{"id":12740,"date":"2022-04-18T20:00:03","date_gmt":"2022-04-18T17:00:03","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=12740"},"modified":"2022-04-18T20:00:03","modified_gmt":"2022-04-18T17:00:03","slug":"qualcommdaki-guvenlik-acigi-kullanicilari-riske-atti","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=12740","title":{"rendered":"Qualcomm&#8217;daki G\u00fcvenlik A\u00e7\u0131\u011f\u0131, Kullan\u0131c\u0131lar\u0131 Riske Att\u0131"},"content":{"rendered":"<p>Siber g\u00fcvenlik \u015firketi Check Point Research taraf\u0131ndan yay\u0131nlanan bulgular, bug\u00fcn bir\u00e7ok <strong>Android<\/strong> telefonda kullan\u0131lan, korunan datalar\u0131n s\u0131zmas\u0131na, \u201cbootloader\u201d\u0131n a\u00e7\u0131lmas\u0131na, tespit edilemeyen APT\u2019lerin (Geli\u015fmi\u015f Kal\u0131c\u0131 Tehdit) ortaya \u00e7\u0131kmas\u0131na sebep olabilecek a\u00e7\u0131\u011fa sahip Qualcomm CPU\u2019lar\u0131ndaki \u201cg\u00fcvenlik d\u00fcnyas\u0131n\u0131\u201d ortaya koydu.<\/p>\n<p>Bulgular, bu y\u0131l\u0131n Haziran ay\u0131n\u0131n ba\u015flar\u0131nda d\u00fczenlenen, aksine m\u00fchendislik ve geli\u015fmi\u015f berbata kullanma tekniklerine odaklanan bir <strong>bilgisayar g\u00fcvenlik konferans\u0131<\/strong> olan REcon Montreal\u2019deki Checkpoint\u2019te yay\u0131nlanm\u0131\u015ft\u0131.<\/p>\n<p>Bu problemler ortaya \u00e7\u0131kar\u0131ld\u0131ktan sonra Qualcomm, olu\u015fan t\u00fcm a\u00e7\u0131klar\u0131 d\u00fczeltmi\u015fti. G\u00fcney Koreli ak\u0131ll\u0131 telefon \u00fcreticileri Samsung ve LG, ayg\u0131tlar\u0131na yamalar g\u00f6ndermi\u015f ABD\u2019li Motorola ise d\u00fczeltme \u00fczerinde \u00e7al\u0131\u015ft\u0131klar\u0131n\u0131 lisana getirmi\u015fti.<\/p>\n<p>Bu durum, Qualcomm taraf\u0131ndan g\u00fcvenlik a\u00e7\u0131klar\u0131na yama yay\u0131nland\u0131ktan sonraki aylarda ortaya \u00e7\u0131kar\u0131lm\u0131\u015ft\u0131 ki bu, berbat niyetli \u015fah\u0131slar\u0131n yonga setinin g\u00fcvenlik d\u00fcnyas\u0131nda depolanan \u015fifre anahtarlar\u0131n\u0131 ve <strong>sakl\u0131 datalar\u0131<\/strong> almas\u0131na m\u00fcsaade vermi\u015fti.<\/p>\n<p><b><strong>Muteber d\u00fczenleme ortam\u0131<\/strong><\/b><\/p>\n<p><strong><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/29\/8aee5b29b8b0251c928195fd376d23d3dab7a789.jpeg\"\/><\/strong><\/p>\n<p>Qualcomm\u2019un yongalar\u0131, i\u015flemcinin i\u00e7erisinde yer alan ve Sa\u011flam D\u00fczenleme Ortam\u0131 (TEE, Trusted Execution Enviroment) ismi verilen, kodlar\u0131n ve datalar\u0131n kapal\u0131l\u0131\u011f\u0131yla g\u00fcvenli\u011fini sa\u011flayan <strong>inan\u00e7l\u0131 alanla<\/strong> birlikte geliyor. Qualcomm muteber d\u00fczenleme ortam\u0131 (QTEE) ve ARM TrustZone teknolojisi temelli bu donan\u0131m izolasyonu, bir\u00e7ok hassas datan\u0131n rastgele bir risk te\u015fkil etmeden depolanabilmesini sa\u011fl\u0131yor.<\/p>\n<p>Dahas\u0131 bu <strong>inan\u00e7l\u0131 d\u00fcnya<\/strong>, muteber \u00fc\u00e7\u00fcnc\u00fc parti bile\u015fenler (trustlet) formunda ek servisler sa\u011fl\u0131yor. Bunlar, TrustZone\u2019daki \u201ctrusted OS\u201d ismi verilen i\u015fletim sistemi taraf\u0131ndan TEE\u2019de y\u00fckleniyor ve icra ediliyor.<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/29\/985132f84314e1e3075764c5a29eec0126efb651.jpeg\"\/><\/p>\n<p>Trustlet\u2019ler, ayg\u0131t\u0131n ana i\u015fletim sisteminin bulundu\u011fu g\u00fc\u00e7l\u00fc d\u00fczenleme ortam\u0131 olan \u201cnormal\u201d d\u00fcnya ile TEE ortas\u0131nda <strong>k\u00f6pr\u00fc vazifesi<\/strong> g\u00f6r\u00fcyor ve iki d\u00fcnya ortas\u0131ndaki bilgi hareketini kolayla\u015ft\u0131r\u0131yor. Check Point ara\u015ft\u0131rmac\u0131s\u0131 Slava Makkaveev, The Next Web\u2019e yapt\u0131\u011f\u0131 a\u00e7\u0131klamada Emniyetli D\u00fcnya\u2019n\u0131n de\u011ferini \u015f\u00f6yle a\u00e7\u0131kl\u0131yor:<\/p>\n<p><em>\u201cG\u00fcvenilir D\u00fcnya; \u015fifrelerinizi, ta\u015f\u0131nabilir \u00f6demeler i\u00e7in kredi kart\u0131 bilgilerinizi, \u015fifreleme anahtarlar\u0131n\u0131z\u0131 ve bir\u00e7ok \u015feyi daha elinde tutuyor. Sa\u011flam Ortam, m\u00fcdafaan\u0131n son s\u0131n\u0131r\u0131d\u0131r. \u015eayet ki bir hacker \u2018trusted OS\u2019a s\u0131zarsa hassas datalar\u0131n\u0131z\u0131n \u00e7al\u0131nmas\u0131n\u0131n \u00f6n\u00fcne <strong>hi\u00e7bir \u015fey<\/strong> ge\u00e7emez.