Iqembu labacwaningi abavela eNyuvesi yaseTsinghua (e-China) kanye nase-George Mason University (USA) badalule ulwazi mayelana nokuba sengozini (CVE-2022-25667) ezindaweni zokufinyelela okungenantambo ezivumela ukuvinjwa kwethrafikhi (MITM) kumanethiwekhi angenawaya avikelwe kusetshenziswa i-WPA, WPA2. kanye namaphrothokholi e-WPA3 . Ngokukhohlisa amaphakethe e-ICMP ngefulegi “lokuqondisa kabusha”, umhlaseli angakwazi ukufinyelela ekuqondisweni kabusha kwethrafikhi yesisulu ngaphakathi kwenethiwekhi engenantambo ngesistimu yakhe, engasetshenziswa ukuvimba noma ukuphamba izikhathi ezingabetheliwe (isibonelo, izicelo kumasayithi angenayo i-HTTPS).
Ukuba sengozini kubangelwa ukuntuleka kokuhlunga okufanele kwemilayezo engelona iqiniso ye-ICMP enekheli lomthombo elikhohlakele (i-spoofing) kumaphrosesa enethiwekhi (NPU, Iyunithi Yokucubungula Inethiwekhi), ehlinzeka ngokucubungula okuphansi kwamaphakethe kunethiwekhi engenantambo. Phakathi kwezinye izinto, ama-NPU aqondise kabusha, ngaphandle kokuhlola ama-spoofing, amaphakethe e-ICMP angamanga anefulegi “lokuqondisa kabusha”, angasetshenziswa ukushintsha imingcele yetafula lomzila ohlangothini lomsebenzisi oyisisulu. Ukuhlasela kubilisa ekuthumeleni iphakethe le-ICMP egameni lephoyinti lokufinyelela elinefulegi "lokuqondisa kabusha" futhi libonisa idatha engelona iqiniso kunhlokweni yephakethe. Ngenxa yokuba sengozini, umlayezo uqondiswa kabusha indawo yokufinyelela futhi ucutshungulwe isitaki senethiwekhi yesisulu, esikholelwa ukuthi umlayezo uthunyelwe indawo yokufinyelela.
Ukwengeza, abacwaningi bahlongoze indlela yokudlula amasheke amaphakethe e-ICMP ngefulegi "lokuqondisa kabusha" ohlangothini lomsebenzisi wokugcina nokushintsha ithebula layo lomzila. Ukuze udlule ukuhlunga, umhlaseli uqala ngokunquma imbobo ye-UDP esebenzayo ohlangothini lwesisulu. Njengoba ikunethiwekhi efanayo engenantambo, umhlaseli angakwazi ukuvimba ithrafikhi, kodwa akakwazi ukuyisusa, ngoba akawazi ukhiye weseshini osetshenziswa lapho isisulu sifinyelela indawo yokufinyelela. Nokho, ngokuthumela amaphakethe okuhlola kusisulu, umhlaseli angakwazi ukunquma imbobo ye-UDP esebenzayo ngokusekelwe ekuhlaziyweni kwezimpendulo ze-ICMP ezingenayo ngefulegi elithi “Indawo Engafinyeleleki”. Okulandelayo, umhlaseli ukhiqiza umlayezo we-ICMP ngefulegi “lokuqondisa kabusha” kanye nesihloko esingamanga se-UDP, okubonisa imbobo ye-UDP evulekile ekhonjiwe. Ukucutshungulwa kwalo mlayezo kuholela ekuhlanekeni kwetafula lomzila kusistimu yesisulu kanye nokuqondisa kabusha kwethrafikhi nethuba lokuyinqamula embhalweni ocacile kusendlalelo sesixhumanisi sedatha.
Inkinga iqinisekisiwe ezindaweni zokufinyelela kusetshenziswa ama-chips akhiqizwe i-HiSilicon ne-Qualcomm. Ucwaningo lwamamodeli wezindawo zokufinyelela ezihlukene ezingama-55 kubakhiqizi abayi-10 abaziwayo (Cisco, NetGear, Xiaomi, Mercury, 360, Huawei, TP-Link, H3C, Tenda, Ruijie) lubonise ukuthi wonke angasengozini yokuba sengozini futhi awavimbeli. amaphakethe e-ICMP angamanga. Ukwengeza, lapho kuhlaziywa amanethiwekhi angenawaya angu-122, amathuba okuhlasela akhonjwe kumanethiwekhi angu-109 (89%).
Ukuze kusetshenziswe ubungozi, umhlaseli kufanele akwazi ukuxhuma ngokusemthethweni kunethiwekhi ye-Wi-Fi, i.e. kufanele yazi imingcele yokungena kunethiwekhi engenantambo (ubungozi bukuvumela ukuba udlule izindlela ezisetshenziswa kuzimiso ze-WPA* zokuhlukanisa ithrafikhi yabasebenzisi ngaphakathi kwenethiwekhi). Ngokungafani nokuhlaselwa okuvamile kwe-MITM kumanethiwekhi angenawaya, kusetshenziswa indlela ye-ICMP ye-packet spoofing, umhlaseli angenza ngaphandle kokusebenzisa indawo yokufinyelela engelona iqiniso ukuze avimbele ithrafikhi futhi asebenzise izindawo zokufinyelela ezisemthethweni ezinikeza inethiwekhi ukuqondisa kabusha amaphakethe e-ICMP aklanywe ngokukhethekile kulowo ohlukunyeziwe.
Source: opennet.ru
