A cikin bayanan da suka gabata mun sanar da cewa kwakwalwan Broadcom ya kasance mai saukin kai haris kuma yanzu wannan lokacin masu bincike daga kamfanin Nungiyar NCC ta bayyana cikakkun bayanai game da yanayin rashin lafiyar (CVE-2018-11976 ) akan kwakwalwan Qualcomm, que ba ka damar tantance abubuwan da ke cikin mabuɗan ɓoye sirri wanda ke cikin keɓaɓɓen Qualcomm QSEE (Qualcomm Secure Execution Environment) tallatawa bisa ga fasahar ARZ TrustZone.
Matsalar tana bayyana kanta a cikin yawancin Snapdragon SoCs, akan wayoyin zamani na Android. Gyaran gaba ɗaya don matsalar an riga an haɗa su a cikin sabuntawar Android ta Afrilu da sabbin sifofin firmware don kwakwalwan Qualcomm.
Qualcomm ya ɗauki shekara guda don shirya mafita: Da farko, an aika bayanai game da yanayin rashin lafiyar zuwa Qualcomm a ranar 19 ga Maris, 2018.
Fasahar ARM TrustZone tana ba ka damar ƙirƙirar keɓaɓɓen yanayin kayan keɓaɓɓen keɓaɓɓen keɓaɓɓe daga babban tsarin kuma yana gudana akan keɓaɓɓen mai sarrafawa ta hanyar amfani da keɓaɓɓen tsarin aiki na musamman.
Babban manufar TrustZone shine samarda keɓewar maɓallan maɓallin ɓoyayyen ɓoye, tabbatar da kimiyyar lissafi, bayanan kuɗi da sauran bayanan sirri.
Yin hulɗa tare da babban tsarin aiki yana faruwa kai tsaye ta hanyar aikin aikawa.
Ana sanya mabuɗan ɓoye sirri a cikin maɓallin keɓaɓɓen kayan aiki wanda, idan an aiwatar da shi yadda ya kamata, zai hana su zubewa idan tsarin ya sami matsala.
Game da matsalar
Vulneaƙidar yanayin yana haɗuwa da rashin nasara cikin aiwatarwa na algorithm don aiwatar da kullun elliptic, wanda ya haifar da zubar da bayanai game da sarrafa bayanai.
Masu bincike sun ci gaba wani ɓangare na uku hari dabara da damar, dangane da kwararar kai tsaye, rdawo da ƙunshin maɓallan masu zaman kansuwanda yake a cikin keɓaɓɓiyar Keystore ta Android.
Areididdigar ruwa an ƙaddara ne bisa la'akari da ayyukan ayyukan tsinkaya miƙa mulki da canje-canje a cikin damar samun bayanai zuwa ƙwaƙwalwar ajiya.
Yayin gwajin, Masu binciken sun yi nasarar nuna dawo da maɓallan ECDSA 224 da 256-bit daga maɓallin keystore akan kayan aikin da aka yi amfani da su a wayoyin Nexus 5X.
Don dawo da maɓallin, ya ɗauki kusan sa hannu na dijital 12 don ƙirƙirar, wanda ya ɗauki fiye da awanni 14 don kammalawa. An yi amfani da kayan aikin Cachegrab don aiwatar da harin.
Babban abin da ke haifar da matsalar shi ne raba cache da kayan haɗin kayan aiki don ƙididdiga a cikin TrustZone da kuma a cikin rundunar mahalarta: ana keɓancewa a matakin rarrabuwar ma'ana, amma ta hanyar amfani da bulolin lissafi na yau da kullun da saita alamun lissafi da bayani game da tsalle adiresoshin a cikin processor kowa cache.
Ta amfani da hanyar Firayim Minista + Bincike, gwargwadon kimar canjin lokacin samun damar zuwa bayanan da aka adana, zaka iya bincika samuwar wasu alamu a cikin ma'ajin tare da cikakkiyar madaidaiciyar kwararar bayanai da alamun aiwatar da lambar da ke da alaƙa da sa hannun dijital lissafi a cikin TrustZone.
Yawancin lokutan samar da sa hannu na dijital tare da maɓallan ECDSA akan kwakwalwan Qualcomm ana kashe su yayin gudanar da ayyukan ninkawa a cikin madauki ta amfani da vector na farawa wanda ba a canza ba (ba ɗaya ba) ga kowane sa hannu.
Si - wani maƙiyi na iya dawo da aƙalla 'yan ragowa tare da bayani game da wannan vector, yana yiwuwa a ƙaddamar da farmaki kan dawo da tsarin maɓallin keɓaɓɓu.
A game da Qualcomm, maki biyu na kwararar wannan bayanin an bayyana su a cikin haɓakar algorithm: yayin yin teburin bincike da kuma cikin lambar ƙira na haruffa bisa ƙimar bit ɗin ƙarshe a cikin "nonce" vector.
Kodayake lambar Qualcomm na dauke da matakan dakile kwararar bayanai a tashoshin wasu, hanyar kai harin ta ba ka damar tsallake wadannan matakan da kuma ayyana wasu ragogin na darajar "nonce", wanda ya isa dawo da 256 makullin ECDSA.
28 ga Afrilu kuma har yanzu ina jiran facin, cewa a cikin GNU / Linux ba ya faruwa