\u201d<\/em><\/p>\n<p>Qualcomm, ayg\u0131t\u0131n donan\u0131m anahtar\u0131na eri\u015fim olmadan yahut taamm\u00fcden korunmas\u0131z b\u0131rak\u0131lmadan QTEE\u2019de depolanan bilgiye eri\u015fimin imk\u00e2ns\u0131z oldu\u011funu s\u00f6yl\u00fcyor. Lakin d\u00f6rt ay boyunca s\u00fcren bu ara\u015ft\u0131rmaysa bu durumun ayk\u0131r\u0131s\u0131n\u0131 s\u00f6yl\u00fcyor ve TEE\u2019in evvelden d\u00fc\u015f\u00fcn\u00fcld\u00fc\u011f\u00fc kadar a\u015f\u0131lamaz olmad\u0131\u011f\u0131n\u0131 kan\u0131tl\u0131yor.<\/p>\n<p><b><strong>G\u00fcvenlik a\u00e7\u0131\u011f\u0131 ara\u015ft\u0131rmas\u0131<\/strong><\/b><\/p>\n<p><strong><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/29\/513f222b7029906a846c3d7542242cefb3100b24.jpeg\"\/><\/strong><\/p>\n<p>Check Point ara\u015ft\u0131rmac\u0131lar\u0131, buland\u0131rma ismini verdikleri bir teknik kullan\u0131yorlar. Bu teknik, otomatikle\u015ftirilmi\u015f bir deneme metodu ve i\u00e7erisinde bilgisayar program\u0131n\u0131n \u00e7\u00f6kmesine sebep olacak girdi olarak rastgele data sa\u011flamas\u0131 bulunuyor. B\u00f6ylelikle g\u00fcvenlik tedbirlerinin <strong>gerisinden dolanabilmek<\/strong> i\u00e7in s\u00f6m\u00fcr\u00fclebilen programlama yan\u0131lg\u0131lar\u0131n\u0131 ve beklenmedik davran\u0131\u015flar\u0131 belirleyebiliyor.<\/p>\n<p>Buland\u0131rmada Samsung, Motorola ve LG\u2019nin trustlet uygulamalar\u0131 hedeflendi. Bilhassa de trustlet\u2019lerin b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc do\u011frulamaktan sorumlu kodlar maksat al\u0131nd\u0131. B\u00f6ylelikle s\u00fcre\u00e7teki bir\u00e7ok a\u00e7\u0131k ortaya \u00e7\u0131kar\u0131ld\u0131.<\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar, g\u00fcvenlik zaaflar\u0131n\u0131n, sald\u0131rganlar\u0131n ola\u011fan d\u00fcnyadaki emniyetli uygulamalar\u0131n\u0131 infaz etmesine yard\u0131m edebilece\u011fini s\u00f6yledi. Sald\u0131rganlar, inan\u00e7l\u0131 d\u00fcnya i\u00e7erisine yamalanm\u0131\u015f <strong>sa\u011flam uygulamalar\u0131<\/strong> y\u00fckleyebiliyor ve hatta farkl\u0131 ayg\u0131tlardan trustlet\u2019ler dahi y\u00fckleyebiliyorlar.<\/p>\n<p>TEE\u2019in sunumu, yeni bir h\u00fccum hatt\u0131\u00a0a\u00e7sa da bu g\u00fcvenlik a\u00e7\u0131klar\u0131ndan faydalan\u0131ld\u0131\u011f\u0131na dair rastgele bir ispat bulunmuyor. Lakin Makkaveev, TEE\u2019in potansiyel ataklar i\u00e7in maksat olabilece\u011fini de lisana getiriyor. Makkaveev, <em>\u201cTrustZone\u2019a yap\u0131lacak rastgele bir atak, korunan datalara eri\u015fim sa\u011flamak ve ta\u015f\u0131nabilir ayg\u0131tlarda ayr\u0131cal\u0131k kazanma yolu sa\u011fl\u0131yor\u201d<\/em> tabirlerini kulland\u0131.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Siber g\u00fcvenlik \u015firketi Check Point Research taraf\u0131ndan yay\u0131nlanan bulgular, bug\u00fcn bir\u00e7ok Android telefonda kullan\u0131lan, korunan datalar\u0131n &#8230;<\/p>\n","protected":false},"author":1,"featured_media":12741,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[851],"tags":[1300,1407,988,1125,2086],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/12740"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12740"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/12740\/revisions"}],"predecessor-version":[{"id":12742,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/12740\/revisions\/12742"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/12741"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}