{"id":10492,"date":"2022-02-07T12:38:17","date_gmt":"2022-02-07T09:38:17","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10492"},"modified":"2022-02-07T12:38:17","modified_gmt":"2022-02-07T09:38:17","slug":"how-to-protect-from-pegasus-spyware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/how-to-protect-from-pegasus-spyware\/10492\/","title":{"rendered":"Pegasus, Chrysaor ve di\u011fer APT mobil k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan korunma"},"content":{"rendered":"

2021\u2019in muhtemelen en b\u00fcy\u00fck haberi olan, Guardian ve di\u011fer 16 medya kurulu\u015fu taraf\u0131ndan Temmuz ay\u0131nda yay\u0131nlanan bir ara\u015ft\u0131rma, d\u00fcnya \u00e7ap\u0131nda 30.000\u2019den fazla insan haklar\u0131 aktivistinin, gazetecinin ve avukat\u0131n Pegasus taraf\u0131ndan hedef al\u0131nd\u0131\u011f\u0131n\u0131 \u00f6ne s\u00fcrd\u00fc. Pegasus, \u0130srailli \u015firket NSO taraf\u0131ndan geli\u015ftirilen s\u00f6zde \u201cyasal bir g\u00f6zetim yaz\u0131l\u0131m\u0131\u201d. Pegasus Projesi<\/a> adl\u0131 raporda, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 yayg\u0131n \u015fekilde da\u011f\u0131tmak i\u00e7in baz\u0131 iOS s\u0131f\u0131r t\u0131klamal\u0131 s\u0131f\u0131r g\u00fcnleri de dahil olmak \u00fczere \u00e7e\u015fitli g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlan\u0131ld\u0131\u011f\u0131 iddia edildi.<\/p>\n

Uluslararas\u0131 Af \u00d6rg\u00fct\u00fc\u2019n\u00fcn G\u00fcvenlik Laboratuvar\u0131, say\u0131s\u0131z mobil cihaz\u0131n adli analizine dayanarak yaz\u0131l\u0131m\u0131n defalarca g\u00f6zetleme amac\u0131yla k\u00f6t\u00fcye kullan\u0131ld\u0131\u011f\u0131n\u0131 ortaya koydu. Hedeflenen ki\u015filerin listesi, 14 d\u00fcnya liderinin yan\u0131 s\u0131ra bir\u00e7ok aktivisti, insan haklar\u0131 savunucusunu, kar\u015f\u0131t g\u00f6r\u00fc\u015fl\u00fc ki\u015fileri ve muhalefette yer alan isimleri i\u00e7eriyor.<\/p>\n

Temmuz ay\u0131 i\u00e7erisinde, \u0130srail h\u00fck\u00fcmetinden temsilciler, iddialarla ilgili soru\u015fturman\u0131n bir par\u00e7as\u0131 olarak NSO ofislerini ziyaret etti.<\/a> Ekim ay\u0131nda, Hindistan Y\u00fcksek Mahkemesi, vatanda\u015flar\u0131na casusluk yapmak amac\u0131yla Pegasus kullan\u0131m\u0131n\u0131 ara\u015ft\u0131rmak<\/a> i\u00e7in bir teknik komite g\u00f6revlendirdi. Apple, Kas\u0131m ay\u0131nda, kullan\u0131c\u0131lar\u0131n\u0131 \u201ck\u00f6t\u00fc ama\u00e7l\u0131 ve casus yaz\u0131l\u0131mlar\u201d kullanarak hedef alan yaz\u0131l\u0131mlar geli\u015ftirdi\u011fi i\u00e7in NSO Group\u2019a kar\u015f\u0131 yasal i\u015flem ba\u015flatt\u0131\u011f\u0131n\u0131 duyurdu.<\/a> Son olarak, Aral\u0131k ay\u0131nda Reuters, Apple\u2019\u0131n da uyard\u0131\u011f\u0131 gibi, ABD D\u0131\u015fi\u015fleri Bakanl\u0131\u011f\u0131 telefonlar\u0131n\u0131n NSO Pegasus k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131yla hacklendi\u011fini yay\u0131nlad\u0131.<\/a><\/p>\n

