da Masu binciken ESET sun saki a taron RSA 2020 (wanda aka gudanar kwanakin nan) akan CVE-2019-15126 rauni a kan Cypress da ƙananan kwakwalwan mara waya na Broadcom. Wannan yanayin rashin lafiyar da aka bayyana ba ka damar yanke hanyar shiga Wi-Fi ta hanyar hanyar WPA2 wanda aka kiyaye shi.
Anyi raunin yanayin ne da sunan Kr00k da matsalar yana rufe kwakwalwan FullMAC (ana aiwatar da tarin Wi-Fi a gefen guntu, ba mai sarrafawa ba), ana amfani dashi a cikin kewayon na'urorin masu amfani, daga wayoyin hannu na sanannun masana'antun Apple, Xiaomi, Google, Samsung, har ma da masu iya kaifin baki kamar su Amazon Echo, Amazon Kindle, Har ila yau, a kan faranti Rasberi PI 3 da wuraren samun damar mara waya Huawei, ASUS, Cisco.
Game da rauni
Rashin yiwuwar ya samo asali ne ta hanyar aikin sarrafa maballin boye-boye lokacin da kake cire haɗin (cire haɗin) na'urar daga wurin samun damar shiga. Bayan cire haɗin, mitin ɗin zaman (PTK) da aka ajiye a cikin ƙwaƙwalwar kwakwalwar an sake saita shi, saboda ba za a sake aiko da ƙarin bayanai ba a zaman na yanzu.
Wasu daga cikin na'urorin da aka gwada a cikin ESET don yiwuwar kai harin sun kasance:
- Amazon amsa kuwwa 2nd gen
- Tsarin Kindle na 8 na Amazon
- Apple iPad mini 2
- Apple iPhone 6, 6S, 8, XR
- Apple MacBook Air Retina 13 inch 2018
- Google Nexus 5
- Google Nexus 6
- Google Nexus 6S
- Rasberi pi 3
- Samsung Galaxy S4 GT-I9505
- Samsung Galaxy S8
- Xiaomi Redmi 3S
- Mara waya mara waya ASUS RT-N12, Huawei B612S-25d, Huawei EchoLife HG8245H, Huawei E5577Cs-321
- Maki na Cisco
Jigon yanayin rauni shi ne bayanan da aka bari a cikin maɓallin gudana (TX) an ɓoye su tare da maɓallin da aka riga aka share wanda ya ƙunshi sifili kawai kuma a sakamakon, za a iya samun sauƙin fahimta yayin kutse. Wani madannin maɓalli yana amfani ne kawai da ragowar bayanai a cikin ma'aji wanda yake da girman kilobytes da yawa.
Sabili da haka, harin ya dogara ne da aika wasu firam ɗin da ke haifar da rarrabuwa da kuma kutse bayanan da aka aiko gaba.
Kullum ana amfani da ƙaddamarwa a cikin hanyoyin sadarwar mara waya don sauyawa daga maɓallin samun dama zuwa wani yayin yawo ko lokacin da sadarwa tare da hanyar samun damar yanzu ta ɓace.
Za'a iya haifar da rarrabuwa ta hanyar aika firam ɗin sarrafawa Ana watsa shi ba a ɓoye shi ba kuma baya buƙatar tabbatarwa (maharin yana da isasshen siginar Wi-Fi, amma baya buƙatar haɗi zuwa cibiyar sadarwar mara waya). An gwada harin ne kawai ta amfani da yarjejeniyar WPA2, ba a gwada yiwuwar kai hari a WPA3 ba.
Dangane da ƙididdigar farko, yuwuwar yiwuwar rauni na iya shafar biliyoyin na'urorin da aka saba amfani da su. A kan na'urori tare da kwakwalwan Qualcomm, Realtek, Ralink da Mediatek, matsalar ba ta faruwa ba.
A lokaci guda, yana yiwuwa a sake ɓatar da zirga-zirgar a duk lokacin da na'urar abokin ciniki marasa ƙarfi suna samun damar samun dama ba tare da matsala ba, kamar yadda yake a yanayin na’urar da matsalar bata shafarta ba, sami damar wurin samun damar inda raunin ya bayyana.
Yawancin masana'antun masu amfani da kayan masarufi sun riga sun sake sabunta abubuwan sabuntawa don gyara yanayin rauni (alal misali, Apple ya cire raunin a watan Oktoban shekarar da ta gabata).
Ya kamata a lura cewa yanayin rauni yana shafar ɓoyewa a matakin hanyar sadarwa mara waya kuma yana ba da damar bincika hanyoyin haɗin da mai amfani ya kafa kawai, amma ba ya ba da damar daidaita hanyoyin haɗi tare da ɓoyewa a matakin aikace-aikacen (HTTPS, SSH, STARTTLS, DNS kan TLS, VPN, da sauransu).
Haɗarin harin ya kuma rage gaskiyar cewa maharin na iya yanke bayanan onlyan kilogram na bayanan da ke cikin wurin canja wurin a lokacin cire haɗin a lokaci guda.
Don samun nasarar kama bayanai masu mahimmanci da aka aika akan haɗin da ba shi da tsaro, maharin dole ne ya san ainihin lokacin da aka aiko shi ko kuma ya fara cire haɗin hanyar samun damar, wanda zai jawo hankalin mai amfani saboda sake kunnawa na haɗin mara waya.
A ƙarshe, idan kuna son ƙarin sani game da shi, kuna iya bincika cikakkun bayanai A cikin mahaɗin mai zuwa.