{"id":14033,"date":"2025-12-02T23:21:40","date_gmt":"2025-12-02T20:21:40","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=14033"},"modified":"2025-12-02T23:21:40","modified_gmt":"2025-12-02T20:21:40","slug":"pixnapping-cve-2025-48561","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/pixnapping-cve-2025-48561\/14033\/","title":{"rendered":"Pixnapping g\u00fcvenlik a\u00e7\u0131\u011f\u0131: Android telefonunuzun engellenemez ekran g\u00f6r\u00fcnt\u00fcleri"},"content":{"rendered":"

Android, doland\u0131r\u0131c\u0131lar\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 kullanarak para, parola ve kullan\u0131c\u0131lar\u0131n \u00f6zel bilgilerini \u00e7almas\u0131n\u0131 \u00f6nlemek i\u00e7in uygulama k\u0131s\u0131tlamalar\u0131n\u0131 s\u00fcrekli olarak s\u0131k\u0131la\u015ft\u0131rmaktad\u0131r. Ancak, dubbed Pixnapping<\/a> olarak adland\u0131r\u0131lan yeni bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131, Android\u2019in t\u00fcm koruma katmanlar\u0131n\u0131 atlatarak sald\u0131rganlar\u0131n ekrandan g\u00f6r\u00fcnt\u00fc piksellerini fark edilmeden okumas\u0131na, yani ekran g\u00f6r\u00fcnt\u00fcs\u00fc almas\u0131na olanak tan\u0131yor. Hi\u00e7bir izni olmayan k\u00f6t\u00fc ama\u00e7l\u0131 bir uygulama; parolalar\u0131, banka hesap bakiyelerini, tek kullan\u0131ml\u0131k \u015fifreleri ve sahibinin ekranda g\u00f6rd\u00fc\u011f\u00fc di\u011fer her \u015feyi g\u00f6rebilir. Neyse ki, Pixnapping \u015fu anda tamamen ara\u015ft\u0131rma ama\u00e7l\u0131 bir proje ve hen\u00fcz tehdit akt\u00f6rleri taraf\u0131ndan aktif olarak kullan\u0131lm\u0131yor. Umut edilen, sald\u0131r\u0131 kodu ger\u00e7ek d\u00fcnyadaki k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlara entegre edilmeden \u00f6nce, Google\u2019\u0131n bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 tamamen d\u00fczeltmesidir. \u015eu anda, Pixnapping g\u00fcvenlik a\u00e7\u0131\u011f\u0131 (CVE-2025-48561<\/a>) muhtemelen en g\u00fcncel Android s\u00fcr\u00fcmlerini \u00e7al\u0131\u015ft\u0131ranlar da dahil olmak \u00fczere t\u00fcm modern Android ak\u0131ll\u0131 telefonlar\u0131 etkiliyor.<\/p>\n

Ekran g\u00f6r\u00fcnt\u00fcleri, medya projeksiyonu ve ekran okuma neden tehlikelidir?<\/h2>\n

