{"id":12916,"date":"2024-11-11T09:30:05","date_gmt":"2024-11-11T06:30:05","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=12916"},"modified":"2024-11-11T09:30:05","modified_gmt":"2024-11-11T06:30:05","slug":"tracking-and-hacking-kia-cars-via-internet","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/tracking-and-hacking-kia-cars-via-internet\/12916\/","title":{"rendered":"Milyonlarca Kia otomobil nas\u0131l takip edilebilir?"},"content":{"rendered":"

Bir grup g\u00fcvenlik ara\u015ft\u0131rmac\u0131s\u0131, G\u00fcney Koreli otomobil \u00fcreticisi Kia\u2019n\u0131n web portal\u0131nda, otomobillerin uzaktan hacklenmesine ve sahiplerinin izlenmesine olanak tan\u0131yan ciddi bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ke\u015ffetti<\/a>. Sald\u0131r\u0131y\u0131 ger\u00e7ekle\u015ftirmek i\u00e7in yaln\u0131zca kurban\u0131n ara\u00e7 plakas\u0131na ihtiya\u00e7 vard\u0131. \u015eimdi ayr\u0131nt\u0131lara ge\u00e7elim.<\/p>\n

A\u015f\u0131r\u0131 ba\u011flant\u0131l\u0131 otomobiller<\/h2>\n

D\u00fc\u015f\u00fcnecek olursan\u0131z, son birka\u00e7 on y\u0131lda arabalar tekerlekli b\u00fcy\u00fck bilgisayarlar haline geldi. Daha az \u201cak\u0131ll\u0131\u201d modeller bile bir\u00e7ok elektronik aksama sahip ve sonarlardan kameralara, hareket dedekt\u00f6rlerinden GPS\u2019e kadar bir dizi sens\u00f6rle donat\u0131lm\u0131\u015f durumda.<\/p>\n

\u00dcstelik sadece bu kadar da de\u011fil; son y\u0131llarda bu bilgisayarlar, beraberinde getirdi\u011fi t\u00fcm risklerle birlikte s\u00fcrekli olarak internete ba\u011flan\u0131yor. K\u0131sa bir s\u00fcre \u00f6nce, g\u00fcn\u00fcm\u00fcz otomobillerinin, sahipleri hakk\u0131nda nas\u0131l b\u00fcy\u00fck miktarda veri toplad\u0131\u011f\u0131n\u0131 ve bunlar\u0131 \u00fcreticiye nas\u0131l g\u00f6nderdi\u011fini<\/a> anlatm\u0131\u015ft\u0131k. Dahas\u0131, \u00fcreticiler toplanan bu verileri di\u011fer \u015firketlere, \u00f6zellikle de sigortac\u0131lara sat\u0131yorlar<\/a>.<\/p>\n

Ancak bu konunun ba\u015fka bir y\u00f6n\u00fc daha var: S\u00fcrekli internete ba\u011fl\u0131 olmak, otomobilin kendisinde ya da ileti\u015fim kurdu\u011fu bulut sisteminde g\u00fcvenlik a\u00e7\u0131klar\u0131 olmas\u0131 durumunda, birilerinin bu a\u00e7\u0131klardan yararlanarak sistemi hackleyebilece\u011fi ve \u00fcreticinin haberi bile olmadan otomobilin sahibini takip edebilece\u011fi anlam\u0131na geliyor.<\/p>\n

\"Ara\u00e7<\/a>

Bir otomobilin \u201cana \u00fcnitesi\u201d buzda\u011f\u0131n\u0131n sadece g\u00f6r\u00fcnen k\u0131sm\u0131d\u0131r; asl\u0131nda g\u00fcn\u00fcm\u00fcz otomobilleri elektronik cihazlarla doludur<\/p><\/div>\n

Hepsine h\u00fckmedecek bir bug<\/em>, hepsini o bulacak<\/h2>\n

Bu vakada durum, tam olarak budur. Ara\u015ft\u0131rmac\u0131lar, Kia sahipleri ve bayileri taraf\u0131ndan kullan\u0131lan Kia\u2019n\u0131n web portal\u0131nda bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 buldular. Portal\u0131n, API\u2019yi kullanarak herkesin sadece birka\u00e7 basit hareketle araba sat\u0131c\u0131s\u0131 olarak kaydolmas\u0131na izin verdi\u011fi ortaya \u00e7\u0131kt\u0131.<\/p>\n

\"Kia<\/a>

Ciddi bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n ke\u015ffedildi\u011fi Kia portal\u0131. Kaynak<\/a><\/p><\/div>\n