Ge\u00e7ti\u011fimiz birka\u00e7 ay boyunca, d\u00fcnyan\u0131n d\u00f6rt bir yan\u0131ndaki ilgili kullan\u0131c\u0131lardan mobil cihazlar\u0131n\u0131 Pegasus ve benzeri ara\u00e7lardan ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan nas\u0131l koruyabileceklerine dair \u00e7ok say\u0131da soru ald\u0131m. Bu yaz\u0131da, hi\u00e7bir savunma tekni\u011fi listesinin asla tam olarak her \u015feyi kapsayamayaca\u011f\u0131n\u0131 da not d\u00fc\u015ferek, bu sorular\u0131 yan\u0131tlamaya \u00e7al\u0131\u015f\u0131yoruz. Sald\u0131rganlar \u00e7al\u0131\u015fma \u015fekillerini de\u011fi\u015ftirdik\u00e7e, koruma tekniklerinin de yeni y\u00f6ntemlere uyarlanmas\u0131 gerekti\u011fi de unutulmamal\u0131.<\/p>\n

Pegasus ve di\u011fer geli\u015fmi\u015f mobil casus yaz\u0131l\u0131mlardan nas\u0131l korunabilirsiniz?<\/h2>\n

Her \u015feyden \u00f6nce, Pegasus\u2019un ulus devletlere nispeten y\u00fcksek fiyatlarla sat\u0131lan bir ara\u00e7 tak\u0131m\u0131 oldu\u011funu<\/strong> s\u00f6yleyerek ba\u015flamal\u0131y\u0131z. Tam bir da\u011f\u0131t\u0131m\u0131n maliyeti kolayl\u0131kla milyonlarca USD\u2019yi bulabilir. Benzer \u015fekilde, s\u0131f\u0131r t\u0131klamal\u0131 s\u0131f\u0131r g\u00fcn a\u00e7\u0131klar\u0131ndan yararlan\u0131larak ba\u015fka k\u00f6t\u00fc ama\u00e7l\u0131 APT mobil yaz\u0131l\u0131mlar da da\u011f\u0131t\u0131labilir. Bunlar son derece pahal\u0131d\u0131r. \u00d6rne\u011fin, bir k\u00f6t\u00fcye kullan\u0131m arac\u0131 kurumu olan Zerodium, kal\u0131c\u0131 bir Android s\u0131f\u0131r t\u0131klamal\u0131 bula\u015fma zinciri i\u00e7in 2,5 milyon USD\u2019ye kadar \u00f6deme yap\u0131yor:<\/p>\n

\"\"

Kal\u0131c\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131 Zerodium\u2019un fiyat listesinde 2,5 milyon USD\u2019ye kadar \u00e7\u0131k\u0131yor<\/p><\/div>\n

\u00a0<\/p>\n

Buradan, daha en ba\u015ftan, \u00f6nemli bir sonu\u00e7 \u00e7\u0131k\u0131yor: Ulus devlet destekli siber casusluk, istedi\u011fini alabilecek bir giri\u015fim. Bir tehdit akt\u00f6r\u00fc, sald\u0131r\u0131 programlar\u0131na milyonlarca, belki de on milyonlarca, hatta y\u00fcz milyonlarca USD harcamay\u0131 g\u00f6ze alabiliyorsa, hedefin vir\u00fcs bula\u015fmas\u0131ndan ka\u00e7\u0131nabilmesi pek de olas\u0131 de\u011fil. Daha basit ifade etmek gerekirse, e\u011fer b\u00f6yle bir akt\u00f6r taraf\u0131ndan hedef al\u0131n\u0131yorsan\u0131z esas mesele vir\u00fcs bula\u015f\u0131p bula\u015fmayaca\u011f\u0131 de\u011fil, ne kadar zamanda ve ne kadar kaynak kullan\u0131larak<\/strong> bula\u015faca\u011f\u0131.<\/p>\n

