{"id":30545,"date":"2022-05-21T18:12:04","date_gmt":"2022-05-21T15:12:04","guid":{"rendered":"https:\/\/kutaybilen.com.tr\/?p=30545"},"modified":"2022-05-21T18:12:04","modified_gmt":"2022-05-21T15:12:04","slug":"milyarlarca-aygiti-etkileyen-bir-guvenlik-acigi-kesfedildi","status":"publish","type":"post","link":"https:\/\/kutaybilen.com.tr\/?p=30545","title":{"rendered":"Milyarlarca Ayg\u0131t\u0131 Etkileyen Bir G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Ke\u015ffedildi"},"content":{"rendered":"<p>Her g\u00fcn \u00e7e\u015fitli gayelerle kulland\u0131\u011f\u0131m\u0131z milyarlarca ak\u0131ll\u0131 telefon, tablet, diz\u00fcst\u00fc bilgisayar ve ekosistem cihaz\u0131\u00a0gibi teknolojik aletler, <strong>Bluetooth teknolojisini<\/strong> kullan\u0131yor. Lakin <strong>BLESA (Bluetooth Low Energy Spoofing Attack)<\/strong> isimli yeni bir ak\u0131n \u00e7e\u015fidi, t\u00fcm Bluetooth ayg\u0131tlar\u0131n g\u00fcvenli\u011fini tehlikeye att\u0131.<\/p>\n<p>Yeni g\u00fcvenlik a\u00e7\u0131\u011f\u0131, Bluetooth irtibat\u0131 s\u0131ras\u0131nda ili\u015fkiyi en uzun m\u00fchlet boyunca kurabilmek i\u00e7in batarya g\u00fcc\u00fcn\u00fc koruyan <strong>BLE (Bluetooth Low Energy) <\/strong>protokol\u00fcn\u00fc y\u00fcr\u00fcten ayg\u0131tlar\u0131 etkiliyor. G\u00fcvenlik a\u00e7\u0131\u011f\u0131, ABD&#8217;deki\u00a0Purdue \u00dcniversitesi&#8217;nden yedi ara\u015ft\u0131rmac\u0131 taraf\u0131ndan ortaya \u00e7\u0131kar\u0131ld\u0131.<\/p>\n<p><b>Tekrar ba\u011flanma s\u0131ras\u0131nda iki farkl\u0131 kusur yer al\u0131yordu:<\/b><\/p>\n<p><img decoding=\"async\" src=\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/83\/f1b477bbc4927a13a3244aff8eb15c7154c4f3a8.jpeg\"\/><\/p>\n<p>Yedi ara\u015ft\u0131rmac\u0131, \u00e7al\u0131\u015fmalar\u0131nda &#8216;yeniden ba\u011flanma&#8217; s\u00fcreci \u00fczerine odaklanm\u0131\u015flard\u0131. Bu s\u00fcre\u00e7, iki BLE ayg\u0131t\u0131n\u0131n (istemci ve sunucu) e\u015fle\u015ftirme s\u00fcreci s\u0131ras\u0131nda <strong>birbirini do\u011frulamas\u0131ndan sonra<\/strong> ger\u00e7ekle\u015fiyordu. Ara\u015ft\u0131rmac\u0131lar, bu s\u00fcre\u00e7 s\u0131ras\u0131nda yeni g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 ke\u015ffetti.<\/p>\n<p>Ola\u011fan kaidelerde iki BLE ayg\u0131t\u0131, tekrar ba\u011flanma s\u0131ras\u0131nda birbirlerinin <strong>kriptografik anahtar\u0131n\u0131<\/strong> denetim ediyordu. Ancak ara\u015ft\u0131rmac\u0131 grup, resmi BLE tan\u0131mlamas\u0131n\u0131n asl\u0131nda tekrar ba\u011flanma s\u00fcrecini a\u00e7\u0131klayacak kadar <strong>g\u00fc\u00e7l\u00fc bir lisana sahip olmad\u0131\u011f\u0131n\u0131<\/strong> g\u00f6rd\u00fc. Sonu\u00e7 olarak iki sistemik kusur BLE yaz\u0131l\u0131m\u0131nda kendisini g\u00f6sterdi:<\/p>\n<ul>\n<li>Tekrar ba\u011flanma s\u0131ras\u0131nda do\u011frulama mecbur\u00ee olmak yerine <strong>iste\u011fe ba\u011fl\u0131<\/strong>.