Kwiintsuku ezimbalwa ezidlulileyo, Abaphandi abavela kwiFederal Polytechnic School yaseLausanne babhengeze ezichongileyo Ubuthathaka kwiindlela zokudibanisa izixhobo ezihambelana nomgangatho Bluetooth I-Classic (iBluetooth BR/EDR).
Ubuthathaka bubizwa ngokuba yi-BIAS nengxaki ivumela umhlaseli ukuba alungiselele ukudityaniswa kwesixhobo sakhe sobuxoki endaweni yesixhobo ukusuka kumsebenzisi ongene ngaphambili kwaye uphumelele ngempumelelo inkqubo yokuqinisekisa ngaphandle kokwazi isitshixo setshaneli (isitshixo sokubopha) esenziwe ngexesha lokubhanqa okokuqala kwezixhobo kwaye uvumele ngaphandle kokuphinda inkqubo yokuqinisekisa ngesandla kunxibelelwano ngalunye.
Undoqo wendlela kukuba xa udibanisa kwizixhobo ezixhasa imo yoQhagamshelwano oluKhuselekileyo, i umhlaseli wazisa ukungabikho kolu hlobo kwaye ubuyela ekusebenziseni indlela yoqinisekiso yakudala ("imo yelifa"). Kwimo ye "legacy", umhlaseli uqalisa utshintsho lwendima ye-master-slave, kwaye abonise isixhobo sakhe njenge "master", kuthatha inkqubo yokuqinisekisa. Umhlaseli ke uthumela isaziso malunga nokugqitywa ngempumelelo koqinisekiso, ngaphandle kokuba nesitshixo setshaneli, kwaye isixhobo siqinisekisiwe kwelinye icala.
I-Bluetooth Spoofing Attack (BIAS) inokwenziwa ngeendlela ezimbini ezahlukeneyo, kuxhomekeke kwindlela eKhuselekileyo yokuBambisana ngokuLula (mhlawumbi uQhagamshelwano oluKhuselekileyo lweLifa okanye uQhagamshelwano oluKhuselekileyo) ngaphambili lwalusetyenziselwa ukuseka uxhulumaniso phakathi kwezixhobo ezimbini. Ukuba inkqubo yokumatanisa igqitywe kusetyenziswa indlela yoQhagamshelwano oluKhuselekileyo, umhlaseli unokubanga ukuba sisixhobo esikude esidityaniswe ngaphambili esingasaxhasi udibaniso olukhuselekileyo, lunciphisa ukhuseleko loqinisekiso.
Emva koko, umhlaseli unokufikelela ekusebenziseni isitshixo esifutshane kakhulu sokufihla, iqulathe kuphela ibhayithi enye ye-entropy kwaye usebenzise uhlaselo lwe-KNOB oluphuhlisiwe ngaphambili ngabaphandi abafanayo ukuseka uqhagamshelo olufihliweyo lweBluetooth phantsi kwengubo yesixhobo esisemthethweni (ukuba isixhobo sinokhuseleko ngokuchasene nokuhlaselwa kwe-KNOB kunye nobukhulu obuphambili abunakuncitshiswa, umhlaseli akayi kuba nako ukuseka itshaneli yonxibelelwano efihliweyo, kodwa izakuqhubeka nokuqinisekiswa kumamkeli).
Ukuze kuxhatshazwe ngempumelelo ukuba sesichengeni, isixhobo somhlaseli kufuneka sibe phakathi koluhlu lwesixhobo seBluetooth esisengozini kunye nomhlaseli Kufuneka umisele idilesi yesixhobo esikude apho uqhagamshelo belusenziwa ngaphambili.
Abaphandi bapapashe iprototype toolkit ephumeza indlela yohlaselo ecetywayo kwaye babonisa indlela yokonakalisa uqhagamshelo lwePixel 2 ye-smartphone eyayidityaniswe ngaphambili kusetyenziswa ilaptop yeLinux kunye neCYW920819 Bluetooth khadi.
Indlela ye-BIAS inokwenziwa ngezi zizathu zilandelayo: Ukuseka uqhagamshelwano olukhuselekileyo IBluetooth ayiguqulelwanga ngokuntsonkotha kwaye ukukhetha indlela yoQhagamshelwano oluKhuselekileyo alusebenzi kubhanqa esele lusekiwe, Uqhagamshelo oluKhuselekileyo lweLifa ukusekwa koqhagamshelwano olukhuselekileyo alusebenzi. Isixhobo seBluetooth sinokwenza utshintsho lomsebenzi nangaliphi na ixesha emva kokukhangela i-baseband, kunye nezixhobo ezidityaniswe noQhagamshelwano oluKhuselekileyo zingasebenzisa uQhagamshelwano oluKhuselekileyo lweLifa ngexesha lokusekwa koqhagamshelwano olukhuselekileyo.
Ingxaki ibangelwa sisiphene sememori kwaye izibonakalise kwii-stacks ezininzi zeBluetooth kunye ne-firmware yeechips zeBluetooth, kuquka Intel, Broadcom, Cypress Semiconductor, Qualcomm, Apple kunye Samsung iitshiphusi ezisetyenziswa kwii-smartphones, iilaptops, iikhomputha zebhodi enye kunye neeperipheral ezivela kubavelisi abohlukeneyo.
Abaphandi bavavanya izixhobo ezingama-30 (iApple iPhone/iPad/MacBook, Samsung Galaxy, LG, Motorola, Philips, Google Pixel/Nexus, Nokia, Lenovo ThinkPad, HP ProBook, Raspberry Pi 3B+, njl.), esebenzisa iitshiphusi ezingama-28 ezahlukeneyo, kwaye yazisa abavelisi ngobungozi. kuDisemba ophelileyo. Akukacaciswa ukuba ngabaphi abavelisi abakhuphe uhlaziyo lwe-firmware kunye nesisombululo.
Ngenxa yoku, umbutho weBluetooth SIG uxanduva lophuhliso lwemigangatho yeBluetooth ibhengeze uphuhliso lohlaziyo lweBluetooth Core specication. Uhlelo olutsha luchaza ngokucacileyo iimeko apho utshintsho lwendima ye-master-slave luvunyelwe, kukho imfuneko enyanzelekileyo yokuqinisekiswa okufanayo xa ubuyela kwimodi "yelifa", kwaye kuyacetyiswa ukuba kuqinisekiswe uhlobo lokubethela ukuphepha ukuhla koqhagamshelwano. inqanaba lokhuselo.
Umthombo: https://www.kb.cert.org