Bu, sald\u0131r\u0131y\u0131 ger\u00e7ekle\u015ftiren ki\u015finin, otomobil sat\u0131c\u0131lar\u0131n\u0131n bile (en az\u0131ndan ara\u00e7 m\u00fc\u015fteriye teslim edildikten sonra) sahip olmamas\u0131 gereken \u00f6zelliklere eri\u015fmesini sa\u011flad\u0131. Portal, \u00f6nce herhangi bir Kia arac\u0131 bulmaya ve daha sonra ara\u00e7 sahibinin verilerine (isim, telefon numaras\u0131, e-posta adresi ve hatta fiziksel adres) eri\u015fmeye izin veriyor ve t\u00fcm bu bilgilere ula\u015fmak sadece arac\u0131n \u015fasi numaras\u0131yla m\u00fcmk\u00fcn.<\/p>\n

\u015easi numaralar\u0131n\u0131n tam olarak gizli bilgiler olmad\u0131\u011f\u0131n\u0131 belirtmek gerek. Baz\u0131 \u00fclkelerde bu numaralar kamuya a\u00e7\u0131k. \u00d6rne\u011fin, ABD\u2019de bir araban\u0131n plakas\u0131n\u0131 kullanarak \u015fasi numaras\u0131n\u0131 \u00f6\u011frenebilece\u011finiz bir\u00e7ok \u00e7evrimi\u00e7i hizmet<\/a> var.<\/p>\n

\"\u015eema:<\/a>

\u015easi numaras\u0131 kullan\u0131larak herhangi bir otomobil \u00fczerinde kontrol sa\u011flanabilen Kia web portal\u0131 sald\u0131r\u0131s\u0131n\u0131n genel bir \u015femas\u0131 Kaynak<\/a><\/p><\/div>\n

Arac\u0131 ba\u015far\u0131l\u0131 bir \u015fekilde bulduktan sonra sald\u0131rgan, ara\u00e7 sahibinin verilerini kullanarak Kia\u2019n\u0131n sistemindeki sald\u0131rgan kontrol\u00fcndeki herhangi bir hesab\u0131 ara\u00e7 i\u00e7in yeni bir kullan\u0131c\u0131 olarak kaydedebiliyor. Sald\u0131rgan buradan, mobil uygulama arac\u0131l\u0131\u011f\u0131yla normalde arac\u0131n ger\u00e7ek sahibi taraf\u0131ndan kullan\u0131labilen \u00e7e\u015fitli i\u015flevlere eri\u015fim elde ediyor.<\/p>\n

\u00d6zellikle ilgin\u00e7 olan, t\u00fcm bu \u00f6zelliklerin sadece o arac\u0131 satan bayi taraf\u0131ndan de\u011fil, Kia\u2019n\u0131n sistemine kay\u0131tl\u0131 herhangi bir bayi taraf\u0131ndan kullan\u0131labiliyor olmas\u0131.<\/p>\n

Bir arabay\u0131 saniyeler i\u00e7inde hacklemek<\/h2>\n

Ara\u015ft\u0131rmac\u0131lar daha sonra, sadece plakas\u0131n\u0131 girerek saniyeler i\u00e7inde herhangi bir Kia arac\u0131n\u0131n kontrol\u00fcn\u00fc ele ge\u00e7irebilen deneysel bir uygulama geli\u015ftirdiler. Uygulama, ilgili hizmet arac\u0131l\u0131\u011f\u0131yla arac\u0131n \u015fasi numaras\u0131n\u0131 otomatik olarak buluyor ve bunu arac\u0131 ara\u015ft\u0131rmac\u0131lar\u0131n hesab\u0131na kaydetmek i\u00e7in kullan\u0131yor.<\/p>\n

\"Kia<\/a>

Ara\u015ft\u0131rmac\u0131lar, hacklemeyi kolayla\u015ft\u0131rmak i\u00e7in kullan\u0131\u015fl\u0131 bir uygulama bile olu\u015fturdular. Tek gereken Kia otomobilinin plakas\u0131. Kaynak<\/a><\/p><\/div>\n

Bundan sonra, uygulamadaki tek bir d\u00fc\u011fmeye basmak sald\u0131rgan\u0131n arac\u0131n o anki koordinatlar\u0131n\u0131 tespit etmesine, kap\u0131lar\u0131 kilitlemesine veya a\u00e7mas\u0131na<\/a>, motoru \u00e7al\u0131\u015ft\u0131rmas\u0131na veya durdurmas\u0131na ya da korna \u00e7almas\u0131na izin veriyor.<\/p>\n