Ke\u015ffetti\u011fimiz SparkCat OCR h\u0131rs\u0131z\u0131<\/a> \u00f6rne\u011finde g\u00f6r\u00fcld\u00fc\u011f\u00fc gibi, tehdit akt\u00f6rleri g\u00f6r\u00fcnt\u00fc i\u015fleme konusunda zaten uzmanla\u015fm\u0131\u015f durumdalar. Ak\u0131ll\u0131 telefondaki bir g\u00f6r\u00fcnt\u00fc de\u011ferli bir bilgi i\u00e7eriyorsa, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bunu alg\u0131layabilir, do\u011frudan telefonda optik karakter tan\u0131ma i\u015flemi ger\u00e7ekle\u015ftirebilir ve ard\u0131ndan \u00e7\u0131kar\u0131lan verileri sald\u0131rgan\u0131n sunucusuna aktarabilir. SparkCat, App Store dahil olmak \u00fczere resmi uygulama ma\u011fazalar\u0131na s\u0131zmay\u0131 ba\u015fard\u0131\u011f\u0131 i\u00e7in \u00f6zellikle dikkat \u00e7ekicidir. K\u00f6t\u00fc niyetli bir Pixnapping \u00f6zellikli uygulaman\u0131n, \u00f6zellikle de sald\u0131r\u0131 i\u00e7in hi\u00e7bir \u00f6zel izin gerekmedi\u011fi d\u00fc\u015f\u00fcn\u00fcl\u00fcrse, bu hileyi taklit etmesi zor olmayacakt\u0131r. Yasal ve kullan\u0131\u015fl\u0131 bir \u00f6zellik sunuyor gibi g\u00f6r\u00fcnen bir uygulama; ayn\u0131 anda ve sessizce tek kullan\u0131ml\u0131k \u00e7ok fakt\u00f6rl\u00fc kimlik do\u011frulama<\/a> kodlar\u0131n\u0131, kripto c\u00fczdan parolalar\u0131n\u0131 ve di\u011fer bilgileri doland\u0131r\u0131c\u0131lara g\u00f6nderebilir.<\/p>\n

K\u00f6t\u00fc niyetli ki\u015filer taraf\u0131ndan kullan\u0131lan bir ba\u015fka pop\u00fcler taktik ise, gerekli verileri g\u00f6sterildi\u011fi gibi ger\u00e7ek zamanl\u0131 olarak g\u00f6r\u00fcnt\u00fclemektir. Bu sosyal m\u00fchendislik yakla\u015f\u0131m\u0131nda, kurban bir mesajla\u015fma uygulamas\u0131 arac\u0131l\u0131\u011f\u0131yla ileti\u015fime ge\u00e7ilir ve \u00e7e\u015fitli bahanelerle ekran payla\u015f\u0131m\u0131n\u0131 etkinle\u015ftirmeye ikna edilir<\/a>.<\/p>\n

Pixnapping sald\u0131r\u0131s\u0131n\u0131n anatomisi<\/h2>\n

Ara\u015ft\u0131rmac\u0131lar, taray\u0131c\u0131lardan ve ARM telefon grafik i\u015flem birimlerinden (GPU) piksel \u00e7almak i\u00e7in daha \u00f6nce bilinen y\u00f6ntemleri birle\u015ftirerek di\u011fer uygulamalardaki i\u00e7eri\u011fin ekran g\u00f6r\u00fcnt\u00fcs\u00fcn\u00fc alabildiler. Sald\u0131r\u0131 uygulamas\u0131, hedef bilgilerin \u00fczerine sessizce yar\u0131 saydam pencereler yerle\u015ftirir ve ard\u0131ndan video sisteminin bu katmanl\u0131 pencerelerin piksellerini nihai bir g\u00f6r\u00fcnt\u00fcde nas\u0131l birle\u015ftirdi\u011fini \u00f6l\u00e7er.<\/p>\n

2013 y\u0131l\u0131nda ara\u015ft\u0131rmac\u0131lar, bir web sitesinin kendi penceresinin bir k\u0131sm\u0131nda ba\u015fka bir web sitesini y\u00fcklemesine (iframe arac\u0131l\u0131\u011f\u0131yla<\/a>) ve g\u00f6r\u00fcnt\u00fc katmanlama ve d\u00f6n\u00fc\u015ft\u00fcrme gibi yasal i\u015flemler ger\u00e7ekle\u015ftirerek di\u011fer sitede neyin \u00e7izildi\u011fini veya yaz\u0131ld\u0131\u011f\u0131n\u0131 tam olarak tahmin etmesine olanak tan\u0131yan bir sald\u0131r\u0131y\u0131 tan\u0131mlad\u0131lar. Modern taray\u0131c\u0131lar bu \u00f6zel sald\u0131r\u0131y\u0131 hafifletmi\u015f olsa da, bir grup ABD\u2019li ara\u015ft\u0131rmac\u0131 ayn\u0131 temel prensibi Android\u2019e nas\u0131l uygulayabileceklerini buldu.<\/p>\n

