{"id":10139,"date":"2021-10-11T14:49:23","date_gmt":"2021-10-11T11:49:23","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10139"},"modified":"2021-10-14T18:46:42","modified_gmt":"2021-10-14T15:46:42","slug":"what-is-spookjs","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/what-is-spookjs\/10139\/","title":{"rendered":"Spook.js, bir korku masal\u0131"},"content":{"rendered":"

Bakt\u0131\u011f\u0131n\u0131zda, kimlik av\u0131 sald\u0131r\u0131s\u0131n\u0131n bir mant\u0131\u011f\u0131 vard\u0131r: Bir ba\u011flant\u0131ya t\u0131klars\u0131n\u0131z, k\u00f6t\u00fc niyetli bir sayfaya gidersiniz, baz\u0131 bilgileri girersiniz ve bu bilgileriniz bir sald\u0131rgan taraf\u0131ndan \u00e7al\u0131n\u0131r. Peki bir de \u015funu d\u00fc\u015f\u00fcn\u00fcn: Bir ba\u011flant\u0131ya t\u0131kl\u0131yorsunuz ve verileriniz bir sald\u0131rgan taraf\u0131ndan \u00e7al\u0131n\u0131yor. Evet do\u011fru, bug\u00fcn, kurban\u0131n herhangi bir \u015fey yapmas\u0131na gerek kalmadan temel bir CPU \u00f6zelli\u011finden yararlanarak veri \u00e7alan k\u00f6t\u00fc ama\u00e7l\u0131 sayfalardan bahsediyoruz. Ve bu s\u00f6z konusu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n d\u00fczeltilmesi, imkans\u0131z de\u011filse bile olduk\u00e7a zor.<\/p>\n

2018\u2019de ara\u015ft\u0131rmac\u0131lar, Spectre g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n ilk iki t\u00fcr\u00fcn\u00fc ortaya \u00e7\u0131kararak a\u00e7\u0131ktan faydalanman\u0131n teorik olarak m\u00fcmk\u00fcn oldu\u011funu kan\u0131tlad\u0131lar. \u00dc\u00e7 y\u0131l sonra, Eyl\u00fcl 2021\u2019de, Spectre v1.1\u2019in kullan\u0131ld\u0131\u011f\u0131 ger\u00e7ek hayattaki ilk sald\u0131r\u0131y\u0131 g\u00f6rd\u00fck. Spook.js olarak bilinen sald\u0131r\u0131 olduk\u00e7a karma\u015f\u0131k bir konsepte sahip olsa da elimizden geldi\u011fince bunu basitle\u015ftirmeye \u00e7al\u0131\u015faca\u011f\u0131z.<\/p>\n

Spectre v1\u2019in ge\u00e7mi\u015fi<\/h2>\n

Bu aileye ait ilk iki sald\u0131r\u0131n\u0131n \u2014 Spectre ve Meltdown \u2014 haberi 2018\u2019de geldi<\/a>. Sald\u0131r\u0131lar, t\u00fcm modern CPU\u2019larda bulunan, komut y\u00fcr\u00fctmeyi h\u0131zland\u0131rmak i\u00e7in tasarlanm\u0131\u015f dallanma \u00f6ng\u00f6r\u00fcs\u00fc (branch prediction) mekanizmas\u0131ndan yararlan\u0131yordu.<\/p>\n

\"\"

Spectre g\u00fcvenlik a\u00e7\u0131\u011f\u0131 logosu<\/p><\/div>\n

Bir kullan\u0131c\u0131, bir internet sitesinde oturum a\u00e7mak i\u00e7in parolas\u0131n\u0131 girdi\u011finde arkada, parola do\u011fruysa bir dizi komut, do\u011fru olmamas\u0131 durumunda ise ba\u015fka bir dizi komut y\u00fcr\u00fct\u00fcl\u00fcr. Bununla birlikte \u2014 dallanma \u00f6ng\u00f6r\u00fcs\u00fcn\u00fcn devreye girdi\u011fi yer tam da buras\u0131d\u0131r \u2014 do\u011fru olup olmad\u0131\u011f\u0131na ili\u015fkin geri d\u00f6n\u00fc\u015f almadan \u00f6nce CPU, b\u00fcy\u00fck olas\u0131l\u0131kla \u00e7al\u0131\u015ft\u0131rmas\u0131 gerekti\u011fini d\u00fc\u015f\u00fcnen komut setini y\u00fcr\u00fctmeye ba\u015flar.<\/p>\n

