitwe kuburikidza nechiratidzo chekunyengera kana reactive jamming.
Iyo Bluetooth SIG, sangano rinotarisira kugadzira Bluetooth zviyero, kugadziridzwa kweiyo yakatarwa nhamba 11838, umo matanho ekuvharidzira kusagadzikana anorongwa kuti aitwe nevagadziri (iyo shoma encryption kiyi saizi yakawedzera kubva 1 kusvika 7). Dambudziko mu yakajairwa-inoenderana neBluetooth stacks uye Bluetooth chip firmware, kusanganisira zvigadzirwa Broadcom , , , Qualcomm, Linux, , ΠΈ (pamachipisi gumi nemana akaedzwa, ese aive panjodzi). MuLinux kernel Bluetooth stack gadziriso yekubvumidza iyo shoma encryption kiyi saizi kuti ichinjwe.
Source: opennet.ru