Ubuthathaka obutsha bokuqinisekisa iWiFi ichongiwe kwiLinux 

Ubuthathaka beWiFi

Ubuthathaka buchaphazela izixhobo ze-Android, iChromeOS kunye neLinux eziqhagamshela kwiinethiwekhi zeWiFi

Kutshanje iindaba ziye zaqhekeka Ubuthathaka obubini obutsha bachongiwe kwiLinux evulelekileyo yeepakethe zesoftware yeWifi evumela abahlaseli ukuba baqhathe amaxhoba ukuba aqhagamshelane neenethiwekhi eziqingqiweyo (FakeAP ilinganisa imvelaphi) kwaye ithintele itrafikhi yabo.

Ubuthathaka obufunyenweyo buchongiwe kwiipakethe IWD (Intel inet Wireless Daemon) kunye wpa_supplicant, ezisetyenziselwa ukulawula udibaniso lweenkqubo zomthengi we Linux kuthungelwano olungenazingcingo.

Ubume bobuthathaka -Izihlaselo ezimbini zokungena kwi-WPA2/3 yenethiwekhi yanamhlanje: enye ngokuchasene nabasebenzisi eqhagamshela kwi-WiFi yoShishino kunye nomnye ngokuchasene uthungelwano WiFi ekhaya ekhoyo .

Impembelelo:

wpa_supplicant: Ivumela umhlaseli ukuba aqhathe ixhoba ukuba liqhagamshelane nomntu okhohlakeleyo wenethiwekhi ye-WiFi kwaye emva koko athintele ukugcwala kwayo.

IWD: Ivumela umchasi ukuba afumane ufikelelo olungagunyaziswanga kwinethiwekhi yeWiFi ekhuselweyo yasekhaya, eveza abasebenzisi abasele bekho kunye nezixhobo kuhlaselo.

Kwimeko IWD, ukuba sesichengeni (ibhalwe phantsi kwe-CVE-2023-52161) izibonakalisa kuphela xa indlela yofikelelo yenziwe yasebenza, engelulo uqwalaselo oluqhelekileyo lwe-IWD, eyilelwe ikakhulu ukudibanisa kuthungelwano olungenazingcingo. Oku buthathaka ikuvumela ukuba uqhagamshele kwindawo yofikelelo eyenziweyo ngaphandle kokufuna ukwazi igama eligqithisiweyo, umzekelo, xa umsebenzisi enikezela ukufikelela kwinethiwekhi ngesixhobo sabo (i-hotspot).

Kukhankanyiwe ukuba semngciphekweni isuka ekungaphumelelini kokuqinisekisa ulandelelwano lwamanyathelo ngexesha lothethathethwano loqhagamshelo olungenazingcingo. Olu thethwano lusekelwe kumzila we-4 wonxibelelwano xa uqala ukudibanisa kwinethiwekhi ekhuselekileyo engenazintambo. Ingxaki kukuba i-IWD yamkela imiyalezo yalo naliphi na inqanaba lothethathethwano ngaphandle kokujonga ukuba inqanaba langaphambili ligqityiwe.

Umzekelo, umhlaseli unokutsiba ukuthumela umyalezo wenqanaba lesibini kwaye ngokuthe ngqo athumele umyalezo wenqanaba lesine, ngaloo ndlela egqitha inqanaba apho uqinisekiso luqinisekisiwe. Xa kusetyenzwa lo myalezo wenqanaba lesine ngaphandle koqinisekiso olululo, iqhosha le-PTK limiselwe ku-zero. Ngale nto, umhlaseli unokubala i-MIC (iKhowudi yoBunyani boMyalezo) usebenzisa i-PTK engekhoyo, kwaye i-IWD iya kwamkela le khowudi yokuqinisekisa njengesebenzayo.

Ngenxa yoko, umhlaseli ugqibezela olu thethwano loqhagamshelo oluyinxenye kwaye ufumana ufikelelo olupheleleyo kwinethiwekhi engenazingcingo, ekubeni indawo yofikelelo iya kufumana naziphi na izakhelo ezizithumelayo ezifihliweyo nge-null PTK isitshixo. Kufanelekile ukukhankanya ukuba le ngxaki yayiyiyo ilungiswe kwi-IWD version 2.14.

