Kwanan nan aka sake ta da Android Fabrairu ta karshe, a cikin abin da yake gyara matsala mai rauni (an lasafta shi azaman CVE-2020-0022) akan tarin Bluetooth, wanda ke ba ka damar shirya aiwatar da lambar ƙira ta hanyar aikawa da fakitin Bluetooth na musamman.
An rarraba matsalar a matsayin mai mahimmanci tunda wannan ana iya amfani dashi da hankali ta hanyar mai kawo hari cikin kewayon Bluetooth kuma wannan ma wannan baya buƙatar mu'amala da wanda aka cutar dashi. Zai yuwu za'a iya ƙirƙirar rauni don ƙirƙirar tsutsotsi waɗanda ke haɗa na'urorin makwabta.
Don hari, isa ya san adireshin MAC na na'urar da aka cutar (ba a buƙatar haɗin haɗin farko, amma dole ne a kunna Bluetooth a kan na'urar). A kan wasu na'urori, Bluetooth MAC adireshin za a iya lasafta dangane Wi-Fi MAC adireshin.
Idan an sami nasarar amfani da yanayin rauni, mai kai hari zai iya aiwatar da lambarka tare da haƙƙin tsarin shimfidar wuri wanda ke daidaita aikin Bluetooth akan Android. Matsalar takamaiman tarin Bluetooth da aka yi amfani dashi a cikin Android (dangane da lambar Broadcom's aikin BlueDroid) kuma baya bayyana a cikin tarin BlueZ wanda aka yi amfani dashi a cikin Linux.
Masu binciken wanda ya gano matsalar sun sami damar shirya samfurin aiki na amfani, amma bayanan aikin zai fito daga baya, bayan gyaran ya isa ga mafi yawan masu amfani.
Abin sani kawai an san cewa yanayin rauni yana nan a cikin lambar kunshin ginin kuma ana haifar da shi ta lissafin kuskure na girman fakitin L2CAP (dacewar hanyar haɗin mahaɗi da ladabi) idan bayanan da mai aikawa ya watsa ya wuce girman da ake tsammani.
A cikin Android 8.0 zuwa 9.0, maharin da ke kusa zai iya yin shiru ba tare da izini ba tare da gatan daemon na Bluetooth muddin aka kunna wannan hanyar sadarwa.
Babu buƙatar hulɗa mai amfani da ake buƙata kuma kawai adireshin MAC na Bluetooth na na'urori masu niyya ya kamata a sani. Ga wasu na'urori, ana iya samun adreshin MAC na Bluetooth daga adireshin WiFi MAC. Wannan raunin zai iya haifar da satar bayanan mutum kuma ana iya amfani dashi don yada malware. A cikin Android 10, ba za a iya amfani da wannan yanayin ba saboda dalilai na fasaha kuma kawai yana haifar da daemon na Bluetooth ya fadi ”, in ji masu bincike
A kan Android 8 da 9, matsalar na iya haifar da aiwatar da lambar, dako a cikin Android 10 an iyakance shi ya rushe na aikin bango na Bluetooth.
Tsoffin sifofin Android na iya fuskantar matsalar, amma ba a gwada ba ko za a iya cin nasarar wannan aibin cikin nasara.
Baya ga matsalar da aka lura, a cikin Fabrairu Tsaro na Tsaro na Android, 26 an gyara yanayin rauni, wanda kuma aka sanya mawuyacin yanayin (CVE-2020-0023) a matakin haɗari mai mahimmanci.
Raunin rauni na biyu kuma yana shafar tarin Bluetooth kuma yana da alaƙa da aikin gatan da ba daidai ba BLUETOOTH_PRIVILEGED a cikin setPhonebookAccessPermission.
Game da raunin da aka yiwa alama a matsayin mai haɗari, an warware matsaloli 7 a cikin tsari da aikace-aikace, 4 a cikin abubuwan da aka ƙayyade, 2 a cikin kwaya da 10 a cikin buɗaɗɗen da keɓaɓɓun ɓangarorin don kwakwalwan Qualcomm.
A ƙarshe, an shawarci masu amfani da su shigar da sabuntawar firmware da za a tura. a kan na'urorinka ASAP kuma idan wannan bazai yiwu ba(ya shafi miliyoyin na'urori daga nau'ikan da ke ƙaddamar da na'urori masu tsada) zaɓi don zaɓin don kashe Bluetooth ta tsohuwa (tunda a ka'ida bashi da ma'anar samun sa a kowane lokaci baya ga hakan ta yin hakan suna taimaka wajan inganta rayuwar batir), banda wannan an kuma shawarci cewa a hana gano na'urar kuma kuma kunna Bluetooth a wuraren jama'a (ana bada shawarar yin hakan idan ya zama dole), an kuma ambata cewa ana bada shawarar maye gurbin belun kunne mara waya.
Wadannan shawarwarin da suke bayarwa yayin da masu bincike suke ambaton cewa da zaran sun tabbatar cewa facin ya isa ga masu amfani da shi, za su buga takarda a kan wannan matsalar, gami da bayanin amfani da kuma ka'idar tabbatar da hujja.
Amma kamar yadda aka ambata, yawancin na'urori masu alama waɗanda ba sa sakin kowane sabuntawa ko waɗanda tuni sun sami ƙarshen tallafi suna da rauni.
Source: https://insinuator.net