Video G\u00f6zetim Sistemleri sald\u0131r\u0131 alt\u0131nda: bilgisayar korsanlar\u0131 hatal\u0131 yap\u0131land\u0131r\u0131lm\u0131\u015f \u015fehir CCTV sistemlerindeki video beslemeleri nas\u0131l de\u011fi\u015ftiriyor?<\/p>\n
\u00c7al\u0131\u015fan bir \u015fehir video g\u00f6zetim sisteminin Kaspersky Lab taraf\u0131ndan yap\u0131lan incelemesi, insanlar\u0131 su\u00e7lular ve ter\u00f6ristlerden korumak i\u00e7in tasarlanm\u0131\u015f a\u011flar\u0131n sistem yap\u0131land\u0131rma a\u00e7\u0131klar\u0131ndan faydalanan \u00fc\u00e7\u00fcnc\u00fc \u015fah\u0131slarca k\u00f6t\u00fcye kullan\u0131labilece\u011fini ortaya koydu.<\/p>\n
Polis departmanlar\u0131 ve kamu kurulu\u015flar\u0131n\u0131n, paha bi\u00e7ilmez su\u00e7 istihbarat\u0131 sa\u011flayan g\u00fcvenlik kameralar\u0131yla \u015fehir sokaklar\u0131n\u0131 izledi\u011fi s\u0131r de\u011fildir. Ancak Kaspersky Lab ara\u015ft\u0131rmac\u0131s\u0131 Vasilios Hioureas ve Exigent Systems Inc.\u2019den meslekta\u015f\u0131 Thomas Kinsey taraf\u0131ndan ger\u00e7ekle\u015ftirilen ara\u015ft\u0131rman\u0131n sonu\u00e7lar\u0131na g\u00f6re bu sistemler zarar vermek i\u00e7in de kullan\u0131labiliyor.<\/p>\n
Ara\u015ft\u0131rmalar\u0131n\u0131n bir par\u00e7as\u0131 olarak bir \u015fehrin video g\u00f6zetim sistemini incelediler. G\u00f6zetim kameralar\u0131, d\u00fc\u011f\u00fcmlerin birbirine ba\u011fl\u0131 oldu\u011fu ve verilerin bir d\u00fc\u011f\u00fcmden kontrol merkezine giden yolu \u00fczerinde veriler (bu durumda video beslemeleri) i\u00e7in bir basamak olarak i\u015flev g\u00f6rd\u00fc\u011f\u00fc bir t\u00fcr a\u011f olan \u0131zgara a\u011f \u00fczerinden ba\u011flanm\u0131\u015flard\u0131r. Bir Wi-Fi s\u0131cak noktas\u0131 veya kablolu ba\u011flant\u0131s\u0131 yerine kullan\u0131lan bu d\u00fc\u011f\u00fcmler, bu gibi a\u011flarda verileri basit\u00e7e en yak\u0131n d\u00fc\u011f\u00fcme iletir ve bu \u015fekilde komut merkezine kadar iletimini sa\u011flar. Bir sald\u0131rgan a\u011f i\u00e7inde tek bir d\u00fc\u011f\u00fcme ba\u011flan\u0131rsa, \u00fczerinden iletilen verileri de\u011fi\u015ftirebilir.<\/p>\n
Izgara a\u011f tabanl\u0131 video g\u00f6zetim sistemleri genel olarak, \u015fehir \u00e7ap\u0131nda \u00e7oklu s\u0131cak noktalar ya da millerce kabloya ihtiya\u00e7 duyan g\u00f6zetim sistemlerine alternatif olarak uygun maliyetli bir \u00e7\u00f6z\u00fcmd\u00fcr. Ancak bu a\u011flar\u0131n g\u00fcvenli\u011fi b\u00fcy\u00fck \u00f6l\u00e7\u00fcde b\u00fct\u00fcn bir a\u011f\u0131n kurulumuna ba\u011fl\u0131d\u0131r.<\/p>\n
Ara\u015ft\u0131rmac\u0131lar\u0131n inceledi\u011fi kamera a\u011f\u0131nda hi\u00e7 \u015fifre kullan\u0131lmam\u0131\u015ft\u0131r. \u015eehirde kullan\u0131lanlara benzer ekipmanlar sat\u0131n alan Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131, yeterli \u015fifreleme arac\u0131n\u0131n sa\u011fland\u0131\u011f\u0131n\u0131 ancak do\u011fru olarak kullan\u0131lmad\u0131\u011f\u0131n\u0131 g\u00f6rd\u00fc. Sonu\u00e7 olarak a\u00e7\u0131k metin verileri a\u011f \u00fczerinden g\u00f6nderilir ve ba\u011flanan her g\u00f6zlemcinin kullan\u0131m\u0131na a\u00e7\u0131k olur.<\/p>\n