<\/li>\n<li>Kullan\u0131c\u0131n\u0131n ayg\u0131t\u0131, iletilen bilgilerin kimli\u011fini do\u011frulamak i\u00e7in IoT ayg\u0131t\u0131n\u0131 zorlayamazsa kimlik do\u011frulama potansiyel olarak <strong>atlat\u0131labiliyor<\/strong>.<\/li>\n<\/ul>\n<p><div><\/div>\n<\/p>\n<p>\u0130\u015fte g\u00f6rd\u00fc\u011f\u00fcm\u00fcz bu iki yan\u0131lg\u0131, BLESA sald\u0131r\u0131s\u0131 i\u00e7in kap\u0131y\u0131 aral\u0131yordu. Hackerlar, BLE&#8217;deki yanl\u0131\u015flar nedeniyle tekrar ba\u011flanma do\u011frulamalar\u0131n\u0131 atlatarak ayg\u0131ta <strong>ge\u00e7ersiz bilgiler<\/strong> g\u00f6nderebiliyorlard\u0131. Kusurun nas\u0131l bir ak\u0131na yol a\u00e7t\u0131\u011f\u0131naysa \u00fcstte yer alan ve ara\u015ft\u0131rmac\u0131lar taraf\u0131ndan \u00e7ekilen g\u00f6r\u00fcnt\u00fcye bakabilirsiniz.<\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar taraf\u0131ndan yap\u0131lan a\u00e7\u0131klamaya nazaran BLE&#8217;de bulunan bu a\u00e7\u0131k \u015fu ana kadar ger\u00e7ek manada hackerlar taraf\u0131ndan kullan\u0131lmad\u0131. Ara\u015ft\u0131rmac\u0131lar, <strong>BlueZ (Linux tabanl\u0131 IoT cihazlar\u0131), Fluoride (Android) ve iOS BLE y\u0131\u011f\u0131nlar\u0131n\u0131n<\/strong> BLESA sald\u0131r\u0131s\u0131na kar\u015f\u0131 savunmas\u0131z oldu\u011funu ke\u015ffetti. \u00d6te yandan Windows ayg\u0131tlar bu taarruza kar\u015f\u0131 <strong>sa\u011flamd\u0131<\/strong>.<\/p>\n<p>Apple, Haziran 2020 prestijiyle CVE-2020-9770 ismiyle hitap edilen a\u00e7\u0131\u011f\u0131 <strong>kapatt\u0131<\/strong>. Ancak ara\u015ft\u0131rmac\u0131lar, ge\u00e7ti\u011fimiz ay yay\u0131nlad\u0131klar\u0131 <strong>makalelerinde <\/strong>Android BLE&#8217;nin test ettikleri ayg\u0131tlarda (Google Pixel XL) <strong>h\u00e2l\u00e2 savunmas\u0131z oldu\u011funu<\/strong> a\u00e7\u0131klad\u0131. BlueZ geli\u015ftirici grubuysa BLESA sald\u0131r\u0131s\u0131n\u0131n \u00f6n\u00fcne ge\u00e7mek i\u00e7in tedbir alaca\u011f\u0131n\u0131 belirtti.<\/p>\n<div> <\/div>\n","protected":false},"excerpt":{"rendered":"<p>Her g\u00fcn \u00e7e\u015fitli gayelerle kulland\u0131\u011f\u0131m\u0131z milyarlarca ak\u0131ll\u0131 telefon, tablet, diz\u00fcst\u00fc bilgisayar ve ekosistem cihaz\u0131\u00a0gibi teknolojik aletler &#8230;<\/p>\n","protected":false},"author":1,"featured_media":30546,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[854],"tags":[4981,2162,2210,1104,4982],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/30545"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=30545"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/30545\/revisions"}],"predecessor-version":[{"id":30547,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/30545\/revisions\/30547"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/30546"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=30545"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=30545"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=30545"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}