Waa maxay FragAttacks? Sida looga ilaaliyo WiFi-gaaga ka dhanka ah FragAttacks?

Dhawaan, cilmi baare amni ayaa helay oo ka warbixiyay baylahda cusub ee aaladaha WiFi ee loo yaqaan FragAttacks . Kuwani waa noocyo cusub oo weeraro ah oo ka faa'iidaysta cilladaha naqshadeynta heerka WiFi waxayna saameeyaan inta badan aaladaha karti u leh WiFi . Waxa uu hore u helay weerarka KRACK kaas oo asal ahaan saameeya borotokoolka WPA2 .

Waa maxay FragAttacks?  Sida looga ilaaliyo WiFi-gaaga ka dhanka ah FragAttacks?

Waa maxay FragAttacks?

Erayga FragAttacks waxa lagu soo koobay weedha Fr agmentation iyo (Attacks)Aggregation(Ag) Attacks . Kuwani waa khataro amni oo bartilmaameedsada aaladaha WiFi . Weeraradan, weeraryahanku asal ahaan waxa uu bartilmaameedsadaa aalada ku dhex jirta inta u dhaxaysa shabkada WiFi(within the range of its WiFi network) oo uu xado xogta xasaasiga ah ee dhibbanaha (tusaale, furaha sirta ah). Weerarradani waxay saameeyaan dhammaan borotokoollada amniga WiFi ee dhawaanahan oo (WiFi)ay ku jiraan WPA3 iyo WPA2(including WPA3 and WPA2) . Routers-ka guriga, IoT , talefannada casriga ah, iyo aaladaha kale oo badan ayaa waxaa saameeya weerarada noocaan ah.

Akhri(Read) : Sida loo ilaaliyo oo loo ilaaliyo routerkaaga WiFi(secure and protect your WiFi Router) .

Naqshadeynta cilladaha WiFi

FragAttacks waxay ka faa'iidaystaan ​​dhowr dayacan oo WiFi ah . Waxaa loo fulin karaa siyaabo kala duwan oo ay ka mid yihiin:

Waxa laga yaabaa in qofka wax weeraray uu duri karo qaab WiFi ah oo aan qarsoodi ahayn oo uu galiyay shabakad WiFi ah oo sugan . Waxay isticmaali karaan cilladda ugu horreysa ee naqshadeynta heerka WiFi taas oo ah habka isku(aggregation) -darka . Tan, calanka " waa la isku(is aggregated) daray" ee fareeshka ku jira lama ansaxin oo si fudud ayaa wax looga beddeli karaa. Sidaa darteed(Hence) , weeraryahanku waxa uu duraa xidhmada oo khiyaaneeyaa dhibbanaha si uu ugu wareejiyo seerfarkooda xaasidnimada leh.

Cilladda labaad ee naqshadeynta WiFi waa qaabkeeda kala qaybsanaanta( frame fragmentation) waxaana loo yaqaannaa weerar furaha oo isku dhafan(mixed key attack) . Jajabka isla qaab-dhismeedka waxaa lagu sireeyay fure isku mid ah, halka aqbaluhu uu dib isugu ururin karo jajabyo leh furayaal kala duwan. Weeraryahanku waxa uu u isticmaali karaa kan si uu u faafo xogta dhibbanaha.

Ciladda saddexaad ee naqshadeynta waxay mar kale la socotaa qaabka jajabinta fiilada ee WiFi waxaana loo yaqaannaa weerar khasnado jajab ah(fragment cache attack) . Waxa dhacaya waa in qalabka WiFi uusan ka takhalusin jajabyada aan dib-u-habaynta ahayn ee xusuusta marka isticmaaluhu ka go'o shabakada. Tan waxaa looga faa'iidaysan karaa in lagu duro jajab xaasid ah oo la geliyo xusuusta barta gelitaanka. Hadda, marka isticmaaluhu ku xidho shabakada WiFi oo uu gudbiyo fareem jajaban, jajabkaas waxa lagu ururin doonaa jajabkii xaasidnimada lahaa ee la duray.

Akhri(Read) : Sida loo hubiyo in routerkaaga la jabsaday(How to check if your Router is hacked) .

FragAttacks Demo waxaa qoray Mathy Vanhoef:

Sida loo ilaaliyo WiFi -gaaga ka dhanka ah FragAttacks ?

Qaar ka mid ah dhaqamada caadiga ah ayaa kaa caawin kara inaad WiFi -gaaga ka ilaaliso FragAttacks(FragAttacks) . Kuwani waa:

  1. cusboonaysii qalabkaaga
  2. Ku rakib Cusboonaysiinta Amniga
  3. Isticmaal sireed
  4. Isticmaal VPN
  5. Deji DNS Custom

1] cusboonaysii qalabkaaga

Mathy Vanhoef wuxuu ku yidhi blog-giisa:

The biggest risk in practice is likely the ability to abuse the discovered flaws to attack devices in someone’s home network. For instance, many smart home and internet-of-things devices are rarely updated, and Wi-Fi security is the last line of defense that prevents someone from attacking these devices. Unfortunately, due to the discover vulnerabilities, this last line of defense can now be bypassed. In the demo above, this is illustrated by remotely controlling a smart power plug and by taking over an outdated Windows 7 machine.

