{"id":11925,"date":"2023-12-15T10:00:05","date_gmt":"2023-12-15T07:00:05","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=11925"},"modified":"2023-12-15T00:06:16","modified_gmt":"2023-12-14T21:06:16","slug":"bluetooth-vulnerability-android-ios-macos-linux","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/11925\/","title":{"rendered":"Bluetooth g\u00fcvenlik a\u00e7\u0131\u011f\u0131 \u00fczerinden Android, macOS, iOS ve Linux’u hacklemek"},"content":{"rendered":"

Bir\u00e7ok pop\u00fcler i\u015fletim sistemindeki Bluetooth protokol\u00fc uygulamalar\u0131nda ciddi bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulundu<\/a>: Android, macOS, iOS, iPadOS ve Linux. Bu hata, kullan\u0131c\u0131n\u0131n herhangi bir i\u015flem yapmas\u0131na gerek kalmadan savunmas\u0131z cihazlar\u0131n uzaktan hacklenmesine olanak tan\u0131yor. \u015eimdi ayr\u0131nt\u0131lara ge\u00e7elim.<\/p>\n

Bluetooth a\u00e7\u0131\u011f\u0131 sahte bir klavye ba\u011flaman\u0131za olanak tan\u0131yor<\/h2>\n

Problemin \u00f6z\u00fc, savunmas\u0131z bir cihaz\u0131n, Bluetooth protokol\u00fcnden sorumlu i\u015fletim sistemi kontrollerini atlayarak, kullan\u0131c\u0131 onay\u0131 gerektirmeden sahte bir Bluetooth klavyeye ba\u011flanmaya zorlanabilmesidir. Kimli\u011fi do\u011frulanmam\u0131\u015f ba\u011flant\u0131 \u00f6zelli\u011fi Bluetooth protokol\u00fcnde belirtilmi\u015ftir ve pop\u00fcler i\u015fletim sistemlerindeki Bluetooth y\u0131\u011f\u0131n\u0131n\u0131n belirli uygulamalar\u0131ndaki sorunlar sald\u0131rganlara bu mekanizmadan yararlanma f\u0131rsat\u0131 sunar.<\/p>\n

Sald\u0131rganlar daha sonra bu ba\u011flant\u0131y\u0131 komut girmek i\u00e7in kullanabilir ve b\u00f6ylece parola veya biyometri (parmak izi veya y\u00fcz taramas\u0131 gibi) gibi ek kimlik do\u011frulamas\u0131 gerektirmeden kullan\u0131c\u0131 kendileriymi\u015f gibi herhangi bir eylemi ger\u00e7ekle\u015ftirebilirler. Bu a\u00e7\u0131\u011f\u0131 ke\u015ffeden g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131 Marc Newlin\u2019e g\u00f6re, ba\u015far\u0131l\u0131 bir sald\u0131r\u0131 i\u00e7in \u00f6zel bir ekipmana gerek yok<\/a>, sadece bir Linux diz\u00fcst\u00fc bilgisayar ve standart bir Bluetooth adapt\u00f6r\u00fc yeterli.<\/p>\n

Tahmin edebilece\u011finiz gibi, sald\u0131r\u0131 do\u011fas\u0131 gere\u011fi Bluetooth aray\u00fcz\u00fc ile s\u0131n\u0131rl\u0131d\u0131r: bir sald\u0131rgan\u0131n kurbana yak\u0131n olmas\u0131 gerekir. Bu da do\u011fal olarak s\u00f6z konusu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n kitlesel olarak istismar edilmesini engellemektedir. Ancak, k\u00f6t\u00fc niyetli akt\u00f6rlerin bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan faydalanmas\u0131, bu akt\u00f6rlerin \u00f6zel ilgi alan\u0131na giren belirli ki\u015filer i\u00e7in yine de bir endi\u015fe kayna\u011f\u0131 olabilir.<\/p>\n\n

Hangi cihazlar ve i\u015fletim sistemleri savunmas\u0131zd\u0131r?<\/h2>\n

Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bir dizi i\u015fletim sistemini ve bunlara dayal\u0131 \u00e7e\u015fitli cihaz s\u0131n\u0131flar\u0131n\u0131 (baz\u0131 farkl\u0131l\u0131klar olsa da) etkilemektedir. Kullan\u0131lan i\u015fletim sistemine ba\u011fl\u0131 olarak, cihazlar daha fazla veya daha az savunmas\u0131z olabilir.<\/p>\n

Android<\/h3>\n

Android cihazlar, yukar\u0131da bahsedilen g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n varl\u0131\u011f\u0131 a\u00e7\u0131s\u0131ndan en kapsaml\u0131 \u015fekilde incelenen cihazlar oldu. Marc Newlin, Android 4.2.2, Android 6.0.1, Android 10, Android 11, Android 13 ve Android 14 olmak \u00fczere farkl\u0131 i\u015fletim sistemi s\u00fcr\u00fcmlerine sahip yedi ak\u0131ll\u0131 telefonu test etti ve hepsinin Bluetooth sald\u0131r\u0131s\u0131na kar\u015f\u0131 savunmas\u0131z oldu\u011funu buldu. Ayr\u0131ca, Android \u00f6zelinde, bu hackleme i\u00e7in gerekli olan tek \u015fey Bluetooth\u2019un cihazda etkinle\u015ftirilmi\u015f olmas\u0131d\u0131r.<\/p>\n

