Danieri Antonioli, muongorori wezvekuchengetedza weBluetooth uyo akambogadzira nzira dzekurwisa dzeBIAS, BLUR uye KNOB, akaona huviri hutsva husina kunaka (CVE-2023-24023) mumusangano weBluolue wenhaurirano nzira, inokanganisa mashandisirwo ese eBluetooth anotsigira Secure Connections modes. "Chengetedza Nyore Pairing", inoenderana neBluetooth Core 4.2-5.4 zvakatemwa. Sechiratidzo chekushandiswa kunoshanda kwezvakaonekwa kusadzivirirwa, nhanhatu dzekurwiswa sarudzo dzakagadzirwa dzinotitendera kupinza mukubatana pakati peyakambopetwa maBluetooth zvishandiso. Iyo kodhi nekushandiswa kwemaitiro ekurwisa uye zvishandiso zvekutarisa kusasimba zvinoburitswa paGitHub.
Kusagadzikana kwakaonekwa panguva yekuongororwa kwemaitiro anotsanangurwa muyero yekuzadzisa zvakavanzika zvemberi (Forward and Future Secrecy), iyo inopesana nekukanganisa kwemakiyi echikamu munyaya yekusarudza kiyi yechigarire (kukanganisa imwe yemakiyi echigarire hakufanirwe kutungamira. kudhipfenyura kwezvakambotambirwa kana zvenguva yemberi) uye kushandiswazve kwemakiyi echikamu chesesheni (kiyi kubva kune imwe chikamu haifanirwe kushanda kune imwe chikamu). Kusagadzikana kwakawanikwa kunoita kuti zvikwanise kunzvenga dziviriro yakataurwa uye kushandisazve kiyi yechikamu isingavimbike mumasesheni akasiyana. Kusagadzikana kunokonzerwa nekukanganisa kweiyo base chiyero, haina kunangana kune yega Bluetooth stacks, uye inoonekwa mumachipi kubva kune vakasiyana vagadziri.
Nzira dzekurwisa dzakarongwa dzinoshandisa sarudzo dzakasiyana dzekuronga spoofing yekirasi (LSC, Legacy Secure Connections zvichibva pane zvechinyakare cryptographic primitives) uye yakachengeteka (SC, Secure Connections yakavakirwa paECDH neAES-CCM) Bluetooth yekubatanidza pakati peiyo sisitimu uye peripheral mudziyo, se pamwe nekuronga MITM yekubatanidza.kurwiswa kwekubatanidza muLSC uye SC modes. Zvinofungidzirwa kuti ese maBluetooth mashandisirwo anoenderana neyakajairwa anogona kutapukirwa neimwe mutsauko wekurwiswa kweBLUFFS. Iyo nzira yakaratidzwa pamidziyo ye18 kubva kumakambani akadai seIntel, Broadcom, Apple, Google, Microsoft, CSR, Logitech, Infineon, Bose, Dell uye Xiaomi.
Chinhu chekusagadzikana chinodzika kusvika pakukwanisa, pasina kutyora chiyero, kumanikidza kubatana kushandisa yekare LSC modhi uye isingavimbike pfupi pfupi chikamu kiyi (SK), nekutsanangura iyo shoma inogoneka entropy panguva yekubatanidza kutaurirana maitiro uye kusateedzera iyo. zviri mukati memhinduro ine maparamendi echokwadi (CR), izvo zvinotungamira kuchizvarwa chesesheni kiyi zvichibva pane zvechigarire zvekuisa paramita (kiyi yechikamu SK inoverengerwa seKDF kubva kukiyi yekusingaperi (PK) uye zvimiro zvakabvumiranwa panguva yechikamu) . Semuyenzaniso, panguva yekurwiswa kweMITM, munhu anorwisa anogona kutsiva maparamendi 𝐴𝐶 uye 𝑆𝐷 ne zero kukosha panguva yemusangano wenhaurirano, uye kuseta iyo entropy 𝑆𝐸 kusvika 1, izvo zvinozotungamira mukuumbwa kwesesheni kiyi 𝑆𝐾 ine chaiyo. entropy ye 1 byte (iyo yakajairwa yakaderera entropy saizi i7 bytes (56 bits), inofananidzwa mukuvimbika kune DES kiyi sarudzo).
Kana munhu anorwisa akakwanisa kuwana kushandiswa kwekiyi ipfupi panguva yekukurukurirana, saka anogona kushandisa hutsinye simba kuona kiyi yechigarire (PK) inoshandiswa encryption uye kuita decryption yetraffic pakati pemidziyo. Sezvo kurwiswa kweMITM kuchigona kukonzeresa kushandiswa kwekiyi yekuvharidzira imwechete, kana kiyi iyi yawanikwa, inogona kushandiswa kubvisa zvese zvekare uye zveramangwana zvikamu zvakabatwa neanorwisa.
Kuvharisa kusasimba, muongorori akafunga kuita shanduko kune chiyero chinowedzera LMP protocol uye kushandura pfungwa yekushandisa KDF (Key Derivation Function) paunenge uchigadzira makiyi muLSC modhi. Shanduko haina kutyora kumashure kuenderana, asi inoita kuti iyo LMP yakawedzera murairo igoneswe uye imwezve 48 bytes itumirwe. Iyo Bluetooth SIG, iyo ine basa rekugadzira mazinga eBluetooth, yakurudzira kuramba kubatana pamusoro peiyo encrypted nzira yekutaurirana ine makiyi anosvika 7 bytes muhukuru seyekuchengetedza. Mashandisirwo anogara achishandisa Chengetedzo Mode 4 Level 4 anokurudzirwa kuramba kubatana nemakiyi anosvika 16 bytes muhukuru.
Source: opennet.ru