Gelelim iyi habere: K\u00f6t\u00fcye kullan\u0131m geli\u015ftirme ve sald\u0131r\u0131ya dayal\u0131 siber sava\u015f, genellikle kesin bir bilim olmaktan ziyade bir sanatt\u0131r. Belirli i\u015fletim sistemi s\u00fcr\u00fcmlerine ve donan\u0131mlara g\u00f6re ince ayarlamalara ihtiya\u00e7 duyan k\u00f6t\u00fcye kullan\u0131mlar; yeni i\u015fletim sistemi s\u00fcr\u00fcmleri, yeni risk azaltma teknikleri, hatta rastgele olaylar gibi ufak \u015feyler taraf\u0131ndan kolayca engellenebilir.<\/p>\n

Buna ek olarak, bula\u015fma ve hedefleme ayn\u0131 zamanda bir maliyet sorunudur; bu da sald\u0131rganlar i\u00e7in i\u015fleri daha da zorla\u015ft\u0131r\u0131r. Mobil cihaza vir\u00fcs bula\u015ft\u0131rma ve k\u00f6t\u00fcye kullanma giri\u015fimlerinin ba\u015far\u0131l\u0131 olmas\u0131n\u0131 her zaman engelleyemesek de, bunu sald\u0131rganlar i\u00e7in m\u00fcmk\u00fcn oldu\u011funca zorla\u015ft\u0131rmaya \u00e7al\u0131\u015fabiliriz.<\/p>\n

Peki, bunu pratikte nas\u0131l yapar\u0131z? \u0130\u015fte size basit bir kontrol listesi:<\/p>\n

iOS\u2019ta geli\u015fmi\u015f casus yaz\u0131l\u0131mlardan nas\u0131l korunabilirsiniz?<\/h3>\n

Her g\u00fcn yeniden ba\u015flat\u0131n.<\/strong> Uluslararas\u0131 Af \u00d6rg\u00fct\u00fc ve Citizen Lab\u2019in ara\u015ft\u0131rmas\u0131na g\u00f6re, Pegasus bula\u015fma zinciri genellikle kal\u0131c\u0131 olmayan s\u0131f\u0131r t\u0131klamal\u0131 s\u0131f\u0131r g\u00fcnlere dayan\u0131yor. Bu nedenle d\u00fczenli olarak yeniden ba\u015flatmak, cihaz\u0131 temizlemeye yard\u0131mc\u0131 olacakt\u0131r. Cihaz her g\u00fcn yeniden ba\u015flat\u0131l\u0131rsa sald\u0131rganlar\u0131n cihaza tekrar tekrar vir\u00fcs bula\u015ft\u0131rmas\u0131 gerekir. Zamanla bu tespit \u015fans\u0131n\u0131 art\u0131r\u0131r; bir \u00e7\u00f6kme meydana gelebilir veya bula\u015fman\u0131n gizli yap\u0131s\u0131n\u0131 a\u00e7\u0131\u011fa \u00e7\u0131karan kal\u0131nt\u0131lar kaydedilebilir. Bu yaln\u0131zca teoriden ibaret de\u011fil; pratikte de bir mobil cihaz\u0131n s\u0131f\u0131r t\u0131klama yoluyla hedef al\u0131nd\u0131\u011f\u0131 bir durumu analiz ettik (muhtemelen FORCEDENTRY). Cihaz sahibi, sald\u0131r\u0131y\u0131 takip eden 24 saat i\u00e7inde cihaz\u0131n\u0131 d\u00fczenli olarak yeniden ba\u015flatt\u0131. Sald\u0131rganlar bu ki\u015fiyi birka\u00e7 kez daha hedeflemeye \u00e7al\u0131\u015fsalar da, yeniden ba\u015flatmalar yoluyla birka\u00e7 kez geri p\u00fcsk\u00fcrt\u00fcld\u00fckten sonra sonunda pes ettiler.<\/p>\n

NoReboot: Sistemde yer edinmek i\u00e7in telefonun sahte \u015fekilde yeniden ba\u015flat\u0131lmas\u0131<\/a><\/p><\/blockquote>\n