{"id":10731,"date":"2022-05-31T12:13:48","date_gmt":"2022-05-31T09:13:48","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10731"},"modified":"2022-05-31T12:14:58","modified_gmt":"2022-05-31T09:14:58","slug":"flaws-in-connected-car-apps","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/flaws-in-connected-car-apps\/10731\/","title":{"rendered":"Ak\u0131ll\u0131 araba uygulamalar\u0131 nas\u0131l daha iyi hale getirilir"},"content":{"rendered":"<p>\u0130nternet ba\u011flant\u0131l\u0131 otomobiller kullan\u0131c\u0131lar\u0131na ba\u015fta daha fazla bilgi ve ara\u00e7 fonksiyonlar\u0131n\u0131 uzaktan kontrol etme becerisi olmak \u00fczere pek \u00e7ok avantaj sunuyor. Ne var ki her zaman oldu\u011fu gibi yeni f\u0131rsatlar yeni tehditleri de beraberinde getiriyor. Bu otomobillerden baz\u0131lar\u0131, yaln\u0131zca otomobil \u00fcreticileri taraf\u0131ndan de\u011fil \u00fc\u00e7\u00fcnc\u00fc taraf \u015firketler taraf\u0131ndan da ba\u011fl\u0131 otomobil sahiplerine y\u00f6nelik geli\u015ftirilen \u00e7ok say\u0131da servis ve uygulamayla ili\u015fkilendiriliyor. Meslekta\u015flar\u0131m\u0131z k\u0131sa s\u00fcre \u00f6nce bu t\u00fcr pop\u00fcler uygulamalar\u0131 ve servisleri inceleyerek bilgi g\u00fcvenli\u011fiyle ilgili temel eksiklerini tan\u0131mlad\u0131. Bu \u00e7al\u0131\u015fman\u0131n sonu\u00e7lar\u0131 <a href=\"https:\/\/securelist.com\/third-party-automotive-app-security\/106538\/\" target=\"_blank\" rel=\"noopener\">Securelist blogumuzda yay\u0131nland\u0131<\/a>. Raporda uygulamalar\u0131n eksikleri son kullan\u0131c\u0131 a\u00e7\u0131s\u0131ndan a\u00e7\u0131klan\u0131yor. Ancak bu \u00e7al\u0131\u015fmadan \u00e7\u0131kar\u0131lan dersler yaz\u0131l\u0131m geli\u015ftiricileri de ilgilendiriyor.<\/p>\n<h2>Ba\u011fl\u0131 otomobil uygulamalar\u0131nda yayg\u0131n g\u00f6r\u00fclen kusurlar<\/h2>\n<p>Uygulamalar\u0131n hat\u0131r\u0131 say\u0131l\u0131r bir k\u0131sm\u0131, ara\u00e7 sahibi ile otomobil \u00fcreticisinin servisi aras\u0131nda bir t\u00fcr arac\u0131 g\u00f6revi g\u00f6r\u00fcyor. \u00c7o\u011funlukla bu hizmetler i\u00e7in oturum a\u00e7ma bilgileri ve parola (ya da bir yetkilendirme belirteci) istiyorlar. Di\u011fer bir deyi\u015fle, otomobil sahipleri yaz\u0131l\u0131m geli\u015ftiricilere arabalar\u0131n\u0131n dijital anahtar\u0131n\u0131 teslim ediyor. \u00dcstelik her kullan\u0131c\u0131 bunun fark\u0131nda de\u011fil. Bu uygulamalarda yayg\u0131n g\u00f6r\u00fclen kusurlar\u0131 ana hatlar\u0131yla \u00f6zetledik.<\/p>\n<h3>\u015eeffafl\u0131k eksikli\u011fi<\/h3>\n<p>Geli\u015ftiricilerle son kullan\u0131c\u0131lar aras\u0131ndaki ili\u015fkide en \u00f6nemli \u015fey g\u00fcven. Bu y\u00fczden kullan\u0131c\u0131y\u0131,<\/p>\n<ul>\n<li>uygulaman\u0131z\u0131n orijinal servisteki bir m\u00fc\u015fteri hesab\u0131n\u0131 kulland\u0131\u011f\u0131;<\/li>\n<li>bu kimlik bilgilerini saklamad\u0131\u011f\u0131n\u0131z (ya da \u015fifrelenmi\u015f olarak saklad\u0131\u011f\u0131n\u0131z);<\/li>\n<li>yetkilendirme belirtecinin de bir dizi ara\u00e7 i\u015flevine eri\u015fim sa\u011flad\u0131\u011f\u0131;<\/li>\n<li>kullan\u0131c\u0131n\u0131n bu uygulamay\u0131 kullanarak ilave risk olas\u0131l\u0131\u011f\u0131n\u0131 kabul etmi\u015f oldu\u011fu hakk\u0131nda a\u00e7\u0131k ve net bir \u015fekilde bilgilendirmek b\u00fcy\u00fck \u00f6nem ta\u015f\u0131yor.<\/li>\n<\/ul>\n<h3>Geli\u015ftiricilerle ileti\u015fim kanal\u0131 eksikli\u011fi<\/h3>\n<p>Yaz\u0131l\u0131m geli\u015ftiricilerin kullan\u0131c\u0131 geri bildirimi i\u00e7in a\u00e7\u0131k bir kanal b\u0131rakmas\u0131 yayg\u0131n g\u00f6r\u00fclen bir uygulamad\u0131r. Elbette \u00fccretsiz uygulamalar\u0131n yazarlar\u0131n\u0131n 7\/24 teknik destek vermesi beklenemez. Fakat ba\u011fl\u0131 otomobilin kullan\u0131m\u0131na m\u00fcdahale edebilecek uygulamalar s\u00f6z konusu oldu\u011funda en az\u0131ndan arac\u0131n veya s\u00fcr\u00fcc\u00fcn\u00fcn g\u00fcvenli\u011fiyle ilgili beklenmedik ko\u015fullar i\u00e7in bir ileti\u015fim kanal\u0131 bulunmas\u0131 gerekiyor.