Boka revatsvagiri vanobva kuTsinghua University (China) neGeorge Mason University (USA) vakaburitsa ruzivo nezve kusagadzikana (CVE-2022-25667) munzvimbo dzisina waya dzekupinda dzinobvumira kuronga traffic interception (MITM) mumatambo asina waya akachengetedzwa uchishandisa WPA, WPA2 uye WPA3 mitemo. Nekushandisa ICMP mapaketi ane "redirect" mureza, anorwisa anogona kuwana kudzoreredzwa kwetraffic yemunhu anenge abatwa mukati metiweki isina waya kuburikidza nesystem yake, iyo inogona kushandiswa kuvharira uye kubiridzira zvikamu zvisina kunyorwa (semuenzaniso, zvikumbiro kumasaiti asina HTTPS).
Kusagadzikana kunokonzerwa nekushaikwa kwekusefa kwakaringana kwekunyepedzera ICMP meseji ine spoofed sender kero (spoofing) mune network processors (NPU, Network Processing Unit), iyo inopa yakaderera-level packet processing mune isina waya network. Pakati pezvimwe zvinhu, maNPU akadzoserwa, pasina kutarisa kuti spoofing, dummy ICMP mapaketi ane "redirect" mureza, iyo inogona kushandiswa kushandura routing tafura paramita padivi remushandisi. Kurwiswa kwacho kunosvika pakutumira ICMP pakiti pachinzvimbo chenzvimbo yekuwana ne "redirect" mureza, zvichiratidza data rekunyepedzera mumusoro wepaketi. Nekuda kwekusagadzikana, meseji inoendeswa mberi nenzvimbo yekuwana uye inogadziriswa neakabatwa network stack, iyo inofungidzira kuti meseji yakatumirwa nenzvimbo yekuwana.
Pamusoro pezvo, vaongorori vakakurudzira nzira yekunzvenga macheki eICMP mapaketi ane "redirect" mureza padivi pemushandisi wekupedzisira uye nekuchinja tafura yayo yekufambisa. Kuti apfuure kusefa, anorwisa anotanga aona iyo inoshanda yeUDP chiteshi padivi reanobatwa. Kuve mune imwechete isina waya network, anorwisa anogona kubata traffic, asi haakwanise kuibvisa, nekuti haazive kiyi yesesheni inoshandiswa kana munhu akabatwa asvika panzvimbo yekupinda. Zvisinei, nekutumira mapepa ekuedza kumunhu anenge abatwa, anorwisa anogona kuona iyo inoshanda yeUDP port zvichienderana nekuongorora kweinouya ICMP mhinduro ne "Destination Unreachable" mureza. Tevere, anorwisa anogadzira meseji yeICMP ine "redirect" mureza uye spoofed UDP musoro, iyo inotsanangura yakavhurwa UDP chiteshi. Kugadziriswa kweiyi meseji kunotungamira mukukanganiswa kwetafura yenzira muhurongwa hwemunhu akabatwa uye kudzokororwa kwetraffic pamwe nemukana wekuitora nenzira yakajeka pane data link layer.
Dambudziko rakasimbiswa munzvimbo dzekuwana uchishandisa HiSilicon uye Qualcomm chips. Ongororo yemakumi mashanu emhando dzakasiyana dzenzvimbo dzekuwana kubva kune gumi anozivikanwa vagadziri (Cisco, NetGear, Xiaomi, Mercury, 55, Huawei, TP-Link, H10C, Tenda, Ruijie) yakaratidza kuti ese ari panjodzi uye haavharidzire fake. ICMP mapaketi. Pamusoro pezvo, ongororo ye360 iripo isina waya network yakaratidza mukana wekurwiswa mu3 network (122%).
Kushandisa kusasimba, munhu anorwisa anofanira kukwanisa kubatanidza zviri pamutemo kunetiweki yeWi-Fi, i.e. inofanirwa kuziva maparamendi ekupinda mune isina waya network (kusagadzikana kunobvumira kupfuura nzira dzinoshandiswa muWPA * mapuroteni ekuparadzanisa traffic yevashandisi mukati metiweki). Kusiyana neyakajairwa MITM kurwiswa pane isina waya network, vachishandisa iyo ICMP pakiti spoofing nzira, anorwisa anogona kuita pasina kuendesa yake yega dummy nzvimbo yekupinda kuti abvise traffic uye kushandisa zviri pamutemo nzvimbo dzekuwana dzinoshanda netiweki kuendesa zvakare akagadzirwa akagadzirwa ICMP mapaketi kune akabatwa.
Source: opennet.ru