An bayyana wasu kwararru kan harkar tsaro ta yanar gizo guda biyu kwanan nan wanda ya sami damar buɗe kofofin Tesla daga nesa, ta amfani da drone sanye take da Wi-Fi dongle. Masu binciken sun gabatar da bajintar su a taron CanSecWest ta hanyar lura cewa ba sa bukatar wata hulda daga kowa a cikin motar.
Abin da ake kira amfani da shi Ana aiwatar da "Zero-Danna" ba tare da wata ma'amala tare da mai amfani ba. Da zarar an girka, zaka iya rikodin sautunan yanayi da tattaunawar waya, ɗauki hotuna, da samun damar takardun shaidarka, da sauran abubuwa.
Kurakuran da masu binciken tsaron yanar gizo Ralf-Philipp Weinmann, Shugaba na Kunnamon, da Benedikt Schmotzle, na Comsecuris suka gabatar, hakika sakamakon binciken da aka gudanar ne a bara. An gudanar da bincike ne a asali a matsayin wani ɓangare na gasar Pwn2Own 2020 hack, bayar da mota da sauran manyan kyaututtuka don satar bayanan Tesla.
Wannan ya ce, an sanar da sakamakon ne kai tsaye ga Tesla ta hanyar shirin lada ga kuskure bayan da masu shirya Pwn2Own suka yanke shawarar cire rukunin mota na dan lokaci saboda cutar coronavirus.
Harin, wanda aka yiwa lakabi TBONE, yana nuna amfani da raunin biyu shafi ConnMan, manajan haɗin intanet don na'urori da aka saka. Raunin rauni biyu a cikin ConnMan ya ba Weinmann da Schmotzle damar aiwatar da umarni akan tsarin lalatawar Tesla.
A cikin rubutun blog, Weinmann da Schmotzle sun bayyana cewa maharin na iya amfani da waɗannan ramuka don ɗaukar cikakken tsarin tsarin infotainment. daga Tesla ba tare da hulɗar mai amfani ba. Wani maƙiyin da ke amfani da raunin iya yin kowane aiki da mai amfani na yau da kullun zai iya yi daga tsarin infotainment.
Wannan ya haɗa da buɗe ƙofofi, canza wurin zama, kunna kiɗa, sarrafa iska, da canza yanayin tuƙi da maƙura.
Duk da haka, masu binciken sun lura cewa harin ya kasa mallakar motar. Sun yi iƙirarin cewa amfani ya yi aiki da ƙirar S, 3, X, da Y na Tesla. Koyaya, a cikin sakon nasu, sun bayyana karara cewa zasu iya aikata mafi munin ta hanyar rubuta lambar a cikin fasahar lalata bayanan Tesla. Weinmann yayi gargadin cewa amfani zai iya zama tsutsa. Wannan abu ne mai yiyuwa ta hanyar kara kwazo wanda zai ba su damar kirkirar sabuwar Wi-Fi firmware gaba daya a kan Tesla, "yana mai da ita hanyar samun damar da za a iya amfani da ita wajen sarrafa wasu motocin Tesla na kusa."
Duk da haka, masu binciken sun zabi kada su gabatar da irin wannan harin.
“Dingara wani fifiko na alfarma kamar CVE-2021-3347 zuwa TBONE zai ba mu damar loda sabon Wi-Fi firmware a kan motar Tesla, yana mai da shi hanyar samun damar da za a iya amfani da ita don amfani da wasu motocin Tesla waɗanda ke kusa da motar wanda aka azabtar. Koyaya, ba mu so mu mayar da wannan amfani ya zama tsutsotsi na kwamfuta, ”in ji Weinmann. Tesla ya gyara lahanin tare da sabuntawa da aka fitar a watan Oktoba 2020 kuma an bayar da rahoton dakatar da amfani da ConnMan.
Hakanan an sanar da Intel, tunda kamfanin shine asalin wanda ya kirkiro ConnMan, amma masu binciken sunce chipmaker din yana ganin ba hurumin ta bane gyara kuskuren.
Masu bincike sun gano cewa ana amfani da kayan haɗin ConnMan a masana'antar kera motoci, wanda hakan na iya nufin cewa ana iya ƙaddamar da irin wannan harin akan sauran motocin. Daga karshe Weinmann da Schmotzle sun koma ga Kungiyar Ba da Agajin Gaggawa ta Kwamfuta ta Kasar Jamus (CERT) don taimakawa wajen ilimantar da masu samar da ayyukan da abin ya shafa.
Har yanzu ba a sani ba ko sauran masana'antun sun ɗauki mataki don amsawa. ga binciken masu binciken. Masu binciken sun bayyana abubuwan da suka gano a taron CanSecWest a farkon wannan shekarar. A cikin 'yan shekarun nan, masu binciken tsabtace yanar gizo daga kamfanoni daban-daban sun nuna cewa za a iya yin kutse kan Tesla, a lokuta da dama daga nesa.
A cikin 2020, masanan tsaro a McAfee sun nuna abubuwan da za su iya tilasta aikin tuki na Tesla don kara saurin motar. An gyara kwari a cikin Oktoba na bara, wanda ke nufin cewa satar bayanai bai kamata ya yiwu a yau ba.
Source: https://kunnamon.io