Ara\u015ft\u0131rmac\u0131, ke\u015ffedilen g\u00fcvenlik a\u00e7\u0131\u011f\u0131 hakk\u0131nda Google\u2019\u0131 A\u011fustos ay\u0131 ba\u015f\u0131nda bilgilendirdi. \u015eirket, Android\u2019in 11\u2019den 14\u2019e kadar olan s\u00fcr\u00fcmleri i\u00e7in yamalar yay\u0131nlad\u0131 ve bunlar\u0131 bu i\u015fletim sistemini kullanan ak\u0131ll\u0131 telefon ve tablet \u00fcreticilerine g\u00f6nderdi. Bu \u00fcreticiler art\u0131k gerekli g\u00fcvenlik g\u00fcncellemelerini olu\u015fturma ve m\u00fc\u015fterilerinin cihazlar\u0131na da\u011f\u0131tma g\u00f6revini \u00fcstlenmi\u015f durumdalar.<\/p>\n

Elbette, bu yamalar\u0131n Android 11\/12\/13\/14 ile \u00e7al\u0131\u015fan cihazlar i\u00e7in sunulur sunulmaz y\u00fcklenmesi gerekiyor. O zamana kadar, hackleme giri\u015fimlerine kar\u015f\u0131 korunmak i\u00e7in Bluetooth\u2019u kapal\u0131 tutman\u0131z tavsiye edilir. Eski Android s\u00fcr\u00fcmlerini kullanan cihazlar i\u00e7in herhangi bir g\u00fcncelleme yap\u0131lmayacak, bu cihazlar s\u00fcresiz olarak bu sald\u0131r\u0131ya kar\u015f\u0131 savunmas\u0131z kalacaklar. Bu nedenle, Bluetooth\u2019u kapatma tavsiyesi hizmet \u00f6mr\u00fcn\u00fcn sonuna kadar onlar i\u00e7in ge\u00e7erli kalacakt\u0131r.<\/p>\n

MacOS, iPadOS ve iOS<\/h3>\n

Apple\u2019\u0131n i\u015fletim sistemlerine gelince, ara\u015ft\u0131rmac\u0131n\u0131n elinde bu kadar geni\u015f bir test cihaz\u0131 yelpazesi yoktu. Bununla birlikte, g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n iOS 16.6\u2019n\u0131n yan\u0131 s\u0131ra macOS\u2019un iki s\u00fcr\u00fcm\u00fcnde, Monterey 12.6.7 (x86) ve Ventura 13.3.3 (ARM)\u2019de mevcut oldu\u011funu do\u011frulayabildi. Asl\u0131nda daha geni\u015f bir yelpazedeki macOS ve iOS s\u00fcr\u00fcmlerinin yan\u0131 s\u0131ra iPadOS, tvOS ve watchOS gibi ilgili sistemlerin Bluetooth sald\u0131r\u0131s\u0131na kar\u015f\u0131 savunmas\u0131z oldu\u011funu varsaymak g\u00fcvenli bir yakla\u015f\u0131m olacakt\u0131r.<\/p>\n

Bir di\u011fer k\u00f6t\u00fc haber ise Apple\u2019\u0131n bu y\u0131l tan\u0131tt\u0131\u011f\u0131 ve \u201cKilitleme Modu\u201d olarak adland\u0131r\u0131lan geli\u015fmi\u015f g\u00fcvenlik modunun bu Bluetooth a\u00e7\u0131\u011f\u0131ndan yararlanan sald\u0131r\u0131lara kar\u015f\u0131 koruma sa\u011flamamas\u0131. Bu hem iOS hem de macOS i\u00e7in ge\u00e7erlidir.<\/p>\n

\"iOS<\/a>

Her ihtimale kar\u015f\u0131, iOS ve iPadOS\u2019te Bluetooth\u2019u nas\u0131l d\u00fczg\u00fcn bir \u015fekilde kapataca\u011f\u0131n\u0131z\u0131 hat\u0131rlat\u0131yoruz: bu, Denetim Merkezi arac\u0131l\u0131\u011f\u0131yla de\u011fil, Ayarlar \u00fczerinden yap\u0131lmal\u0131d\u0131r<\/p><\/div>\n

Neyse ki Apple\u2019\u0131n i\u015fletim sistemlerine y\u00f6nelik ba\u015far\u0131l\u0131 bir sald\u0131r\u0131 i\u00e7in Bluetooth\u2019un etkin olmas\u0131n\u0131n yan\u0131 s\u0131ra ek bir ko\u015ful daha gerekiyor: cihaz\u0131n bir Apple Magic Keyboard ilee\u015fle\u015ftirilmi\u015f olmas\u0131 \u015fart.<\/p>\n

