Kana dzikashandiswa, zvikanganiso izvi zvinogona kubvumira vanorwisa kuti vawane mukana usina mvumo kune ruzivo rwakadzama kana kuti kazhinji kukonzera matambudziko.
Nhau yakaburitswa kuti boka revatsvakurudzi kubva kuTsinghua University (China) uye George Mason University (USA) yakaburitsa ruzivo rwekusagadzikana (CVE-2022-25667) panzvimbo dzekuwana iyo inobvumira kuronga kubatwa kwetraffic (MITM) mune isina waya network yakachengetedzwa nenzira yeWPA, WPA2 uye WPA3 protocol.
Nekubata ICMP mapaketi Ne "redirect" mureza, anorwisa anogona kutungamira traffic yemunhu akabatwa mukati metiweki isina waya kuburikidza nesystem yavo, iyo inogona kushandiswa kubata uye kukanganisa masesheni asina kuvharirwa (semuenzaniso, zvikumbiro kune asiri-HTTPS masaiti).
Kunetseka inokonzerwa nekushaikwa kwekusefa kwakaringana kweSpoofed ICMP meseji ine kero yekutumira spoofing pane network processors (NPUs, Network Processing Units), iyo inopa yakaderera-level packet processing pane isina waya network.
Pakati pezvimwe zvinhu, maNPU akadzoserwa, pasina kuonesa manyepo, emanyepo eICMP mapaketi ane "redirect" mureza, anogona kushandiswa kushandura routing tafura paramita padivi remushandisi.
Pfungwa yepakati ndeye kushandisa zvisirizvo kusagadzikana kwekudyidzana pakati peWPAs neICMP mapuroteni, kunzvenga zvachose nzira dzekuchengetedza dzekubatanidza dzinoshandiswa neWPAs.
Kurwiswa kwacho kunoderedzwa kusvika pakutumira ICMP pakiti pachinzvimbo chenzvimbo yekuwana ne "redirect" mureza, iyo inoratidza dummy data mumusoro wepaketi. Nekuda kwekusagadzikana, meseji inoendeswa mberi nenzvimbo yekuwana uye inogadziriswa neakabatwa network stack, iyo inofungidzira kuti meseji yakatumirwa nenzvimbo yekuwana.
Tinosangana nezvinodiwa zviviri kuti tibudirire kutanga kurwisa kwedu. Chekutanga, kana munhu anorwisa achikanganisa AP iri pamutemo kugadzira ICMP inotungamira meseji, iyo AP haigone kuziva uye kusefa iyo yakashata ICMP inotungamira.
Uyewo, vaongorori vakaronga nzira yekunzvenga macheki yeICMP mapaketi ane "redirect" mureza padivi remushandisi wekupedzisira uye shandura tafura yavo yekufambisa. Kuti udzivise kusefa, anorwisa anotanga aona chiteshi cheUDP chinoshanda padivi remunhu anenge abatwa.
Chechipiri, takagadzira nzira nyowani yekuita kuti meseji yakashata yeICMP inotungamira inogona kunzvenga cheki chechokwadi chemunhu akabatwa uye yobva yaisa chepfu patafura yavo yekufambisa. Takaita chiyero chakakura pa122 real-world Wi-Fi network, ichifukidza ese aripo eWi-Fi kuchengetedza modes.
Kuve pane imwechete isina waya network, anorwisa anogona kubata traffic, asi haakwanise kuibvisa, nekuti haazive kiyi yesesheni inoshandiswa kana munhu akabatwa asvika panzvimbo yekupinda. Nekudaro, nekutumira bvunzo mapaketi kune akabatwa, anorwisa anogona kuona inoshanda UDP chiteshi zvichienderana nekuongororwa kweinouya ICMP mhinduro ne "Destination Unreachable" mureza. Anodenha anobva agadzira meseji yeICMP ine "redirect" mureza uye yakaumbwa UDP musoro unotsanangura iyo yakavhurwa UDP chiteshi.
Dambudziko yakasimbiswa panzvimbo dzekuwana uchishandisa HiSilicon uye Qualcomm chips. Chidzidzo chemakumi mashanu emhando dzakasiyana dzenzvimbo dzekuwana kubva kune gumi anozivikanwa vagadziri (Cisco, NetGear, Xiaomi, Mercury, 55, Huawei, TP-Link, H10C, Tenda, Ruijie) yakaratidza kuti ese ari panjodzi uye haavhare packet. ICMP. Pamusoro pezvo, ongororo ye360 iripo isina waya network yakaratidza mukana wekurwiswa kwe3 network (122%).
Kushandisa vulnerabilities, munhu anorwisa anofanira kukwanisa kubatana zviri pamutemo kune network yeWi-Fi, ndiko kuti, inofanirwa kuziva maparamendi ekupinda mune isina waya network (kusagadzikana kunoita kuti zvikwanise kutenderedza nzira dzinoshandiswa muWPA * protocol kuparadzanisa traffic yemushandisi mukati metiweki).
Kusiyana neyakajairwa MITM kurwiswa pane isina waya network, vachishandisa iyo ICMP packet spoofing nzira, anorwisa anogona kupfuura achiendesa yavo yega nzvimbo yekupinda kuti vabate traffic uye kushandisa zviri pamutemo network-sevhisi nzvimbo dzekuwana kutungamira mapaketi.
Chekupedzisira, kana iwe uchida kukwanisa kuziva zvakawanda nezvazvo, unogona kubvunza iwo ruzivo mu inotevera chinongedzo.