{"id":19954,"date":"2022-05-02T04:00:04","date_gmt":"2022-05-02T01:00:04","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=19954"},"modified":"2022-05-02T04:00:04","modified_gmt":"2022-05-02T01:00:04","slug":"zoom-davetlerin-cin-uzerinden-yonlendirildigini-kabul-etti","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=19954","title":{"rendered":"Zoom, Davetlerin \u00c7in \u00dczerinden Y\u00f6nlendirildi\u011fini Kabul Etti"},"content":{"rendered":"

Ge\u00e7ti\u011fimiz g\u00fcn Toronto \u00dcniversitesi Munk Global Ba\u011flar Okulu'nda bulunan\u00a0Citizen Lab<\/strong>, b\u00fct\u00fcn d\u00fcnyan\u0131n uzaktan \u00e7al\u0131\u015fma sistemine ge\u00e7mesiyle ziyadesiyle kullan\u0131lmaya ba\u015flayan Zoom <\/strong>hakk\u0131nda \u00e7arp\u0131c\u0131 bir ger\u00e7e\u011fi ortaya \u00e7\u0131karm\u0131\u015ft\u0131. Citizen Lab\u2019in yapt\u0131\u011f\u0131 ara\u015ft\u0131rmayla Zoom\u2019un davetleri \u00c7in \u00fczerinden y\u00f6nlendirdi\u011fi<\/strong> ger\u00e7e\u011fi g\u00fcn y\u00fcz\u00fcne \u00e7\u0131km\u0131\u015ft\u0131.<\/p>\n

Citizen Lab\u2019in ortaya \u00e7\u0131kard\u0131\u011f\u0131 bu ger\u00e7ek hakk\u0131nda Zoom\u2019dan bir a\u00e7\u0131klama geldi. Bu noktada Zoom taraf\u0131ndan yap\u0131lan a\u00e7\u0131klamaya ge\u00e7meden evvel Citizen Lab\u2019in yapt\u0131\u011f\u0131 ara\u015ft\u0131rmay\u0131 k\u0131saca \u00f6zetleyelim. Citizen Lab, d\u00fcn yay\u0131nlad\u0131\u011f\u0131 ara\u015ft\u0131rmada Kuzey Amerika \u00fczerinden yap\u0131lan birtak\u0131m davetlerin ve bu davetleri inanca alman\u0131n yolu olan \u015fifre anahtarlar\u0131n\u0131n<\/strong> \u00c7in \u00fczerinden y\u00f6nlendirildi\u011fini ayr\u0131nt\u0131l\u0131 bir formda payla\u015fm\u0131\u015ft\u0131.<\/p>\n

Zoom, davetlerin \u00c7in \u00fczerinden y\u00f6nlendirildi\u011fi kabul etti:<\/b><\/p>\n

<\/p>\n

Citizen Lab\u2019in payla\u015ft\u0131\u011f\u0131 bilgilerle birlikte Zoom\u2019un bu anahtarlara eri\u015fiminin oldu\u011fu ve hasebiyle istedi\u011fi davete eri\u015febilece\u011fi\u00a0<\/strong>de b\u00f6ylelikle ortaya \u00e7\u0131km\u0131\u015ft\u0131. Zoom, davetlere yetkisiz \u015fah\u0131slar\u0131n girmesini \u00f6nlemek i\u00e7in g\u00fc\u00e7l\u00fc tedbirler ald\u0131\u011f\u0131n\u0131 s\u00f6ylese de bu anahtarlar\u0131n \u00c7in \u00fczerinden ge\u00e7i\u015fi, kullan\u0131c\u0131lar\u0131n kapal\u0131l\u0131\u011f\u0131n\u0131<\/strong> tehlikeye at\u0131yordu.<\/p>\n

Bug\u00fcn Zoom taraf\u0131ndan gelen a\u00e7\u0131klamadaysa \u015firketin sahiden de davetleri \u00c7in sunucular\u0131 \u00fczerinden y\u00f6nlendirdi\u011fi ger\u00e7e\u011fi kabul edildi<\/strong>. Zoom, a\u011f\u0131r talebi kar\u015f\u0131lamak i\u00e7in sunucular\u0131n\u0131 geni\u015fletmek istedi\u011fini ve\u00a0ezkaza <\/strong>iki \u00c7inli data merkezinin davetleri internet yo\u011funlu\u011fu s\u0131ras\u0131nda alabilece\u011fini onaylad\u0131klar\u0131n\u0131 <\/strong>s\u00f6yledi.<\/p>\n