Ngakolunye uhlangothi, wpa_supplicant vulnerability (CVE-2023-52160) ivumela umhlaseli ukuba arhwebeshe umsebenzisi. kuthungelwano olungenangcingo lwenkohliso, esebenza njenge-clone yothungelwano apho umsebenzisi anenjongo yokudibanisa. Le mpazamo ekuphunyezweni kwe-PEAP protocol ivumela umhlaseli ukuba agqithe inqanaba lesibini loqinisekiso xa udibanisa isixhobo somsebenzisi esingaqwalaselwanga kakuhle, okwenza kube lula ukwenza i-clone yobuxoki yenethiwekhi ye-Wi-Fi ethembekileyo. Lo mba uchaphazela uthungelwano nge-WPA2-Enterprise okanye i-WPA3-Enterprise esebenzisa i-PEAP protocol.

Ngokuphathelele obu buthathaka, kukhankanyiwe ukuba ukwenza ngempumelelo uhlaselo kwi-wpa_supplicant, ezinye iimeko kufuneka ziqale zifezekiswe:

  1. Uqinisekiso lwesatifikethi somncedisi we-TLS sikhutshiwe: Umsebenzisi kufuneka acime ukuqinisekiswa kwesatifikethi se-TLS somncedisi kwisethingi zabo ze-wpa_supplicant. Olu luqwalaselo oluyingozi oluvumela umhlaseli ukuba aqhathe umxhasi ukuba adibanise nomsebenzi womgunyathi.
  2. Ulwazi lwe-SSID yothungelwano oluhlanganisiweyo: Umhlaseli kufuneka asazi isazisi senethiwekhi engenazingcingo (SSID) yenethiwekhi ehlanganisiweyo. Oku kuvumela umhlaseli ukuba aseke inethiwekhi yomgunyathi elinganisa inethiwekhi esemthethweni kwaye akhohlise umxhasi ukuba adibanise kuyo.
  3. Indawo yomhlaseli: Umhlaseli kufuneka abe phakathi koluhlu lweadaptha engenazingcingo yexhoba, kodwa abe ngaphandle kwendawo yofikelelo yenethiwekhi engenazingcingo. Oku kuthetha ukuba umhlaseli kufuneka asondele ngokwaneleyo kwixhoba ukuba athintele i-traffic yabo, kodwa kude ngokwaneleyo ukusuka kwindawo yokufikelela esemthethweni ukuze umxhasi akhethe inethiwekhi yobuxoki.
  4. Uhlobo lwenethiwekhi: Uhlaselo lunokwenzeka kwiinethiwekhi zisebenzisa i-WPA2-Enterprise okanye i-WPA3-Enterprise esebenzisa i-PEAP protocol. Le protocol iqhele ukusetyenziswa kwiindawo zoshishino kunye nezemfundo ukuqinisekisa abasebenzisi kwiinethiwekhi ezingenazingcingo ezikhuselekileyo.

Los abaphuhlisi be-wpa_supplicant bathathela ingqalelo ukuba ingxaki ayingomngcipheko, njengoko izibonakalalisa kuphela kuthungelwano olungasebenziyo olungasebenziyo olusebenzisa uqinisekiso lwe-EAP kunye ne-PEAP ngaphandle kokuqinisekisa isatifikethi se-TLS somncedisi. Ukunciphisa lo mba, isiqwenga sikhutshwe que yongeza indlela yokudlula okunyanzelekileyo kwisigaba sesibini sobuqinisekiso, ukongeza ekujongeni isatifikethi se-TLS. Nangona kunjalo, ukujongana ngokupheleleyo nokuba sesichengeni, abalawuli bothungelwano kufuneka baqwalasele ikhonkco lokuthembela ukuqinisekisa isatifikethi somncedisi usebenzisa i-ca_cert parameter.

Gqibela Ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.