Abacwaningi bezokuphepha abavela ku-F-Secure amalokhi eminyango ehlakaniphile i-KeyWe Smart Lock futhi yembula okubalulekile , evumela ukusetshenziswa ukuze i-Bluetooth Low Energy ne-Wireshark ibambe isiminyaminya esilawulayo futhi ikhiphe kuyo ukhiye oyimfihlo osetshenziswa ukuvula ilokhi ku-smartphone.
Inkinga ibhebhethekiswa yiqiniso lokuthi izingidi azisekeli izibuyekezo ze-firmware futhi ubungozi buzolungiswa kuphela kuqoqo elisha lamadivayisi. Abasebenzisi abakhona bangasusa kuphela inkinga ngokufaka isikhiya noma ukuyeka ukusebenzisa i-smartphone yabo ukuze bavule umnyango. I-KeyWe ikhiya okuthengiswayo ngama- $155 futhi ivamise ukusetshenziswa eminyango yendawo yokuhlala neyentengiso. Ngaphezu kokhiye ojwayelekile, ukukhiya kungabuye kuvulwe ngokhiye we-elekthronikhi ngohlelo lokusebenza lweselula ku-smartphone noma kusetshenziswa isongo esinomaka we-NFC.
Ukuze uvikele isiteshi sokuxhumana lapho imiyalo idluliselwa khona kusuka kuhlelo lokusebenza lweselula, kusetshenziswa i-algorithm ye-AES-128-ECB, kodwa ukhiye wokubethela ukhiqizwa ngokusekelwe okhiye ababili ababikekayo - ukhiye ovamile kanye nokhiye obaliwe owengeziwe, ongenziwa kalula. kunqunyiwe. Ukhiye wokuqala ukhiqizwa ngokusekelwe kumapharamitha wokuxhuma kwe-Bluetooth njengekheli le-MAC, igama ledivayisi nezici zedivayisi.
I-algorithm yokubala ukhiye wesibili inganqunywa ngokuhlaziywa kohlelo lokusebenza lweselula. Njengoba ulwazi lokukhiqiza okhiye lwaziwa ekuqaleni, ukubethela kusemthethweni kuphela futhi ukuqhekeka isikhiya kwanele ukucacisa imingcele yokukhiya, ukuvala iseshini yokuvula umnyango futhi ukhiphe ikhodi yokufinyelela kuyo. Ikhithi yamathuluzi yokuhlaziya ishaneli yokuxhumana ngokukhiya nokunquma okhiye bokufinyelela ku-GitHub.
Source: opennet.ru