\"Bir<\/a>

Uygulama, hacklenen arac\u0131n koordinatlar\u0131n\u0131 elde etmek ve komutlar g\u00f6ndermek i\u00e7in kullan\u0131labilir. Kaynak<\/a><\/p><\/div>\n

\u00c7o\u011fu durumda bu i\u015flevlerin arac\u0131 \u00e7almak i\u00e7in yeterli olmayaca\u011f\u0131n\u0131 belirtmek \u00f6nemli. Modern modeller genellikle devre d\u0131\u015f\u0131 b\u0131rak\u0131lmas\u0131 i\u00e7in anahtar\u0131n fiziksel olarak bulunmas\u0131n\u0131 gerektiren immobilizat\u00f6rlerle donat\u0131lm\u0131\u015ft\u0131r. Baz\u0131 istisnalar tabii ki var ancak genellikle bunlar h\u0131rs\u0131zlar\u0131n pek ilgisini \u00e7ekmeyecek ucuz ara\u00e7lar.<\/p>\n

Bununla birlikte, bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ara\u00e7 sahibini takip etmek, arac\u0131n i\u00e7inde b\u0131rak\u0131lan de\u011ferli e\u015fyalar\u0131 \u00e7almak (veya oraya bir \u015fey yerle\u015ftirmek) veya ara\u00e7tan beklenmedik eylemlerle s\u00fcr\u00fcc\u00fcn\u00fcn hayat\u0131na m\u00fcdahale etmek i\u00e7in rahatl\u0131kla kullan\u0131labilir.<\/p>\n

Ara\u015ft\u0131rmac\u0131lar sorumlu if\u015fa protokol\u00fcn\u00fc izleyerek \u00fcreticiyi sorun hakk\u0131nda bilgilendirdiler ve bulgular\u0131n\u0131, Kia hatay\u0131 d\u00fczelttikten sonra yay\u0131nlad\u0131lar. Bununla birlikte, daha \u00f6nce de benzer g\u00fcvenlik a\u00e7\u0131klar\u0131 bulduklar\u0131n\u0131<\/a> ve gelecekte daha fazlas\u0131n\u0131 ke\u015ffetmeye devam edeceklerinden emin olduklar\u0131n\u0131 belirtiyorlar.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Kia’n\u0131n web portal\u0131ndaki bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131, ara\u00e7lar\u0131n hacklenmesini ve sahiplerinin izlenmesini m\u00fcmk\u00fcn k\u0131ld\u0131 ve bu takibi m\u00fcmk\u00fcn k\u0131lmak i\u00e7in gereken tek \u015fey araban\u0131n \u015fasi numaras\u0131 ya da plakas\u0131yd\u0131.<\/p>\n","protected":false},"author":2706,"featured_media":12917,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[994,1351,995],"tags":[2762,970,2763,500,708,744,790,1945,672,625,537],"class_list":{"0":"post-12916","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"category-threats","9":"category-technology","10":"tag-araba-hackleme","11":"tag-arabalar","12":"tag-baglantili-arabalar","13":"tag-gizlilik","14":"tag-gozetim","15":"tag-guvenlik","16":"tag-guvenlik-aciklari","17":"tag-hackleme","18":"tag-izleme","19":"tag-koruma","20":"tag-tehditler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/tracking-and-hacking-kia-cars-via-internet\/12916\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/tracking-and-hacking-kia-cars-via-internet\/28213\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/tracking-and-hacking-kia-cars-via-internet\/23468\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/tracking-and-hacking-kia-cars-via-internet\/12134\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/tracking-and-hacking-kia-cars-via-internet\/28353\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/tracking-and-hacking-kia-cars-via-internet\/27773\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/tracking-and-hacking-kia-cars-via-internet\/30513\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/tracking-and-hacking-kia-cars-via-internet\/29267\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/tracking-and-hacking-kia-cars-via-internet\/38443\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/tracking-and-hacking-kia-cars-via-internet\/52497\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/tracking-and-hacking-kia-cars-via-internet\/22339\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/tracking-and-hacking-kia-cars-via-internet\/23104\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/tracking-and-hacking-kia-cars-via-internet\/31742\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/tracking-and-hacking-kia-cars-via-internet\/28434\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/tracking-and-hacking-kia-cars-via-internet\/34307\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/tracking-and-hacking-kia-cars-via-internet\/33934\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/arabalar\/","name":"arabalar"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/12916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=12916"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/12916\/revisions"}],"predecessor-version":[{"id":12924,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/12916\/revisions\/12924"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/12917"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=12916"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=12916"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=12916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}