\u00d6rne\u011fimizde, parola daha \u00f6nce y\u00fczlerce kez do\u011fru girildiyse, CPU bu sefer de farkl\u0131 olmayaca\u011f\u0131n\u0131 varsayar. CPU\u2019nun \u00f6ng\u00f6r\u00fcs\u00fc do\u011fru \u00e7\u0131karsa, kullan\u0131c\u0131 bir performans art\u0131\u015f\u0131 sa\u011flam\u0131\u015f olur. Yanl\u0131\u015f \u00e7\u0131karsa da, CPU varsay\u0131msal olarak y\u00fcr\u00fct\u00fclen komutlar\u0131 atar ve di\u011fer komut setini \u00e7al\u0131\u015ft\u0131r\u0131r.<\/p>\n

Bir Spectre g\u00fcvenlik a\u00e7\u0131\u011f\u0131 sald\u0131r\u0131s\u0131nda, program\u0131n eri\u015fimi olmayan bir veri alan\u0131n\u0131 okuma giri\u015fiminde bulunulur. Sald\u0131r\u0131n\u0131n ilk a\u015famas\u0131nda, a\u00e7\u0131k eri\u015fim veri alanlar\u0131na \u00e7oklu \u00e7a\u011fr\u0131lar yap\u0131l\u0131r, bu sayede dallanma \u00f6ng\u00f6r\u00fc sistemi yasakl\u0131 okuma i\u015flemini de ger\u00e7ekle\u015ftirecek \u015fekilde \u201ce\u011fitilir\u201d. Dallanma \u00f6ng\u00f6r\u00fcs\u00fc kullan\u0131larak CPU, ger\u00e7ekten okumas\u0131na izin verilen verileri okumak isteyen programa al\u0131\u015fk\u0131n oldu\u011fu i\u00e7in i\u015flemi \u00f6nceden ger\u00e7ekle\u015ftirir. Ancak yap\u0131lan bir kontrol, program\u0131n verilere eri\u015fiminin yasak oldu\u011funu ortaya \u00e7\u0131kar\u0131r ve bunun sonucunda varsay\u0131msal olarak y\u00fcr\u00fct\u00fclen hesaplamalar at\u0131l\u0131r. Buraya kadar her \u015fey yolunda \u2014 ancak CPU taraf\u0131ndan okunan veriler bir s\u00fcre CPU\u2019nun kendi belle\u011fi olan \u00f6nbellekte saklanmaya devam eder.<\/p>\n

\u0130\u015fin ilgin\u00e7 k\u0131sm\u0131 da bundan sonra ba\u015flar: CPU\u2019nun \u00f6nbelle\u011finden gizli verileri do\u011frudan okuman\u0131n hi\u00e7bir yolu olmad\u0131\u011f\u0131ndan, k\u00f6t\u00fc niyetli s\u00fcre\u00e7, bu verileri \u00e7almak i\u00e7in yan kanal sald\u0131r\u0131s\u0131(side-channel attack) ad\u0131 verilen bir sald\u0131r\u0131 ba\u015flat\u0131r. Bu sald\u0131r\u0131da belirli bilgilere eri\u015fim h\u0131z\u0131 \u00f6l\u00e7\u00fcl\u00fcr. Veri g\u00f6rece olarak k\u00fc\u00e7\u00fckse, bu, verilerin \u00f6nbellekte tutuldu\u011fu anlam\u0131na gelir. B\u00fcy\u00fckse, normal RAM\u2019den y\u00fcklenir. Bir dizi okuma denemesi, gizli bilgilerin s\u0131zmas\u0131na neden olur.<\/p>\n

Sonu\u00e7 olarak ya\u015fanan, tek \u00e7\u00f6z\u00fcm\u00fc dallanma \u00f6ng\u00fcr\u00fcs\u00fcn\u00fcn tamamen devre d\u0131\u015f\u0131 b\u0131rak\u0131lmas\u0131 olan ve dolay\u0131s\u0131yla performans\u0131 ciddi \u015fekilde etkileyen temel bir CPU hatas\u0131d\u0131r. Bununla birlikte, Spectre sald\u0131r\u0131lar\u0131nda:<\/p>\n