K\u00f6t\u00fc ama\u00e7l\u0131 uygulama \u00f6nce hedef uygulamaya bir sistem \u00e7a\u011fr\u0131s\u0131 g\u00f6nderir. Android\u2019de bu Intent<\/a> (niyet) olarak bilinir. Intentler genellikle sadece basit uygulama ba\u015flatmay\u0131 de\u011fil, ayn\u0131 zamanda belirli bir URL i\u00e7in taray\u0131c\u0131y\u0131 veya belirli bir ki\u015finin sohbeti i\u00e7in mesajla\u015fma uygulamas\u0131n\u0131 hemen a\u00e7mak gibi i\u015flemleri de m\u00fcmk\u00fcn k\u0131lar. Sald\u0131r\u0131 yapan uygulama, hedef uygulaman\u0131n hassas bilgileri i\u00e7eren ekran\u0131 g\u00f6r\u00fcnt\u00fclemesini zorlamak i\u00e7in tasarlanm\u0131\u015f bir Intent g\u00f6nderir. \u00d6zel gizli ba\u015flatma bayraklar\u0131 kullanan uygulama daha sonra kendine bir ba\u015flatma niyeti g\u00f6nderir. Bu \u00f6zel eylem kombinasyonu, kurban uygulaman\u0131n ekranda hi\u00e7 g\u00f6r\u00fcnmemesine ra\u011fmen, arka planda sald\u0131rgan taraf\u0131ndan arad\u0131\u011f\u0131 bilgileri yine de kendi penceresinde i\u015fler.<\/p>\n

Sald\u0131r\u0131n\u0131n ikinci a\u015famas\u0131nda, k\u00f6t\u00fc ama\u00e7l\u0131 uygulama kurban uygulaman\u0131n gizli penceresinin \u00fczerine bir dizi yar\u0131 saydam pencere yerle\u015ftirir ve bu pencerelerin her biri alt\u0131ndaki i\u00e7eri\u011fi kaplar ve bulan\u0131kla\u015ft\u0131r\u0131r. Bu karma\u015f\u0131k d\u00fczenleme kullan\u0131c\u0131ya g\u00f6r\u00fcnmez kal\u0131r, ancak Android, kullan\u0131c\u0131 bunu \u00f6n plana getirirse bu pencere kombinasyonunun nas\u0131l g\u00f6r\u00fcnmesi gerekti\u011fini \u00f6zenle hesaplar.<\/p>\n

Sald\u0131r\u0131 uygulamas\u0131 yaln\u0131zca kendi yar\u0131 saydam pencerelerinden pikselleri do\u011frudan okuyabilir; kurban uygulaman\u0131n ekran i\u00e7eri\u011fini i\u00e7eren nihai birle\u015ftirilmi\u015f g\u00f6r\u00fcnt\u00fcye sald\u0131rgan do\u011frudan eri\u015femez. Bu k\u0131s\u0131tlamay\u0131 a\u015fmak i\u00e7in ara\u015ft\u0131rmac\u0131lar iki ustaca hile kullan\u0131r: (i) \u00c7al\u0131nacak belirli piksel, hedef pikselin tam \u00fczerinde tek bir \u015feffaf noktaya sahiptir, \u00e7o\u011funlukla opak bir pencere ile kurban uygulaman\u0131n \u00fczerine yerle\u015ftirilerek \u00e7evresinden izole edilir; (ii) Ard\u0131ndan, bu kombinasyonun \u00fczerine, yo\u011fun bulan\u0131kl\u0131k \u00f6zelli\u011fi etkinle\u015ftirilmi\u015f bir pencereden olu\u015fan bir b\u00fcy\u00fctme katman\u0131 yerle\u015ftirilir.<\/p>\n

\"Pixnapping<\/a>

Pixnapping g\u00fcvenlik a\u00e7\u0131\u011f\u0131 nas\u0131l \u00e7al\u0131\u015f\u0131r?<\/p><\/div>\n

