FragAttacks, akateedzana ekushomeka muiyo Wi-Fi standard iyo inobata mamirioni emidziyo

Darkcrizt

4 maminitsi

Munguva pfupi yapfuura ruzivo nezve gumi nematambudziko rwakaburitswa ayo anozivikanwa pasi pekodhi "KurwisaKurwisa" inokanganisa akasiyana waya asina waya uye ivo vanofukidza angangoita ese makadhi asina waya uye nzvimbo dzekuwanika dziri kushandiswa, dzezvigadzirwa makumi manomwe neshanu zvakaedzwa, imwe neimwe ichikanganiswa neimwe yenzira dzekurwisa dzakarongwa.

Matambudziko anowira mumapoka maviri: 3 kusagadzikana kwakanyatso kuoneswa muiyo Wi-Fi zviyero uye inovhara zvese zvishandiso zvinotsigira zvazvino IEEE 802.11 zviyero (nyaya dzakateedzerwa kubvira 1997).

9 kushomeka kunoreva mabugs nezvikanganiso mune chaiwo mashandisiro easina waya masaga. Njodzi huru chikamu chechipiri, sezvo kurongeka kwekukanganisa pane zviyero kunoda zviitiko zvakati kana kuitiswa kwezviito neanobatwa.

Kwese kusagadzikana kunoonekwa zvisinei nekushandiswa kwemaprotocol kuve nechokwadi chekuchengetedzwa kweWi-Fi, kunyangwe uchishandisa WPA3, sezvo nzira zhinji dzekurwisa dzakabvumidzwa munhu anorwisa kuita L2 furemu pane yakachengetedzwa network, zvichiita kuti zvikwanise kudzivirira traffic traffic.

DNS response spoofing kutungamira mushandisi kune anorwisa mutambi anotaurwa seanonyanya kuitika mamiriro ekurwisa. Inopawo muenzaniso wekushandisa kushomeka kupfuudza muturikiri wekero pane isina waya router uye nekupa mukana wakanangana nechishandiso pane yemuno network kana yekudarika firewall inorambidzwa.

Chikamu chechipiri chekushushikana, icho chinoenderana nekugadziriswa kwemafuremu akapatsanurwa, Inokutendera kuti ubvise data pamusoro petraffic mune isina waya netiweki uye gamuchira iyo inopfuudzwa mushandisi data pasina kushandisa encryption.

Mumwe muongorori akagadzirira kuratidzira kunoratidza kushomeka kunogona kushandiswa kubata pasiwedhi inotapurirana kana uchinge wawana webhusaiti pamusoro peHTTP pasina kunyorera, inoratidza zvakare nzira yekurwisa smart plug, inodzorwa kuburikidza neWi-Fi, woishandisa kuenderera mberi nekurwiswa echinyakare zvishandiso pane yemuno network izvo zvisina kuburitsa kusagadzikana (semuenzaniso, zvaikwanisika kurwisa Windows 7 komputa isina kugadzirisa pane yemukati network kuburikidza neNAT inofamba).

Kutora mukana wekusasimba, anorwisa anofanira kunge ari mukati mechinhu chisina waya Chinangwa chekutumira seti yemafiremu akagadzirirwa kune akabatwa.

Nyaya dzinokanganisa zvese zvishandiso zvevatengi uye makadhi asina wayapamwe neWi-Fi yekuwana mapoinzi uye ma routers. Kazhinji, HTTPS pamwe chete nekunyorera kweDNS traffic uchishandisa DNS pamusoro peTLS kana DNS pamusoro peHTTPS inokwana senzvimbo yekuchengetedza. VPN inokodzerawo kuchengetedzwa.

Izvo zvinotyisa zvakanyanya kukuvadzwa zvina mukushandisa kweasina waya inobvumidza nzira diki kuti dzikwanise kutsiva mafuremu avo asina kunyorwa.

  • Kudzvinyirirwa CVE-2020-26140 uye CVE-2020-26143 bvumira kuronga pane mamwe mapindiro uye makadhi asina waya paLinux, Windows, uye FreeBSD.
  • Kunetseka CVE-2020-26145 inobvumira isina kunyorwa rwizi chunks kuti irapwa semafuremu akazara paMacOS, iOS, uye FreeBSD uye NetBSD.
  • Kunetseka CVE-2020-26144 inogonesa kugadziriswa kweasina kunyorwa akasunganidzwa zvakare A-MSDU mafuremu neEtherType EAPOL paHuawei Y6, Nexus 5X, FreeBSD uye LANCOM AP.

Kumwe kumisikidza kwekushomeka kunonyanya kuenderana nezvinetso mukubata masisitimu akapatsanurwa

  • CVE-2020-26139: inobvumidza kuendesa EAPOL yakamisikidzwa mafuremu anotumirwa neasina kuvimbiswa sender (inokanganisa 2/4 yakasimbiswa nzvimbo dzekuwana, NetBSD uye FreeBSD mhinduro).
  • CVE-2020-26146- Inokutendera kuti ubatanidze zvakare zvidimbu zvakavharirwa pasina kutarisa marongero enhamba dzakateedzana.
  • CVE-2020-26147- Inobvumira kugadzirisazve yezvimedu zvakasanganiswa zvakavharidzirwa uye zvisina kunyorwa.
  • CVE-2020-26142: Inobvumira mafuremu akapatsanurwa kuti arapwa semafuremu akazara (anokanganisa iyo OpenBSD uye ESP12-F isina waya module).
  • CVE-2020-26141: Kushaya TKIP MIC cheki yemafuremu akapatsanuka.

Pamamwe matambudziko akaonekwa:

  • CVE-2020-24588: An aggregate frame kurwisa iyo inobvumira mushandisi kuendeswazve kune yakaipa DNS server kana NAT yekufamba inodudzwa semuenzaniso wekurwisa.
  • CVE-2020-245870- Kiyi yekusanganisa kurwisa (kuisazve zvidimbu zvakavharirwa nemakiyi akasiyana zvinotenderwa muWPA, WPA2, WPA3 uye WEP). Kurwiswa kwacho kunokutendera kuti uone data rakatumirwa nemutengi, semuenzaniso, sarudza zviri mukuki kana wawanikwa kuburikidza neHTTP.
  • CVE-2020-24586 - Fragment Cache Attack (zviyero zvinofukidza WPA, WPA2, WPA3 uye WEP hazvidi kubviswa kwezvimedu zvakatogara mucache mushure mekubatana patsva kunetiweki). Iyo inobvumidza kuona iyo data yakatumirwa nemutengi uye kuita kutsiviwa kwedata ravo.

Kana iwe uchida kuziva zvakawanda nezvazvo, unogona kubvunza chinotevera chinongedzo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako