"FragAttacks" kutadza kweWi-Fi kunokanganisa mamirioni emidziyo

Darkcrizt

4 maminitsi

Nhau nezve dzinoverengeka dzekushushikana dzakaburitswa nguva pfupi yadarika ichangobva kuwanikwa pane ese maWi-Fi anogoneswa namano izvo kudanana kumashure kweanopfuura makore makumi maviri uye kubvumira murwisi kuba data kana zvichikwanisika.

Aya akateedzana ezvinetso zvakawanikwa nemuongorori wezvekuchengetedza Mathy Vanhoef, izvo zvinokundikana zvinonzi "FragAttacks" pamwe chete.

"Zvitatu zvezvinetso zvakawanikwa ndezvakakanganisika padanho reWiFi uye nekudaro zvinokanganisa zvigadzirwa zvakawanda," akadaro Mathy Vanhoef, muchengeti weBelgian uye mutsvagiri wezvidzidzo akawana Frag Attacks.

Dzimwe dzese kushomeka kunokonzerwa "nekukanganisa kwakawanda kwepurogiramu [mukumisikidzwa kweiyo WiFi standard] mune zvigadzirwa zveWiFi," Vanhoef akadaro.

"Ongororo dzinoratidza kuti chigadzirwa cheWiFi chose chinokanganiswa nekukanganisa kumwechete uye kuti zvigadzirwa zvakawanda zvinokanganiswa nekukuvara kwakawanda," akadaro Vanhoef, akarongerwawo kupa hurukuro yakadzama pane zvaakawana mukupera kwaJune. Gore rino muna Nyamavhuvhu. pane iyo USENIX. '21 musangano wekuchengetedza.

Sezvambotaurwa zvitatu zvekushushikana kwakakanganisa dhizaini muiyo Wi-Fi standard uye inokanganisa akawanda madivayiri, nepo kusagadzikana kwakasara kuri mhedzisiro yekukanganisa zvirongwa muzvigadzirwa zveWi-Fi.

Kushandiswa kwekusagadzikana inogona kubvumidza anorwisa mukati medhiyo redhiyo kunongedza zvishandiso nenzira dzakasiyana. Mune mumwe muenzaniso, anorwisa anogona kubaya akajeka mavara mafuremu mune chero yakachengeteka Wi-Fi network. Mune mumwe muenzaniso, anorwisa anogona kukanganisa traffic nekukurudzira anenge abatwa kuti ashandise iyo ine hutachiona DNS server.

Vanhoef anocherekedza kuti kuyedza kunoratidza kuti kunetsekana kumwe chete kunogona kuwanikwa mune yega chigadzirwa cheWi-Fi uye kuti zvigadzirwa zvakawanda zvinokanganiswa nekukuvadzwa kwakawanda, sezvaakaedza zvishandiso nemidziyo yakasiyana-siyana yeWi-Fi, kusanganisira mafoni anozivikanwa, akadai seGoogle., Apple , Samsung neHuawei, pamwe nemakomputa kubva kuMicro-Start International, Dell neApple, zvishandiso zveIoT kubva kuCanon uye Xiaomi, pakati pevamwe.

Iko hakuna humbowo hwekuti kusagadzikana kwakashandiswa pane imwe nguva uye kana uchitaura nezve mushumo, Wi-Fi Alliance yakati kusagadzikana kunodzikiswa kuburikidza nekuvandudzwa zvenguva dzose zvishandiso zvinobvumidza kuona kwekufungidzira kufambisa kana kuwedzera kutevedzera chengetedzo kuitisa zvakanaka maitiro.

"FragAttacks muenzaniso wekare wekuti software inogona sei kuve nezvose zviri zviviri kusagadzikana uye kusagadzikana kwekuuraya," 

"Asati mumwe munhu atanga kunyora kodhi, chikamu chekugadzira chinofanira kunge chakasimbisa magadzirirwo ezvigadziriso anotungamirwa nekutyisidzira modhi… Panguva yekutumirwa nekuyedzwa, zvishandiso zvekuongorora zvidziviriro zvinobatsira kutsvaga kusagadzikana mukuchengeteka kuitira kuti zvigadziriswe zvisati zvatanga. '

Izvo zvinokuvadza zvinonyorwa zvinotevera:

WiFi yakajairika dhizaini yekugadzira

  • CVE-2020-24588 - Aggregation kurwisa (inogamuchira isiri-SPP A-MSDU mafuremu).
  • CVE-2020-24587: yakavhenganiswa kiyi kurwisa (kuisazve zvimedu zvakanyorwa pasi pemakiyi akasiyana).
  • CVE-2020-24586 - Chunk cache kurwisa (Kutadza kujekesa machunks kubva mundangariro apo (re) ichibatanidza kunetiweki).

Kuteedzera kutadza kwenzvimbo yeWiFi

  • CVE-2020-26145: Kugamuchira Plain Ruzivo Kutenderera Chunks seMafuremu Akazara (pane yakavharidzirwa network).
  • CVE-2020-26144: Kugamuchirwa kwemavara mavara A-MSDU mafuremu anotanga neRFC1042 musoro neEtherType EAPOL (pane yakavharidzirwa network).
  • CVE-2020-26140: Kugamuchirwa kwePlain Ruzivo Dhata Mafaira pane Inodzivirirwa Network.
  • CVE-2020-26143: Kugamuchirwa kweMavara Akapatsanurwa Ruzivo Dhata Mafaira pane Inodzivirirwa Network.

Kumwe kuita kwekutadza kutadza

  • CVE-2020-26139: EAPOL furemu yekuendesa mberi kunyangwe sender asati asimbiswa (inofanirwa chete kukanganisa APs).
  • CVE-2020-26146: Kugadzirisazve zvidimbu zvakavharirwa pamwe zvisina-akateedzana mapaketi manhamba.
  • CVE-2020-26147: Kuunganidzwazve kweCrypted / Plain Rugwaro Rakavhenganiswa Chunks.
  • CVE-2020-26142: Kugadzira mafuremu akapatsanurwa semafuremu akazara.
  • CVE-2020-26141: Mafuremu Akakamurwa MIC TKIP haina kusimbiswa.

Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kubvunza chinotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako