Mauthenga ambirimbiri okhudzana ndi kutsegula kwa WiFi Kuwululidwa, Kukhudza pafupifupi Chirichonse

Masiku ano kusokonezeka kwakukulu kwa chitetezo mu WPA2 encryption protocol kwa Wi-Fi ikuwululidwa, kuphatikizapo umboni wogwiritsa ntchito. Zofookazo zimayendera njira yogwiritsira ntchito makina oyimilira omwe amagwiritsidwa ntchito ndi wofuna chithandizo ndi malo opindulira. Zowonongeka izi ndizo gawo la Wi-Fi Protected Access WPA lokha, kotero ngakhalenso zipangizo zomwe zimagwiritsira ntchito molondola WPA2 malinga ndi zomwe zikuyembekezeredwa kuti zikhudzidwe. Njira za WPA komanso zamalonda zimakhudzidwa, ndipo zonse zoyambirira za WPA ndi WPA2 zimakhudzidwa. Kuwukira kwakukulu kumagwiritsira ntchito zopanda mphamvu mu makina osungira, koma pali mitundu yosiyanasiyana yomwe imakhudza zomwe zimagwiritsidwa ntchito ndi mfundo zina zowunikira.

Monga mwatsitsimutso WPA mwamsanga, mawu osungira omwe mumasankha kuti mugwirizane ndi malo ogwiritsira ntchito pogwiritsa ntchito WPA2 sagwiritsidwe ntchito mwachindunji monga makiyi ophimbiramo makanema omwe amayendetsa malonda anu ndi malumikizowo. M'malo mwake, mawu achinsinsi (omwe amadziwika kuti ndi chinsinsi chogawanitsa) amagwiritsidwa ntchito kutsimikizira chipangizo cha makasitomala ku malo ogwiritsira ntchito ndikuyambitsa ndondomeko yolumikizana. Zosokonezeka zomwe zafotokozedwa masiku ano zimapangitsa kuti ziwonongeke motsatira ndondomeko zinayi zomwe zimagwiritsidwa ntchito popanga zolembera ndikugwiritsira ntchito makiyi omwe angagwiritsidwe ntchito, onse popanda kutulutsa chinsinsi chogawidwa. Kamodzi kogwirizana kanakhazikitsidwa, kasitomala ndi malo othawirapo nthawi zonse amasinthasintha makina oyandikana nawo atsopano omwe achokera kuchinsinsi chogawidwa.


802.11i Manyowa Amanja Anayi (Chithunzi cha Via Wikipedia)

Chitsimikizo cha maganizo opanga njira, yotchedwa KRACK yochepa kuti ikhale yovuta kuimitsa, imayang'ana pa sitepe itatu mwa njirayi. Mu sitepe yachitatu, malo oyenerera amavomereza kwa chitsimikizo cha makasitomala kuti mwayi wothandizira watsirizira mbali yake ya ndondomeko yolankhulana. Atalandira uthengawo, kasitomala angayambe kugwiritsa ntchito makiyi okhwima ndi kuyambitsa vector kuti afufuze pamtunda, ndipo kasitomala amatha kugwira ntchitoyo pothandizira kupeza malo kuvomereza.

Koma izi zimatengera kuti mauthenga onse anayi omwe ali mukugwirana chanza amalandiridwa bwino. Mchitidwe wofunikira wokambilana uyenera kulola kuthekera kwa kusokoneza wailesi, kotero kumalola malo ofikira kutumizanso uthenga womwe ndi gawo lachitatu la kugwirana chanza. Ngati wowukira atumiza kopi ya uthengawu, chipangizo cha kasitomala chidzapusitsidwa kubwerera ku kiyi yotsekera yoyambirira ndi vesi loyambira lomwe linagwiritsidwa ntchito kumayambiriro kwa gawoli. Kutumiza kotsatira kwa kasitomalayo kudzakhala kubisidwa ndi kiyi yofanana ndi yotumizira kale, ngakhale kiyiyo idangogwiritsidwa ntchito kamodzi kokha. Izi zimalola kuwopseza kogwiritsanso ntchito, komwe sikumawulula mwachindunji chinsinsi chachinsinsi koma kumapangitsa kuti zikhale zosavuta kumasulira zomwe zidasungidwa, makamaka ngati pali china chake chodziwika pa kapangidwe ka mauthenga omwe onse adabisidwa mofanana. kiyi. Mitu ya paketi ya IP, nayonso, imapereka zomwezo.

Ngakhale kuti sizinathenso kugwiritsidwa ntchito ndi Wi-Fi pokhapokha ngati mutha kugwiritsa ntchito njira yowonjezera, njira zowonongeka za KRACK zingathe kuwonetsa chidziwitso chokwanira choyamba kugwidwa ndi TCP ndikukumana ndi chiwonongeko chomwecho. Ngati malo opanda waya akugwiritsa ntchito protocol yapamwamba ya WPA-TKIP mmalo mwa protocol ya WPA2 AES-CCMP, ndiye wovutayo akhoza kukonza ndi kulumikiza mapaketi mumsewu wopanda waya m'malo mogwiritsira ntchito chidziwitso chodziwitsidwa mosavuta. Pakalipano, makina atsopano pogwiritsa ntchito maulendo afupipafupi a Wireless Gigabit (IEEE 802.11ad) amagwiritsira ntchito GCMP, yomwe imagwiritsa ntchito njira yovomerezera yomweyo pa njira zonse zoyankhulirana pakati pa ofuna chithandizo ndi malo otha kupeza, kotero kuti kusokonezeka kwa KRACK kungathetsere kutulutsa chipangizo.

Machitidwe a Linux kuphatikizapo Android version 6.0 ndi pamwamba nthawi zambiri amagwiritsa ntchito pulogalamu ya wpa_supplicant. Kukhazikitsa uku kwa WPA kumayesa kuteteza kuti isagwiritsidwenso ntchito poyipukuta ku RAM itatha kugwiritsidwa ntchito koyamba. Mukagwidwa ndi KRACK, izi zikutanthauza kuti wpa_supplicant sabwereranso ku kiyi yoyambirira koma m'malo mwake amalowetsa makiyi ake ndi mazero onse. Tsoka ilo, muzochitika za KRACK njira iyi imabwerera m'mbuyo ndipo imabweretsa kiyi yodziwika, yokhazikika, zomwe zimapangitsa kuti kufalitsa mauthenga amtsogolo kukhale kosavuta.

Kuwululidwa kwamasiku ano kwalembedwa pa ma CVE khumi, iliyonse ikufotokoza masitayelo osiyanasiyana owukiranso makiyi pagawo kapena mitundu yosiyanasiyana ya WPA. Izi zikutanthauza kuti kukhazikitsidwa kulikonse kwa Wi-Fi kokwanira kumafunika kusinthidwa m'malo angapo. Mwamwayi, ziwopsezo zazikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikuluzikulu,ndipo mfundo za Wi-Fi zikuyembekezeka kusinthidwa kuti zidzitchinjirize ku ziwopsezo zazikulu zokhazikitsanso. Gulu lachiwopsezoli lidapezeka koyambirira kwa chaka chino ndipo ofufuza omwe adachita nawo adayamba kudziwitsa ogulitsa mu Julayi. CERT inapereka chidziwitso chachikulu kwa ogulitsa pa August 28. OpenBSD yakhazikitsa kale ntchito yawo ya WPA, ndipo Aruba, Mikrotik ndi Ubiquiti ndi ena mwa ogulitsa omwe akukonzedwa kuti ali ndi makonzedwe okonzedwa kale.

Mofanana ndi zovuta zambiri zamakono zatsopano zotetezeka, kupezeka uku kwapatsidwa chizindikiro chosaiwalika ndi chizindikiro:

Izi sizomwe zili zoyamba kusokoneza chitetezo chokhudza Wi-Fi. Mkhalidwe wapachiyambi wa kutsekedwa kwa Wi-Fi unatchedwa Wired Equivalent Privacy (WEP), dzina lomwe silinali lolondola ngati zolakwika zinapezedwa kuti zilowerere mosavuta ndi zosavuta. Wi-Fi Protected Access (WPA) inayambitsidwa monga malo omwe angagwiritsidwe ntchito pa hardware yambiri yomwe ilipo ndi mapulogalamu a pulogalamu ndi firmware, pamene WPA2 inasintha kwambiri monga kusintha kuchokera ku RC4 cipher kupita ku AES. Kuukira koyambirira kwa WPA2 onse amadalira mtundu wina wa mawonekedwe achinsinsi, monga kusokoneza pulogalamu ya Wi-Fi Protected Setup (WPS). Mpaka pano, njira yokambirana yolumikizira njirayi mu WPA idatetezedwa, ndipo chida cha AES chogwiritsidwa ntchito ndi WPA2 chikaonedwa kuti chili chitetezo.

Izi sizinanso zoyamba zolepheretsa chitetezo chokhudzana ndi zowonongeka zowonongeka kuti zululidwe posachedwapa. Kumayambiriro kwa mwezi uno, gulu la akatswiri ofufuza Google adafalitsa zovuta zambiri mu DNSMasq, seva ya DNS ndi DHCP yomwe imagwiritsidwa ntchito ndi otengera makasitomala ogula. Kuwopsa kwa ziphuphuzi kunachokera pa kukana utumiki ku khoti lakutali ndipo kugwira ntchito DNS ndi DHCP ntchito ya DNSMasq.

gwero