Mathy Vanhoef, munyori weKRACK kurwiswa kweasina waya network neWPA2, uye Eyal Ronen, munyori-mubatsiri wekumwe kurwiswa kweTLS, akaburitsa ruzivo nezve kusakwana kutanhatu (CVE-2019-9494 - CVE-2019-9499) muhunyanzvi. dziviriro yeWPA3 isina waya network, ichikubvumidza kuti udzokorore password yekubatanidza uye kuwana mukana kune isina waya network usingazive password. Kusadzivirirwa kwakabatana kwakanyorwa zita rekuti Dragonblood uye inobvumira iyo Dragonfly yekubatanidza nzira yekutaurirana, iyo inopa dziviriro kubva kufungidziro yepassword yekunze, kukanganisika. Pamusoro peWPA3, iyo Dragonfly nzira inoshandiswawo kudzivirira kubva mukufembera muduramazwi muEAP-pwd protocol inoshandiswa muAndroid, RADIUS maseva uye hostapd/wpa_supplicant.
Chidzidzo ichi chakaratidza marudzi maviri makuru ematambudziko ekuvaka muWPA3. Marudzi ese ari maviri ematambudziko anogona pakupedzisira kushandiswa kugadzira patsva password yekuwana. Rudzi rwekutanga runokutendera kuti udzoke kunzira dzisingavimbike dzekriptographic (downgrade attack): maturusi ekuona kuenderana neWPA2 (transit modhi, inobvumira kushandiswa kweWPA2 neWPA3) inobvumira anorwisa kumanikidza mutengi kuti aite mana-nhanho yekubatanidza nhaurirano. inoshandiswa neWPA2, iyo inobvumira kumwe kushandiswa kwekare brute-force kurwisa mapassword anoshanda kuWPA2. Pamusoro pezvo, mukana wekuita kurwisa kwekudzikisa zvakanangana neiyo Dragonfly yekubatanidza nzira yekufananidza yakaonekwa, ichibvumira munhu kudzoreredza kumashure kune asina kuchengetedzeka mhando dzeelliptic curves.
Rudzi rwechipiri rwedambudziko rinotungamira mukuburitswa kweruzivo nezve mapassword maitiro kuburikidza nevechitatu-bato chiteshi uye yakavakirwa pakukanganisa kwepassword encoding nzira muDhikonifly, iyo inobvumira zvisina kunanga data, sekuchinja kwekunonoka panguva yekushanda, kudzokorora password yepakutanga. . Dragonfly's hash-to-curve algorithm inotapukirwa nekurwiswa kwecache, uye hash-to-group algorithm inokwanisa kuuraya nguva yekurwiswa.
Kuita cache mining kurwiswa, anorwisa anofanira kukwanisa kuita isina kurongeka kodhi pane sisitimu yemushandisi inobatanidza kune isina waya network. Nzira mbiri idzi dzinoita kuti zvikwanise kuwana ruzivo rwakakosha kujekesa sarudzo chaiyo yezvikamu zvepassword panguva yekusarudza password. Kubudirira kwekurwiswa kwacho kwakakwira zvakanyanya uye kunokubvumidza kuti ufembere password ine mavara masere inosanganisira mavara madiki, kutora zvikamu makumi mana chete zvekubata maoko uye kushandisa zviwanikwa zvakaenzana nekurenda Amazon EC8 inokwana $40.
Zvichienderana nekusagadzikana kwakaonekwa, akati wandei ekurwisa akakurudzirwa:
- Rollback kurwisa paWPA2 nekugona kuita sarudzo yeduramazwi. Munzvimbo umo mutengi nenzvimbo yekuwana inotsigira zvese WPA3 neWPA2, munhu anorwisa anogona kuendesa ega ega yekuwana nzvimbo ine zita rimwechete retiweki rinongotsigira WPA2. Mumamiriro ezvinhu akadaro, mutengi achashandisa nzira yekubatanidza nzira yeWPA2, panguva iyo ichave yakatemwa kuti kudzoreredza kwakadaro hakubvumirwe, asi izvi zvichaitwa pachinhanho kana mameseji enhaurirano atumirwa uye ruzivo rwese rwunodiwa. nekuti kurwiswa kweduramazwi kwakatodeuka. Imwe nzira yakafanana inogona kushandiswa kudzosera kumashure zvinetswa shanduro dzeelliptic curves muSAE.
Pamusoro pezvo, zvakaonekwa kuti iyo iwd daemon, yakagadziridzwa neIntel seimwe nzira yewpa_supplicant, uye Samsung Galaxy S10 isina waya stack inotapukirwa nekudzikisira kurwiswa kunyangwe mumatiweki anoshandisa WPA3 chete - kana zvishandiso izvi zvakambobatana neWPA3 network. , ivo vanoedza kubatanidza kune dummy WPA2 network ine zita rimwechete.