Ortaya \u00e7\u0131kan kar\u0131\u015f\u0131kl\u0131\u011f\u0131 \u00e7\u00f6zmek ve en altta bulunan pikselin de\u011ferini belirlemek i\u00e7in ara\u015ft\u0131rmac\u0131lar, ba\u015fka bir bilinen g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olan GPU.zip<\/a>\u2018i kulland\u0131lar (bu bir dosya ba\u011flant\u0131s\u0131 gibi g\u00f6r\u00fcnebilir, ancak asl\u0131nda bir ara\u015ft\u0131rma makalesini g\u00f6steren siteye y\u00f6nlendirir). Bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131, t\u00fcm modern ak\u0131ll\u0131 telefonlar\u0131n i\u015flemciden GPU\u2019ya g\u00f6nderilen t\u00fcm g\u00f6r\u00fcnt\u00fclerin verilerini s\u0131k\u0131\u015ft\u0131rmas\u0131 ger\u00e7e\u011fine dayanmaktad\u0131r. Bu s\u0131k\u0131\u015ft\u0131rma kay\u0131ps\u0131zd\u0131r (ZIP dosyas\u0131 gibi), ancak paketleme ve a\u00e7ma h\u0131z\u0131 iletilen bilgilere ba\u011fl\u0131 olarak de\u011fi\u015fir. GPU.zip, sald\u0131rgan\u0131n bilgileri s\u0131k\u0131\u015ft\u0131rmak i\u00e7in gereken s\u00fcreyi \u00f6l\u00e7mesine olanak tan\u0131r. Bu i\u015flemlerin zamanlamas\u0131n\u0131 belirleyerek, sald\u0131rgan hangi verilerin aktar\u0131ld\u0131\u011f\u0131n\u0131 tahmin edebilir. GPU.zip yard\u0131m\u0131yla, kurban uygulaman\u0131n penceresinden izole edilmi\u015f, bulan\u0131kla\u015ft\u0131r\u0131lm\u0131\u015f ve b\u00fcy\u00fct\u00fclm\u00fc\u015f tek bir piksel, sald\u0131ran uygulama taraf\u0131ndan ba\u015far\u0131yla okunabilir.<\/p>\n

Anlaml\u0131 bir \u015feyi \u00e7almak, her noktaya ayr\u0131 ayr\u0131 uygulanmas\u0131 gerekti\u011finden, t\u00fcm piksel \u00e7alma s\u00fcrecini y\u00fczlerce kez tekrarlamak gerektirir. Ancak, bu k\u0131sa bir s\u00fcre i\u00e7inde tamamen m\u00fcmk\u00fcnd\u00fcr. Sald\u0131r\u0131n\u0131n video g\u00f6steriminde<\/a>, Google Authenticator\u2019dan al\u0131nan alt\u0131 basamakl\u0131 kod, hala ge\u00e7erliyken sadece 22 saniye i\u00e7inde ba\u015far\u0131yla \u00e7\u0131kar\u0131ld\u0131.<\/p>\n

Android ekran gizlili\u011fini nas\u0131l korur?<\/h2>\n

Google m\u00fchendisleri, \u00e7e\u015fitli gizlilik sald\u0131r\u0131lar\u0131yla m\u00fccadele konusunda yakla\u015f\u0131k yirmi y\u0131ll\u0131k deneyime sahiptir. Bu deneyim, ekran g\u00f6r\u00fcnt\u00fclerinin ve videolar\u0131n yasad\u0131\u015f\u0131 olarak yakalanmas\u0131na kar\u015f\u0131 \u00e7ok katmanl\u0131 bir savunma sistemi olu\u015fturulmas\u0131na yol a\u00e7m\u0131\u015ft\u0131r. Bu \u00f6nlemlerin tam listesi birka\u00e7 sayfay\u0131 kaplayaca\u011f\u0131ndan, sadece baz\u0131 \u00f6nemli korumalar\u0131 listeliyoruz:<\/p>\n