Zoom\u2019da yap\u0131lan davetler ola\u011fan kurallarda hangi b\u00f6lgeden yap\u0131l\u0131yorsa o b\u00f6lgenin sunucusu \u00fczerinden<\/strong> yap\u0131l\u0131yor. Yani Kuzey Amerika\u2019da yap\u0131lan davetler Kuzey Amerika\u2019da, Avrupa\u2019da yap\u0131lan davetler da Avrupa\u2019da kal\u0131yor. Ama birtak\u0131m \u015firketlerin \u00c7in\u2019e kar\u015f\u0131 olan hassasiyeti, Zoom\u2019un son yanl\u0131\u015f\u0131 y\u00fcz\u00fcnden \u015firkete kar\u015f\u0131 kullan\u0131labilir oldu.<\/p>\n

Y\u00f6nlendirme nas\u0131l yap\u0131l\u0131yordu?<\/b><\/p>\n

<\/p>\n

Zoom, bu s\u00fcre\u00e7 s\u0131ras\u0131nda ses ve g\u00f6r\u00fcnt\u00fcy\u00fc g\u00f6ndermek i\u00e7in standart protokol\u00fc izlemek yerine kendi transfer protokol\u00fcn\u00fc<\/strong> izliyordu. Zoom\u2019un bu siyaseti, Citizen Lab\u2019in ke\u015fiflerine nazaran RTP standard\u0131n\u0131n bir uzant\u0131s\u0131yd\u0131. Zoom\u2019un protokol\u00fc, kendi \u015fifreleme \u015femas\u0131n\u0131 RTP standard\u0131na ola\u011fan d\u0131\u015f\u0131 bir yolla ekliyordu.<\/p>\n

Ola\u011fanda her kullan\u0131c\u0131n\u0131n ses ve g\u00f6r\u00fcnt\u00fcs\u00fc tek bir AES-128 anahtar \u00fczerinden<\/strong> kullan\u0131c\u0131lar ortas\u0131nda \u015fifrelenerek ve de\u015fifre edilerek g\u00f6nderiliyordu. AES anahtar\u0131, s\u0131rf Zoom sunucular\u0131nda bulunan ve o toplant\u0131da yer alan i\u015ftirak\u00e7iler ortas\u0131nda da\u011f\u0131t\u0131l\u0131yordu.<\/p>\n

<\/p>\n

Zoom\u2019un \u015fifreleme ve de\u015fifrelemesi, AES\u2019i ECB modunda<\/strong> kullan\u0131yordu lakin bu durum\u00a0Zoom i\u00e7in berbat bir usuld\u00fc. \u00c7\u00fcnk\u00fc bu \u015fifreleme modu, girdi \u00fczerinde kimi ipu\u00e7lar\u0131<\/strong> b\u0131rak\u0131yordu (Yukar\u0131daki g\u00f6rselde g\u00f6r\u00fclen ipu\u00e7lar\u0131 gibi). Bu \u00fcslup platformlar i\u00e7in g\u00fcn\u00fcm\u00fczde \u00f6nerilen \u015fifreleme sistemiyse AES anahtarlar\u0131n\u0131n \u2018Segmented Integer Counter Mode<\/strong>\u2019 ya da \u2018f8-mode<\/strong>\u2019 modlar\u0131 \u00fczerinden kullan\u0131m\u0131yd\u0131.<\/p>\n

Zoom \u00fczerinde bir test yapan Citizen Lab, davette bulunan AES-128 anahtar\u0131n\u0131n Pekin'de bir i\u015ftirak\u00e7iye g\u00f6nderildi\u011fini g\u00f6rd\u00fc. Bir tarama ger\u00e7ekle\u015ftiren tak\u0131m, \u00c7in ve ABD\u2019de t\u0131pk\u0131 Zoom sunucu yaz\u0131l\u0131m\u0131n\u0131n \u00e7al\u0131\u015ft\u0131\u011f\u0131 sunucular\u0131 ke\u015ffetti. Buna nazaran \u00c7in\u2019de 5 adet sunucu,\u00a0<\/strong>ABD\u2019dekiyle birebir yaz\u0131l\u0131m\u0131 payla\u015f\u0131yordu. Bu da anahtarlar\u0131n bu sunucular ortas\u0131nda payla\u015f\u0131ld\u0131\u011f\u0131ndan ku\u015fku edilmesine yol a\u00e7m\u0131\u015ft\u0131.<\/p>\n

<\/div>\n","protected":false},"excerpt":{"rendered":"

Ge\u00e7ti\u011fimiz g\u00fcn Toronto \u00dcniversitesi Munk Global Ba\u011flar Okulu'nda bulunan\u00a0Citizen Lab, b\u00fct\u00fcn d\u00fcnyan\u0131n uzaktan \u00e7al\u0131\u015fma sistemine ge\u00e7mesiyle …<\/p>\n","protected":false},"author":1,"featured_media":19955,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[854],"tags":[2837,1343,1527,1199,1855],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/19954"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=19954"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/19954\/revisions"}],"predecessor-version":[{"id":19956,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/19954\/revisions\/19956"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/19955"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=19954"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=19954"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=19954"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}