- Side-channel kurwisa iyo inobvisa ruzivo kubva kune processor cache. Iyo password encoding algorithm mu Dragonfly ine conditional branching uye anorwisa, ane kugona kuita iyo kodhi pane isina waya mushandisi sisitimu, anogona, zvichibva pakuongorora kwecache maitiro, kuona kuti ndeipi yei-icho-imwezve mabhuraki ekutaura akasarudzwa. Ruzivo rwakawanikwa runogona kushandiswa kuita fungidziro yepassword inofambira mberi uchishandisa nzira dzakafanana nekurwiswa kweduramazwi pasina Indaneti pamapassword eWPA2. Kuti dzidzivirire, zvinokurudzirwa kushandura kushandisa mashandiro ane nguva inogara ichiitwa, yakazvimirira kubva kune iyo data iri kugadziriswa;
- Side-channel kurwisa nefungidziro yenguva yekuitwa kwekushanda. Kodhi yedragonfly inoshandisa mapoka akawanda anowanza (MODP) kunyora mapassword uye nhamba yakasiyana yekudzokorora, nhamba yacho inoenderana nepassword inoshandiswa uye kero yeMAC yenzvimbo yekupinda kana mutengi. Anorwisa ari kure anogona kuona kuti mangani ekudzokorora akaitwa panguva yekukodha password uye oashandisa sechiratidzo chekufungidzira kwepassword.
- Kuramba kufona kwesevhisi. Anorwisa anogona kuvharidzira kushanda kwemamwe mabasa enzvimbo yekuwana nekuda kwekuneta kwezviwanikwa zviripo nekutumira nhamba huru yezvikumbiro zvekutaurirana nzira yekutaurirana. Kunzvenga dziviriro yemafashama yakapihwa neWPA3, zvakakwana kutumira zvikumbiro kubva kune manyepo, asingadzokorore kero yeMAC.
- Kudzokera kumapoka asina kuchengetedzeka ecryptographic anoshandiswa muWPA3 yekubatanidza kutaurirana maitiro. Semuenzaniso, kana mutengi achitsigira elliptic curves P-521 uye P-256, uye akashandisa P-521 seyekutanga sarudzo, ipapo anorwisa, zvisinei nerutsigiro.
P-521 padivi penzvimbo yekupinda inogona kumanikidza mutengi kushandisa P-256. Kurwiswa uku kunoitwa nekusefa mamwe mameseji panguva yekubatanidza kutaurirana uye kutumira mameseji emanyepo ane ruzivo nezve kushomeka kwerutsigiro rwemamwe marudzi eelliptic curves.
Kuti utarise zvishandiso zvekusagadzikana, akati wandei magwaro akagadzirwa ane mienzaniso yekurwiswa:
- Dragonslayer - kuita kwekurwiswa kweEAP-pwd;
- Dragondrain chinhu chinoshandiswa chekutarisa kusagadzikana kwenzvimbo dzekuwana kune hurema mukushandiswa kweSAE (Simultaneous Authentication of Equals) nzira yekubatanidza nhaurirano, inogona kushandiswa kutanga kuramba basa;
- Dragontime - chinyorwa chekuita kurwisa-channel kurwisa SAE, tichifunga nezvekusiyana kwekugadzirisa nguva yekushanda kana uchishandisa MODP mapoka 22, 23 uye 24;
- Dragonforce chishandiso chekudzoreredza ruzivo (password kufungidzira) zvichibva paruzivo nezve akasiyana ekugadzirisa nguva dzekushanda kana kuona kuchengetwa kwedata mu cache.
Iyo Wi-Fi Alliance, iyo inovandudza zviyero zveasina waya network, yakazivisa kuti dambudziko rinokanganisa huwandu hushoma hwekutanga kuita kweWPA3-Personal uye inogona kugadziriswa kuburikidza neiyo firmware uye software yekuvandudza. Pakave pasina nyaya dzakanyorwa dzekusagadzikana kuri kushandiswa kuita zvakaipa. Kusimbisa kuchengetedzeka, iyo Wi-Fi Alliance yakawedzera mimwe bvunzo kuchirongwa chisina waya chetiketi kuti ione kurongeka kwekuita, uye zvakare yakasvika kune vanogadzira zvishandiso kuti varongedze pamwe chete zvigadziriso zvezvinhu zvakaonekwa. Zvimedu zvakatoburitswa kune hostap/wpa_supplicant. Mapakeji ekugadzirisa anowanikwa kuUbuntu. Debian, RHEL, SUSE/openSUSE, Arch, Fedora uye FreeBSD zvichine nyaya dzisina kugadziriswa.
Source: opennet.ru