"FragAttacks" Ukuba semngciphekweni kweWi-Fi kuchaphazela izigidi zezixhobo

Darkcrizt

Imizuzu ye4

Iindaba malunga nenani lokuba sesichengeni zakhutshwa kutshanje esandula kufunyanwa kuzo zonke izixhobo ezenzelwe iWi-Fi ezithi ukuthandana emva kweminyaka engama-20 kunye nokuvumela umhlaseli ukuba ebe idatha ukuba iyafikeleleka.

Olu luhlu lwezinto ezisemngciphekweni lwafunyanwa ngumphandi wezokhuseleko uMathy Vanhoef, ubuthathaka babizwa ngokudibeneyo "FragAttacks".

"Izinto ezintathu zokungakhuseleki ezifunyanisiweyo ziziphene zoyilo kumgangatho weWiFi kwaye ke zichaphazela uninzi lwezixhobo," utshilo uMathy Vanhoef, ukhuseleko lwaseBelgium kunye nomphandi kwezemfundo ofumene uhlaselo lweFrag.

Zonke ezinye zezokuba sesichengeni okubangelwa "ziimpazamo ezisasazekayo zenkqubo [ekuphunyezweni komgangatho weWiFi] kwiimveliso zeWiFi," utshilo uVanhoef.

"Amalinge abonisa ukuba yonke imveliso ye-WiFi ichaphazeleka kukungakhuseleki okukodwa kwaye uninzi lweemveliso zichaphazeleka kukungakhuseleki okuninzi," utshilo uVanhoef, naye ocwangciselwe ukwenza intetho enzulu ngeziphumo zakhe ngasekupheleni kukaJuni. Kulo nyaka ngo-Agasti kwi USENIX. Inkomfa yezokhuseleko yama-21.

Njengoko kukhankanyiwe Ezintathu zobuthathaka ziziphene zoyilo kumgangatho we-Wi-Fi kwaye zichaphazela uninzi lwezixhobo, Ngelixa ubungozi obushiyekileyo sisiphumo seempazamo zenkqubo kwiimveliso zeWi-Fi.

Ukusetyenziswa kobuthathaka inokuvumela umhlaseli kuluhlu lwerediyo ukuba ajolise kwizixhobo ngeendlela ezahlukeneyo. Ngomnye umzekelo, umhlaseli unokufaka inqaku lesicatshulwa esicacileyo kuyo nayiphi na inethiwekhi ekhuselekileyo ye-Wi-Fi. Komnye umzekelo, umhlaseli unokuthintela ukugcwala ngokuqhubela ixhoba ukuba lisebenzise iseva ye-DNS eyosulelekileyo.

UVanhoef uphawula ukuba uvavanyo lubonisa ukuba ubuncinci bumngcipheko bunokufumaneka kuyo yonke imveliso ye-Wi-Fi kwaye uninzi lweemveliso zichaphazeleka ngenxa yokuba semngciphekweni okuninzi, njengoko wayevavanya izixhobo ezinezixhobo ezahlukeneyo ze-Wi-Fi, kubandakanya ii-smartphones ezithandwayo, ezinje ngeGoogle. , IApple, iSamsung kunye neHuawei, kunye neekhompyuter ezivela kwiMicro-Start International, iDell kunye neApple, izixhobo ze-IoT ezivela eCanon naseXiaomi, phakathi kwabanye.

Akukho bungqina bokuba ubungozi buye baxhatshazwa ngaxa lithile naxa usenza ingxelo, Umbutho weWi-Fi uthe ukuba sesichengeni kuncitshisiwe ngohlaziyo yezixhobo eziqhelekileyo ezivumela ukufunyanwa kokosuleleka okukrokrisayo okanye ukuphucula ukuthotyelwa kokuphunyezwa kokhuselo kweendlela ezilungileyo.

"I-FragAttacks ngumzekelo weklasikhi wokuba isoftware inokuba nakho njani ukuba semngciphekweni koyilo kunye nokwenza ukuba semngciphekweni," 

"Phambi kokuba umntu aqalise umhleli wekhowudi, inqanaba loyilo kufuneka libandakanye imigaqo-nkqubo ekhuselekileyo yoyilo eqhutywa yimodeli yosongelo ... Ngexesha lokusasazwa kunye nokuvavanywa, izixhobo zokuvavanya ezenzekelayo zinceda ukufumanisa ukuba semngciphekweni kwezokhuseleko. Ukhuseleko ukuze zilungiswe ngaphambi kokumiliselwa."

Ukuba semngciphekweni kudweliswe ngolu hlobo lulandelayo:

Iimpazamo zokuyilwa komgangatho weWiFi

  • I-CVE-2020-24588: Uhlaselo lokudibana (yamkela izakhelo ze-A-MSDU ezingezizo i-SPP).
  • I-CVE-2020-24587: Uhlaselo oluphambili lokuxutywa (ukuphinda kwenziwe iziqwenga ezifihliweyo phantsi kwezitshixo ezahlukeneyo).
  • I-CVE-2020-24586 -Ukuhlaselwa kwe-Chunk cache (Ukusilela ukucoca ii-chunks kwimemori xa (re) idibanisa kwinethiwekhi).

Ukuphunyezwa kweziphene zomgangatho we-WiFi

  • I-CVE-2020-26145: Ukwamkela iZicatshulwa eziSulungekileyo zokuSasaza njengamaFreyimu apheleleyo (kuthungelwano olofihliweyo).
  • I-CVE-2020-26144: Ukwamkelwa kokubhaliweyo kwe-A-MSDU izakhelo eziqala ngentloko ye-RFC1042 ene-EtherType EAPOL (kuthungelwano olofihliweyo).
  • I-CVE-2020-26140: Ukwamkelwa kweeFreyimu zeDatha yeeNgcaciso kwiNethiwekhi ekhuselweyo.
  • I-CVE-2020-26143: Ukwamkelwa kweeFreyimu zeDatha yeeNgcaciso eziCwangcisiweyo kwiNethiwekhi ekhuselweyo.

Olunye usilelo lomiliselo

  • I-CVE-2020-26139: Ukuhanjiswa kwesakhelo se-EAPOL nangona umthumeli engekaqinisekiswa (kufuneka kuchaphazele ii-APs kuphela).
  • I-CVE-2020-26146: Ukuphinda kwenziwe kwakhona iziqwenga ezifihliweyo ezinamanani epakethe angalandelelaniyo.
  • I-CVE-2020-26147: Ukuphinda kwenziwe umhlangano ngokuBhaliweyo / ngeThafa elicwangcisiweyo iiChunks eziHlangeneyo.
  • I-CVE-2020-26142: Ukuqhubekeka kwezakhelo eziqhekeziweyo njengezakhelo ezizeleyo.
  • I-CVE-2020-26141: Iifreyimu eziqhekekileyo I-MIC TKIP ayiqinisekiswanga.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo, unokubonisana eli khonkco lilandelayo.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.