Koox cilmi-baarayaal ah oo ka socda Jaamacadda Tsinghua (Shiinaha) iyo Jaamacadda George Mason (USA) ayaa shaaca ka qaaday nuglaansho (CVE-2022-25667) oo ku jirta goobaha marin u helidda wireless-ka taasoo u oggolaanaysa weerarrada nin-ku-dhex-dhexaadka ah (MITM) ee shabakadaha wireless-ka ee lagu sumeeyay WPA, WPA2, iyo WPA3. Iyadoo la adeegsanayo baakadaha ICMP ee leh calanka "wareejinta", weeraryahanku wuxuu u wareejin karaa taraafikada dhibbanaha ee shabakadda wireless-ka nidaamkiisa, kaas oo loo isticmaali karo in lagu dhexgalo oo lagu been abuuro kalfadhiyada aan la qarin (tusaale ahaan, codsiyada mareegaha aan ahayn HTTPS).
Nuglaanta waxaa sababa la'aanta shaandheyn sax ah oo loogu talagalay fariimaha ICMP ee been abuurka ah oo leh cinwaan ilo been abuur ah (been abuur) oo ku jira cutubyada habaynta shabakadda (NPUs), kuwaas oo sameeya habaynta baakadaha heerka hoose ee shabakadaha wireless-ka. Waxyaabaha kale, NPUs waxay u gudbiyeen baakadaha ICMP ee been abuurka ah oo leh calanka "dib-u-hagaajinta" iyada oo aan la hubin hubinta been abuurka ah. Xirmooyinkan waxaa loo isticmaali karaa in lagu beddelo xuduudaha miiska ee dhinaca dhibbanaha. Weerarku wuxuu ka kooban yahay dirista baakad ICMP oo ku matalaysa barta marin u helidda oo leh calanka "dib-u-hagaajinta" iyo qeexidda xogta been abuurka ah ee ku jirta cinwaanka baakadka. Nuglaanshaha awgeed, farriinta waxaa gudbiya barta marin u helidda waxaana farsameeya xirmada shabakadda dhibbanaha, taas oo aaminsan in farriintu ay ka timid barta marin u helidda.
Intaa waxaa dheer, cilmi-baarayaashu waxay soo jeediyeen hab lagu dhaafo hubinta baakadaha ICMP oo leh calanka "wareejinta" ee ku yaal isticmaalaha ugu dambeeya iyo in la beddelo miiska marin-haweedka. Si looga gudbo shaandhaynta, weeraryahanku marka hore wuxuu go'aamiyaa dekedda firfircoon ee UDP ee ku taal dhammaadka dhibbanaha. In kasta oo ay ku jiraan isla shabakadda wireless-ka, weeraryahanku wuxuu qaban karaa taraafikada laakiin ma awoodo inuu furo sababtoo ah ma yaqaanaan furaha kalfadhiga ee uu dhibbanuhu isticmaalo marka uu galo barta marin-haweedka. Si kastaba ha ahaatee, isagoo u diraya baakadaha baaritaanka dhibbanaha, weeraryahanku wuxuu go'aamin karaa dekedda firfircoon ee UDP iyadoo lagu saleynayo falanqaynta jawaabaha ICMP ee soo socda oo leh calanka "Delitaanka Aan La Gaadhi Karayn". Weerarku wuxuu markaa sameeyaa farriin ICMP ah oo leh calanka "wareejinta" iyo cinwaan UDP oo been abuur ah oo tilmaamaya dekedda furan ee UDP ee la ogaaday. Habaynta farriintan waxay kharribtaa jadwalka marin-haweedka ee nidaamka dhibbanaha waxayna u weecisaa taraafikada, taasoo suurtogal ah inay ku qabato qoraal cad oo ku yaal lakabka isku xirka xogta.
Arrintan waxaa lagu xaqiijiyay goobaha marin u helidda iyadoo la adeegsanayo chips-ka HiSilicon iyo Qualcomm. Daraasad lagu sameeyay 55 nooc oo kala duwan oo ah goobaha marin u helidda oo ka kala yimid 10 soo-saare oo caan ah (Cisco, NetGear, Xiaomi, Mercury, 360, Huawei, TP-Link, H3C, Tenda, iyo Ruijie) ayaa lagu ogaaday in dhammaantood ay ahaayeen kuwo nugul oo aan xannibin baakadaha ICMP ee been abuurka ah. Intaa waxaa dheer, falanqayn lagu sameeyay 122 shabakadood oo bilaa-waayir ah oo jira ayaa shaaca ka qaaday suurtagalnimada weerarka ee 109 shabakadood (89%).
Si looga faa'iidaysto nuglaantaas, weeraryahanku waa inuu xiriir sharci ah la leeyahay shabakadda Wi-Fi, tusaale ahaan, inuu yaqaan aqoonsiga gelitaanka shabakadda wireless-ka (nuglaantaasi waxay u oggolaanaysaa in laga gudbo hababka kala soocidda taraafikada ee borotokoollada WPA* ee shabakadda dhexdeeda). Si ka duwan weerarrada MITM ee dhaqameed ee shabakadaha wireless-ka, iyadoo la adeegsanayo farsamooyinka been abuurka baakadaha ICMP, weeraryahanku wuxuu ka fogaan karaa inuu geeyo meel marin u helid ah si uu u joojiyo taraafikada oo uu u isticmaalo meelaha marin u helidda ee sharciga ah ee u adeega shabakadda si uu ugu gudbiyo baakadaha ICMP ee si gaar ah loo sameeyay dhibbanaha.
Source: opennet.ru
