Daniele Antonioli, oo ah cilmi-baare amniga Bluetooth ah oo horay u soo saaray farsamooyinka weerarka ee BIAS, BLUR iyo KNOB, ayaa aqoonsaday laba dayacan oo cusub (CVE-2023-24023) ee habka gorgortanka kalfadhiga Bluetooth, oo saameeya dhammaan fulinta Bluetooth-ka ee taageera hababka isku xirka Amniga. "iyo "Lammaanaynta Fudud ee Sugan", oo waafaqsan tilmaamaha Bluetooth Core 4.2-5.4. Sida muujinta ku-dhaqanka ku-meel-gaadhka ah ee dayacanka la aqoonsaday, 6 ikhtiyaar oo weerar ah ayaa la sameeyay kuwaas oo noo oggolaanaya inaan dhexgalno xidhiidhka ka dhexeeya aaladaha Bluetooth-ka ee hore loogu lammaaniyey. Koodhka leh hirgelinta hababka weerarka iyo utility ee hubinta dayacanka ayaa lagu daabacay GitHub.
Nuglaanta ayaa la aqoonsaday inta lagu guda jiro falanqaynta hababka lagu qeexay heerka lagu gaaro sirta hore (Forward and Future Secretary), taas oo ka hortagaysa tanaasulka furayaasha fadhiga ee kiiska go'aaminta furaha joogtada ah (wax u dhimista mid ka mid ah furayaasha joogtada ah waa inaysan hogaamin. furaha furayaasha kalfadhiga oo dib loo isticmaalo (furaha hal kulan waa in aan lagu dabaqi karin fadhi kale). Nuglaanta la helay ayaa suurtogal ka dhigaysa in la dhaafo ilaalinta la cayimay oo dib loo isticmaalo furaha fadhiga aan la isku halayn karin ee kalfadhiyo kala duwan. Nuglaanta waxaa sababa cilladaha heerka saldhigga ah, maaha kuwo gaar u ah xirmooyinka Bluetooth-ka ee gaarka ah, waxayna ka muuqdaan jajabyada soo saarayaasha kala duwan.
Hababka weerarrada la soo jeediyay waxay hirgeliyaan doorashooyin kala duwan oo loogu talagalay abaabulka isku-dubbaridka caadiga ah (LSC, Legacy Secure Connections oo ku salaysan asalkii hore ee cryptographic) iyo ammaan (SC, Connections Secure oo ku salaysan ECDH iyo AES-CCM) isku xirka Bluetooth ee ka dhexeeya nidaamka iyo qalabka durugsan, sida sidoo kale abaabulka isku xirka MITM weerarrada isku xirka LSC iyo qaababka SC. Waxaa loo malaynayaa in dhammaan hirgelinta Bluetooth ee u hoggaansamaya heerka ay u nugul yihiin nooc ka mid ah weerarka BLOFFS. Habka waxaa lagu soo bandhigay 18 qalab oo laga keenay shirkadaha sida Intel, Broadcom, Apple, Google, Microsoft, CSR, Logitech, Infineon, Bose, Dell iyo Xiaomi.
Nuxurka nuglaanta waxay hoos ugu dhacdaa awoodda, iyada oo aan ku xad-gudbin heerka, si loogu qasbo xiriirka isticmaalka qaabkii hore ee LSC iyo furaha fadhiga gaaban ee aan la isku halleyn karin (SK), iyadoo la qeexayo ugu yar ee suurtogalka ah ee suurtogalka ah inta lagu jiro habka gorgortanka xiriirka iyo iska indha-tirka nuxurka jawaabta oo leh halbeegyada xaqiijinta (CR), taasoo horseedaysa abuurista furaha fadhiga oo ku salaysan cabbirro gelinta joogtada ah (furaha fadhiga SK waxaa loo xisaabiyaa sida KDF ee furaha joogtada ah (PK) iyo cabbirrada lagu heshiiyey inta lagu jiro fadhiga) . Tusaale ahaan, inta lagu guda jiro weerarka MITM, weeraryahanku wuxuu bedeli karaa cabbirada 𝐴𝐶 iyo 𝑆𝐷 qiimaha eber inta lagu jiro habka gorgortanka kalfadhiga, wuxuuna dejiyaa entropy 𝑆𝐸 1, taas oo u horseedi doonta samaynta furaha fadhiga 𝑆𝐾 1 byte ( cabbirka ugu yar ee entropy waa 7 bytes (56 bits), taas oo u dhiganta isku halaynta xulashada furaha DES).
Haddii weeraryahanku uu ku guulaysto inuu isticmaalo furaha gaaban inta lagu guda jiro gorgortanka isku xirka, markaa wuxuu isticmaali karaa xoog si uu u go'aamiyo furaha joogtada ah (PK) ee loo isticmaalo sirta oo uu u gaaro furaha gaadiidka u dhexeeya qalabka. Maadaama weerarka MITM uu kicin karo isticmaalka isla furaha sirta ah, haddii furahaan la helo, waxaa loo isticmaali karaa in lagu kala saaro dhammaan kulamadii hore iyo kuwa mustaqbalka ee uu dhexda u galay qofka weerarka geystay.
Si loo xakameeyo dayacanka, cilmi-baaruhu waxa uu soo jeediyay in isbeddel lagu sameeyo heerka kaas oo balaadhinaya hab-maamuuska LMP oo beddelo macquulka ah ee isticmaalka KDF (Furs Derivation Function) marka la soo saarayo furayaasha qaabka LSC. Isbeddelku ma jabiyo iswaafajinta gadaal, laakiin waxay keenaysaa in la kordhiyo amarka LMP iyo in la diro 48 bytes dheeraad ah. Bluetooth SIG, oo mas'uul ka ah horumarinta heerarka Bluetooth, ayaa soo jeedisay diidmada isku xirka kanaalka isgaarsiineed sir ah oo leh furayaal ilaa 7 bytes cabbir ahaan ah cabbir ammaan ahaan. Hirgelinta had iyo jeer isticmaala Habka Amniga 4 Heerka 4 waxaa lagu dhiirigelinayaa inay diidaan isku xirka furayaasha ilaa 16 bytes oo cabbirkooda ah.
Source: opennet.ru