<\/p>\n<h3>\u0130\u015fbirli\u011finin yanl\u0131\u015f sonland\u0131r\u0131lmas\u0131<\/h3>\n<p>Bir m\u00fc\u015fteri uygulaman\u0131z\u0131 kald\u0131rd\u0131\u011f\u0131nda bunun arkas\u0131nda yatan sebebi bilemezsiniz. Belki art\u0131k hizmetinize ihtiya\u00e7lar\u0131 kalmam\u0131\u015ft\u0131r, belki de yaln\u0131zda cihazlar\u0131n\u0131 de\u011fi\u015ftirmek istemi\u015flerdir. Birinci durumda kullan\u0131c\u0131ya aboneli\u011fi iptal etmesini ve\/veya hesab\u0131n\u0131 silmesini hat\u0131rlatmak faydal\u0131 olabilir. Ayr\u0131ca otomobil \u00fcreticisindeki hesaplar\u0131n\u0131n parolas\u0131n\u0131 de\u011fi\u015ftirmelerini ya da yetkilendirme belirtecini geri \u00e7ekmelerini \u00f6nermek de iyi olacakt\u0131r. Bu hem kullan\u0131c\u0131n\u0131n g\u00fcvenli\u011fi ve gizlili\u011fiyle ilgili kayg\u0131lar\u0131n\u0131z\u0131 g\u00f6sterir hem de sizi gereksiz sorumluluklardan kurtar\u0131r.<\/p>\n<h2>Uygulama g\u00fcvenli\u011fi hakk\u0131nda daha fazla ipucu<\/h2>\n<p>Hi\u00e7 kimse siber su\u00e7lular\u0131n kendi uygulamas\u0131 \u00fcst\u00fcnden son kullan\u0131c\u0131n\u0131n otomobiline sald\u0131rmas\u0131n\u0131 istemez. Bu y\u00fczden uzmanlar\u0131m\u0131z, ak\u0131ll\u0131 otomobil uygulamas\u0131 geli\u015ftirenlerin m\u00fc\u015fterilerini veya kendilerini tehlikeye atmamak i\u00e7in baz\u0131 \u00f6nlemler almas\u0131n\u0131 \u00f6neriyor. \u0130\u015fte pratik birka\u00e7 ipucu:<\/p>\n<ul>\n<li>\u00c7al\u0131\u015fma zaman\u0131nda uygulama kontrol\u00fc, da\u011f\u0131t\u0131m \u00f6ncesi g\u00fcvenlik a\u00e7\u0131\u011f\u0131 tarama, kapsay\u0131c\u0131lar\u0131n rutin g\u00fcvenlik incelemesi ve \u00fcretim yap\u0131tlar\u0131n\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlara kar\u015f\u0131 test edilmesi yoluyla yaz\u0131l\u0131m geli\u015ftirme s\u00fcrecinde g\u00fcvenli\u011fi sa\u011flayabilecek <a href=\"https:\/\/www.kaspersky.com.tr\/enterprise-security\/cloud-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">\u00e7\u00f6z\u00fcmler<\/a> benimseyin.<\/li>\n<li>Uygulaman\u0131n kendi i\u00e7inde <a href=\"https:\/\/www.kaspersky.com.tr\/mobile-security-sdk?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">g\u00fcvenlik mekanizmalar\u0131<\/a> uygulay\u0131n.<\/li>\n<li>Hemen kullan\u0131ma uygun \u00e7\u00f6z\u00fcmleri piyasaya s\u00fcrmeden \u00f6nce g\u00fcvenlik denetiminden ge\u00e7irin.<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Uzmanlar\u0131m\u0131z internet ba\u011flant\u0131l\u0131 otomobillere y\u00f6nelik uygulamalar\u0131 derinlikli olarak inceledikten sonra bu t\u00fcr yaz\u0131l\u0131mlarda g\u00f6r\u00fclen kusurlar\u0131 belirledi.<\/p>\n","protected":false},"author":2581,"featured_media":10732,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2553],"class_list":{"0":"post-10731","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-internet-baglantili-otomobiller"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/flaws-in-connected-car-apps\/10731\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/flaws-in-connected-car-apps\/24214\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/flaws-in-connected-car-apps\/19696\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/flaws-in-connected-car-apps\/26544\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/flaws-in-connected-car-apps\/24502\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/flaws-in-connected-car-apps\/24853\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/flaws-in-connected-car-apps\/27218\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/flaws-in-connected-car-apps\/33234\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/flaws-in-connected-car-apps\/44446\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/flaws-in-connected-car-apps\/18962\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/flaws-in-connected-car-apps\/19509\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/flaws-in-connected-car-apps\/25073\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/flaws-in-connected-car-apps\/30577\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/flaws-in-connected-car-apps\/30326\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/internet-baglantili-otomobiller\/","name":"internet ba\u011flant\u0131l\u0131 otomobiller"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10731","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10731"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10731\/revisions"}],"predecessor-version":[{"id":10736,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10731\/revisions\/10736"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10732"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10731"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10731"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10731"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}