Ara\u015ft\u0131rmac\u0131lar, a\u011fda kullan\u0131lan yaz\u0131l\u0131mdan kendi s\u00fcr\u00fcmlerini olu\u015fturman\u0131n, a\u011f\u0131n \u00fczerinde hareket eden verileri de\u011fi\u015ftirmek i\u00e7in yeterli olaca\u011f\u0131n\u0131 hemen anlad\u0131lar. A\u011f ve yaz\u0131l\u0131m\u0131 laboratuar ortam\u0131nda tekrar olu\u015fturduktan sonra herhangi bir d\u00fc\u011f\u00fcmden gelen video beslemelerini yakalama ve \u00f6rne\u011fin kameralar\u0131n \u00e7ekti\u011fi ger\u00e7ek videolar\u0131 sahteleriyle de\u011fi\u015ftirmek gibi becerilere sahip oldular.<\/p>\n
Ara\u015ft\u0131rmac\u0131lar bulgular\u0131n\u0131, ge\u00e7en yaz \u015fehirdeki g\u00f6zetim a\u011f\u0131n\u0131 kuran \u015firketle payla\u015ft\u0131lar. O g\u00fcnden beri zay\u0131f noktalar\u0131 bulunan a\u011fda gerekli de\u011fi\u015fiklikler yap\u0131ld\u0131.<\/p>\n
Kaspersky Lab Zararl\u0131 Yaz\u0131l\u0131m Analisti ve bu ara\u015ft\u0131rman\u0131n yazarlar\u0131ndan biri olan Vasilios Hioureas \u015funlar\u0131 s\u00f6ylemi\u015ftir: \u201cBu ara\u015ft\u0131rmay\u0131, siber g\u00fcvenli\u011fin fiziksel sistemleri, \u00f6zellikle de video g\u00f6zetim gibi kritik kamusal sistemleri etkiledi\u011fini g\u00f6stermek i\u00e7in \u00fcstlendik. Ak\u0131ll\u0131 bir \u015fehir olu\u015ftururken, sadece yeni teknolojilerin sa\u011flayaca\u011f\u0131 konfor, enerji ve maliyet faydalar\u0131n\u0131 de\u011fil, ayn\u0131 zamanda siber g\u00fcvenlik konular\u0131n\u0131 da d\u00fc\u015f\u00fcnmek son derece \u00f6nemlidir. Her ne kadar bu ara\u015ft\u0131rman\u0131n bulgular\u0131 ge\u00e7ti\u011fimiz A\u011fustos ay\u0131nda sunulmu\u015f olsa da bu bulgular\u0131n, \u0131zgara a\u011f tabanl\u0131 g\u00f6zetim sistemleri uygulamay\u0131 planlayan veya halihaz\u0131rda uygulam\u0131\u015f olan yetkililer i\u00e7in halen kullan\u0131\u015fl\u0131 oldu\u011funa inanmak i\u00e7in nedenlerimiz bulunuyor.\u201d<\/p>\n
Izgara a\u011flarla ba\u011flant\u0131l\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 kapatmak i\u00e7in Kaspersky Lab a\u015fa\u011f\u0131daki \u00f6nlemleri tavsiye eder:<\/p>\n
Ara\u015ft\u0131rma orijinal olarak DefCon 2014\u2019te yay\u0131nlanm\u0131\u015ft\u0131r. Kaspersky Lab\u2019\u0131n Ak\u0131ll\u0131 \u015eehirleri G\u00fcvenli Hale Getirme<\/a> giri\u015fiminin bilgi taban\u0131na katk\u0131lar\u0131 aras\u0131nda yay\u0131nlanm\u0131\u015ft\u0131r. Ak\u0131ll\u0131 \u015eehirleri G\u00fcvenli Hale Getirme, d\u00fcnyan\u0131n her yerinden \u015firketler, kamu kurulu\u015flar\u0131, medya kurulu\u015flar\u0131, kar amac\u0131 g\u00fctmeyen giri\u015fimler ve ki\u015filerin i\u015fbirli\u011fiyle ak\u0131ll\u0131 \u015fehirlerin mevcut ve gelecekteki siber g\u00fcvenlik sorunlar\u0131n\u0131 \u00e7\u00f6zmeyi hedefleyen bir giri\u015fimdir.<\/p>\n