Bu da Bluetooth sald\u0131r\u0131lar\u0131n\u0131n \u00f6ncelikle kablosuz klavye ile kullan\u0131lan Mac\u2019ler ve iPad\u2019ler i\u00e7in tehdit olu\u015fturdu\u011fu anlam\u0131na geliyor. Bir iPhone\u2019un bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 yoluyla sald\u0131r\u0131ya u\u011frama olas\u0131l\u0131\u011f\u0131 g\u00f6z ard\u0131 edilebilir gibi g\u00f6r\u00fcnmektedir.<\/p>\n

Ara\u015ft\u0131rmac\u0131, ke\u015ffedilen hatay\u0131 Google ile ayn\u0131 zamanda Apple\u2019a da bildirdi, ancak \u015fu ana kadar \u015firketten g\u00fcvenlik g\u00fcncellemelerine ili\u015fkin herhangi bir bilgi veya savunmas\u0131z durumdaki i\u015fletim sistemi s\u00fcr\u00fcmlerinin ayr\u0131nt\u0131l\u0131 bir listesi gelmedi.<\/p>\n

Linux<\/h3>\n

Bu sald\u0131r\u0131 ayn\u0131 zamanda resmi Linux \u00e7ekirde\u011finde bulunan Bluetooth y\u0131\u011f\u0131n\u0131 BlueZ i\u00e7in de i\u015fe yar\u0131yor. Mark Newlin, Ubuntu Linux 18.04, 20.04, 22.04 ve 23.10 s\u00fcr\u00fcmlerinde Bluetooth g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n varl\u0131\u011f\u0131n\u0131 do\u011frulad\u0131. Sald\u0131r\u0131y\u0131 m\u00fcmk\u00fcn k\u0131lan hata 2020\u2019de ke\u015ffedildi ve d\u00fczeltildi (CVE-2020-0556<\/a>). Ancak, bu d\u00fczeltme varsay\u0131lan olarak \u00e7o\u011fu pop\u00fcler Linux da\u011f\u0131t\u0131m\u0131nda devre d\u0131\u015f\u0131 b\u0131rak\u0131lm\u0131\u015f<\/em> ve yaln\u0131zca ChromeOS\u2019ta etkinle\u015ftirilmi\u015ftir (Google\u2019a g\u00f6re).<\/p>\n

Red Hat\u2019e g\u00f6re, ara\u015ft\u0131rmac\u0131 taraf\u0131ndan ke\u015ffedilen Linux g\u00fcvenlik a\u00e7\u0131\u011f\u0131na CVE-2023-45866<\/a> numaras\u0131 ve 10 \u00fczerinden 7.1<\/a> CVSS v3 puan\u0131 verildi. Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n ba\u015far\u0131l\u0131 bir \u015fekilde kullan\u0131labilmesi i\u00e7in tek bir ko\u015fulun yerine getirilmesi gerekmektedir: Linux cihaz\u0131n\u0131n Bluetooth arac\u0131l\u0131\u011f\u0131yla ke\u015ffedilebilir ve ba\u011flanabilir olmas\u0131.<\/p>\n

\u0130yi haber \u015fu ki, Linux\u2019taki bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 i\u00e7in bir yama zaten mevcut<\/a> ve bu yamay\u0131 m\u00fcmk\u00fcn olan en k\u0131sa s\u00fcrede y\u00fcklemenizi \u00f6neririz.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Bir ara\u015ft\u0131rmac\u0131 Android, macOS, iOS ve Linux i\u00e7in Bluetooth protokol uygulamalar\u0131nda cihazlar\u0131n uzaktan hacklenmesine olanak tan\u0131yan bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffetti.<\/p>\n","protected":false},"author":2706,"featured_media":11926,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[105,14,2690,22,744,790,1945,750,2533,2276,1170,537],"class_list":{"0":"post-11925","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-android","9":"tag-apple","10":"tag-bluetooth","11":"tag-google","12":"tag-guvenlik","13":"tag-guvenlik-aciklari","14":"tag-hackleme","15":"tag-ios","16":"tag-ipados","17":"tag-linux","18":"tag-macos","19":"tag-tehditler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/11925\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/26766\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/22180\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/11286\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/29517\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/27034\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/26907\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/29478\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/28308\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/36694\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/50038\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/21299\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/22087\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/30750\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/bluetooth-vulnerability-android-ios-macos-linux\/35410\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/bluetooth-vulnerability-android-ios-macos-linux\/27276\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/33050\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/bluetooth-vulnerability-android-ios-macos-linux\/32673\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11925","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=11925"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11925\/revisions"}],"predecessor-version":[{"id":11931,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11925\/revisions\/11931"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/11926"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=11925"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=11925"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=11925"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}