Markaa, haddii aad isticmaalayso nooc ka sii da'da ah ee qalabkaaga, waa inaad cusboonaysiisaa. Tusaale ahaan, haddii aad wali isticmaalayso Windows 7/8 , waa wakhtiga ku habboon in loo cusboonaysiiyo Windows 10(upgrade to Windows 10) si aad uga ilaaliso qalabkaaga FragAttacks iyo weeraro kale oo amni oo cusub.

Oo, haddii aad isticmaalayso router duug ah oo aan lahayn wax casriyeyn ah oo la heli karo muddo dheer, waa inaad ka fikirtaa beddelka routerkaaga oo aad hesho mid cusub. Si fudud u beddel qalabkaaga haddii aysan jirin wax cusbooneysiin ah oo firmware ah si joogto ah.

Akhri(Read) : Sida loo hagaajiyo dayacanka Shabakadda Wi-Fi ee Dadweynaha iyo Guriga.

2] Ku rakib Cusboonaysiinta Amniga

Had iyo jeer iska hubi inaad ku rakibtay cusboonaysiinta amniga qalabkaaga. Cusboonaysiinta ammaanku(Security) waxay kaa caawinayaan inaad ka ilaaliso aaladahaaga wax u nugul nuglaanta iyo weerarrada amniga. Marka, sii wad hubinta wixii ku soo kordha amniga oo ku rakib isla marka la helo. In kastoo, taleefannada casriga ah iyo aaladaha kale ee casriga ahi si toos ah u soo dejiyaan oo u rakibaan cusbooneysiinta amniga. Laakin, sidoo kale gacanta ku hubi si aad isku mid u hubiso.

Xaaladda Windows 10 , waxaad ku rakibi kartaa amniga iyo cusbooneysiinta kale adoo aadaya Settings > Update & Security > Windows Update Xulashada Cusbooneysiinta Windows oo hubi wixii cusbooneed ee la heli karo ka dibna soo dejiso oo ku rakib PC-gaaga.

Akhri(Read) : Talooyin ku saabsan Ammaanka Wi-Fi(Wi-Fi Security Tips) : Taxaddar aad ka Qaadato Goobaha Dadweynaha(Public Hotspots)

3] Isticmaal sireed

Markaad khadka ka dhex baadhayso, xaqiiji inaad ku jirto degel aamin ah oo wadata shahaado HTTPS ( Hypertext Transfer Protocol Secure ). Ma aha oo kaliya, isticmaal sirta mar kasta iyo meel kasta. Tusaale ahaan, adeegso codsi sugan oo bixiya sirta dhamaadka-ilaa-dhamaadka si aad xogta ugu kala wareejiso aaladaha. Xusuusnow FragAttacks(Remember FragAttacks) waxay dhacdaa marka xogta aan qarsoodi ahayn lagu diro shabakad sugan. Markaa, sirtu waa waajib.

4] Isticmaal VPN

Tixgeli inaad isticmaasho adeegga VPN(using a VPN service) maadaama ay kaa ilaalin karto FragAttacks(FragAttacks) adiga oo taraafikadaada ku marinaya xiriir qarsoodi ah.

5] Deji DNS Custom

Waxa kale oo aad u habayn kartaa DNS caadada ah adiga oo ku jira routerkaaga iyo aaladaha kale si aad uga hortagto weerar kasta oo kuu jiheeya server xaasidnimo leh.

FragAttacks waa ururin cusub oo dayacan oo heerka WiFi ah kaas oo khatar gelinaya aalado badan. Weeraryahan ku dhex jira inta u dhexeysa shabakadaada ayaa qaadi kara weerarada noocaan ah halkaasoo uu isku dayo inuu xogtaada xado. Si kastaba ha noqotee, dhaqamada amniga aasaasiga ah ayaa kaa caawin kara inaad WiFi -gaaga ka ilaaliso FragAttacks .

Waxaad sii baran kartaa naftaada FragAttacks adoo aadaya fragattacks.com.



About the author

Waxaan ahay injineer software iyo khabiir Windows 10 ah. Waxaan leeyahay waayo-aragnimo ka badan laba sano oo ku saabsan la shaqaynta casriga ah, windows 10, iyo Microsoft Edge. Diiradayda ugu weyn waa ka dhigista aaladahaagu kuwo si ka wanaagsan oo degdeg ah u shaqeeya. Waxaan ka shaqeeyay mashaariic kala duwan shirkado ay ka mid yihiin Verizon, Imac, HP, Comcast, iyo kuwo kale oo badan. Sidoo kale waxaan ahay macalin shahaado ka haysta tababarka daruuraha Microsoft Azure.



Related posts