An fitar da labarai game da rashin lahani da yawa kwanan nan sabon da aka gano akan duk na'urori masu kunna Wi-Fi waɗanda ya kasance sama da shekaru 20 kuma yana ba maharin damar satar bayanai idan yana cikin isa.
Mai binciken tsaro Mathy Vanhoef ne ya gano wannan jerin yanayin rashin dacewar, ana kiran raunin ne a hade "FragAttacks".
"Uku daga cikin raunin da aka gano kura-kuran zane ne a cikin tsarin WiFi saboda haka suna shafar mafi yawan na'urori," in ji Mathy Vanhoef, jami'in tsaron Belgium kuma masanin binciken ilimi wanda ya gano hare-haren Frag.
Ragowar rauni ne da aka haifar "ta hanyar kurakuran shirye-shirye masu yawa [a aiwatar da tsarin WiFi] a cikin kayayyakin WiFi," in ji Vanhoef.
"Gwaje-gwaje na nuna cewa kowane samfurin WiFi ya shafi aƙalla lahani guda daya kuma mafi yawan samfuran suna fuskantar matsaloli masu yawa," in ji Vanhoef, wanda kuma aka shirya zai yi cikakken bayani kan bincikensa a ƙarshen Yuni. Wannan shekara a watan Agusta akan USENIX. '21 taron tsaro.
Kamar yadda aka ambata uku daga cikin lahani raunin zane ne a cikin daidaitaccen Wi-Fi kuma yana shafar mafi yawan na'urori, yayin da ragowar raunin da ya rage sakamakon kurakuran shirye-shirye ne a cikin kayayyakin Wi-Fi.
Amfani da yanayin rauni na iya ba da izini ga mai kawo hari tsakanin kewayon rediyo don ɗora na'urar a hanyoyi daban-daban. A cikin misali guda, mai kai hari zai iya yiwa allunan rubutu bayyane a cikin duk wata hanyar sadarwar Wi-Fi mai aminci. A wani misalin kuma, maharin na iya katse zirga-zirga ta hanyar tunzura wanda aka azabtar ya yi amfani da sabar DNS mai dauke da cutar.
Vanhoef ya lura cewa gwaje-gwajen sun nuna cewa aƙalla akwai rauni guda ɗaya a cikin kowane samfurin Wi-Fi kuma yawancin samfuran suna shafar lamuran da yawa, kamar yadda ya gwada na'urori tare da na'urori daban-daban na Wi-Fi, gami da sanannun wayoyi irin su Google,. Samsung da Huawei, da kwamfutoci daga Micro-Start International, Dell da Apple, IoT devices daga Canon da Xiaomi, da sauransu.
Babu tabbacin cewa an yi amfani da yanayin rauni a wani lokaci kuma yayin magance rahoton, Wi-Fi Alliance ya ce an rage laulayin ta hanyar sabuntawa na na'urori na yau da kullun waɗanda ke ba da izinin gano watsa shirye-shiryen m ko inganta bin ka'idodi mafi kyawun aiwatarwa.
"FragAttacks babban misali ne na yadda software zata iya samun raunin zane da kuma raunin aiwatarwa,"
"Kafin wani ya fara editan lamba, lokacin tsarawa ya kamata ya hada da amintattun ka'idojin tsara abubuwa wadanda suka dace da tsarin yin barazanar threat Yayin turawa da gwaji, kayan aikin gwajin tsaro na atomatik na taimakawa wajen gano yanayin raunin tsaro. Tsaro domin a daidaita su kafin a fara su.
An lasafta laulayin kamar haka:
Kuskuren zane na WiFi
- CVE-2020-24588 - Haɗakar haɗari (ta karɓi firam ɗin da ba ta SPP A-MSDU ba).
- CVE-2020-24587: mabuɗin maɓallin haɗi (sake haɗuwa da ɓoyayyun gutsutsuren ƙarƙashin mabuɗan daban).
- CVE-2020-24586 - Hannun ɓoye ɓoyayyen Cunk (Rashin share guntun abubuwa daga ƙwaƙwalwa lokacin da (sake haɗawa zuwa cibiyar sadarwa).
Kuskuren aiwatarwa na daidaitattun WiFi
- CVE-2020-26145: Yarda da Bayyanar Rubutun Rubutun Bayyanannu azaman Cikakken Fim (a kan hanyar sadarwa).
- CVE-2020-26144: Yarda da sassan Fayil-A-MSDU bayyanannu waɗanda suka fara da taken RFC1042 tare da EtherType EAPOL (akan hanyar sadarwa ɓoyayyiya).
- CVE-2020-26140: Yarda da Fayil ɗin Rubutun Bayanai a bayyane a kan hanyar sadarwa mai kariya.
- CVE-2020-26143: Yarda da Maballin Rubutun Bayanan Rubutattun Bayanai a kan hanyar sadarwa mai kariya.
Sauran gazawar aiwatarwa
- CVE-2020-26139: Gabatar da tsarin EAPOL kodayake har yanzu mai aiko sakon bai inganta ba (zai shafi AP kawai).
- CVE-2020-26146: Sake tattara abubuwan da aka ɓoye tare da lambobin fakiti mara jere.
- CVE-2020-26147: Sake haɗuwa da xedunƙun Enunƙwan Enunƙwasa / Bayyanar Rubutu.
- CVE-2020-26142: Gudanar da ginshiƙan ginshiƙai azaman cikakkun hotuna.
- CVE-2020-26141: Ba a tabbatar MIC TKIP guntun Frames ba.
Finalmente idan kuna sha'awar ƙarin sani game da shi, zaka iya tuntuba mahada mai zuwa.