Ofungiyar masu bincike daga Jami'ar Ruhr da ke Bochum (Jamus) gabatar da dabarun kai harin tawaye, que yana ba da damar sakonnin ɓoyayyen kiran murya a kan hanyoyin sadarwar wayar hannu 4G / LTE ana amfani dashi don watsa zirga-zirgar murya tare da fasahar VoLTE (Voice over the LTE).
Don hana kiran tarho daga shiga cikin VoLTE, tashar tsakanin abokin ciniki da mai aiki an ɓoye ta bisa ɓoye ɓoye na rafi.
Theayyadadden bayanin yana tsara ƙarni na maɓallin keɓaɓɓen maɓalli ga kowane zama, amma kamar yadda masu binciken suka bayyana, 12 daga cikin tashoshin tushe 15 da aka gwada ba su hadu da wannan yanayin ba kuma sake amfani da wannan maɓallin kewaya don kira biyu a jere a tashar rediyo ɗaya ko amfani da hanyoyin da ake iya faɗi don samar da sabon tsari.
Amfani da Keystream yana bawa maharin damar yanke hanyar zirga-zirga rikodin tattaunawar ɓoye Don warware abin da kiran murya ya ƙunsa, maharin ya fara cuwa-cuwa da adana ɓoyayyun hanyoyin rediyo tsakanin wanda aka azabtar da tashar mai rauni.
Bayan an gama kiran, maharin ya sake kiran wanda aka azabtar kuma yayi kokarin ci gaba da tattaunawar in dai zai yiwu, hana wanda aka azabtar ya yi waya. A yayin wannan tattaunawar, ban da yin rikodin zirga-zirgar rediyo da aka ɓoye, ana kuma adana siginar odiyo da ba a ɓoye ba.
Murya akan LTE (VoLTE) sabis ne na wayar tarho wanda aka haɗa shi da daidaitaccen Tsarin Juyin Halitta (LTE). A yau, duk manyan kamfanonin sadarwa suna amfani da VoLTE. Don amintar da kiran waya, VoLTE tana ɓoye bayanan murya tsakanin waya da cibiyar sadarwa tare da ɓoye ɓoye. Ɓoye ɓoye na rafi zai samar da maɓallin keɓaɓɓen maɓalli don kowane kira don kaucewa matsalar sake amfani da maɓallin rafi.
Gabatar da ReVoLTE, harin da ke amfani da kuskuren aiwatar da LTE don dawo da abun cikin ɓoyayyen kiran VoLTE.
Wannan yana bawa abokin gaba damar sauraran kiran wayar VoLTE. ReVoLTE yana yin amfani da maɓallin keystream sake amfani dashi, wanda Raza & Lu suka gano. Aƙarshe, sake amfani da maɓallin rafi yana bawa abokin gaba damar yanke rikodin kira tare da ƙananan albarkatu.
Don warware kiran farko na wanda aka azabtar, maharin, gwargwadon ɓoyayyen zirga-zirgar da aka katse yayin kira na biyu da asalin muryar muryar da aka ɗauka a wayar maharin, na iya lissafin ƙimar maɓallin rafi, wanda aikin XOR ke tantancewa tsakanin buɗaɗɗe da buɗewa. ɓoye bayanai.
Tunda an sake amfani da maɓallin rafi, ta hanyar amfani da maɓallin rafin da aka lasafta don kira na biyu zuwa bayanan ɓoye daga kiran farko, maharin zai iya samun damar zuwa asalin abun ciki. Tsawon tattaunawar ta biyu tsakanin maharin da wanda aka azabtar ya kasance, da ƙarin bayani daga kiran farko za a iya canzawa. Misali, idan maharin ya sami nasarar shimfida tattaunawar na mintina 5, to zai iya fasa minti 5.
Don ɗaukar ɓoyayyen zirga-zirgar iska daga hanyoyin sadarwar LTE, masu binciken sun yi amfani da mai nazarin siginar AirScope kuma don samun asalin muryar asali yayin kiran maharin, sun yi amfani da wayoyin zamani na Android da aka sarrafa ta ADB da SCAT.
Kudin kayan aikin da ake bukata domin kai harin an kiyasta dala 7,000.
An sanar da masana'antar tashar tashar matsalar a cikin Disambar da ta gabata kuma mafi yawansu sun riga sun saki faci don gyara yanayin rauni. Koyaya, wasu masu aiki na iya watsi da sabuntawar.
Don bincika mai saukin kamuwa da matsalar LTE da hanyoyin sadarwar 5G, an shirya aikace-aikacen wayar hannu ta musamman don dandamalin Android 9 (don aikinta, kuna buƙatar samun damar tushe da wayoyin hannu akan kwakwalwan Qualcomm, kamar Xiaomi Mi A3, One Plus 6T da Xiaomi Mix 3 5G).
Baya ga ƙayyade kasancewar yanayin rauni, ana iya amfani da aikace-aikacen don ɗaukar zirga-zirga da duba saƙonnin sabis. Ana adana zirga-zirgar da aka kama a cikin tsarin PCAP kuma ana iya aika shi zuwa sabar mai amfani na HTTP don ƙarin cikakken bincike tare da kayan aikin yau da kullun.
Source: https://revolte-attack.net/
Godiya ga raba wannan bayanin.