{"id":2349,"date":"2016-08-19T07:07:09","date_gmt":"2016-08-19T11:07:09","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=2349"},"modified":"2019-11-15T14:58:19","modified_gmt":"2019-11-15T11:58:19","slug":"jeep-hacked-again","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/jeep-hacked-again\/2349\/","title":{"rendered":"Jeep nas\u0131l hacklendi. \u0130kinci kere."},"content":{"rendered":"<p>\u201cJeep hackerlar\u0131\u201d Charlie Miller ve Chris Valasek, takma isimlerini <a href=\"https:\/\/www.kaspersky.com\/blog\/blackhat-jeep-cherokee-hack-explained\/9493\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">hareket eden bir Jeep Cherokee\u2019yi uzaktan kontrol alt\u0131na al\u0131nca<\/a> hak ettiler. Bir y\u0131l sonra, bu ikili daha tehlikeli g\u00fcvenlik a\u00e7\u0131klar\u0131 buldular. Miller ve Valasek bulduklar\u0131n\u0131 Black Hat USA 2016\u2019da payla\u015ft\u0131lar ve \u015fimdi d\u00fcnyay\u0131 daha iyi bir yer haline getiriyorlar. <\/p>\n<p>Ge\u00e7ti\u011fimiz sene boyunca ara\u015ft\u0131rma uzmanlar\u0131 sadece \u00e7ok d\u00fc\u015f\u00fck h\u0131zlarda (saatte 5 mil) tekerle\u011fi d\u00f6nd\u00fcrme, fren ve h\u0131zlanma gibi en tehlikeli eylemleri uygulayabildiler. Bu hack, arac\u0131n otomatik park, Jeep\u2019in ar\u0131za tespit modu gibi ak\u0131ll\u0131 ek \u00f6zelliklerinin a\u00e7\u0131klar\u0131n\u0131 g\u00f6rebilmek i\u00e7in avantaj haline \u00e7evrildi.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/BlackHat?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#BlackHat<\/a> 2015: The full story of how that Jeep was hacked <a href=\"https:\/\/t.co\/y0d6k8UE4n\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/y0d6k8UE4n<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/bhUSA?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#bhUSA<\/a> <a href=\"http:\/\/t.co\/SWulPz4Et7\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/SWulPz4Et7<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/629651596876644352?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 7, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Bu ek \u00f6zellikler genelde d\u00fc\u015f\u00fck h\u0131zda ya da motor \u00e7al\u0131\u015fmazken kullan\u0131l\u0131r. Y\u00fcksek h\u0131zda onlar\u0131 kullanmak isterseniz sistem kar\u0131\u015f\u0131r ve ak\u0131ll\u0131 \u00f6zellik aktif hale ge\u00e7emez. Tabi siz bu limiti baypas etmezseniz. Bu sene \u201cJeep hackerlar\u0131n\u0131n\u201d yapt\u0131klar\u0131 da tam olarak buydu.<\/p>\n<p>Araban\u0131n bilgisayar\u0131, h\u0131z g\u00f6stergesi ve  takometreden CAN yard\u0131m\u0131yla (araban\u0131n yerel network a\u011f\u0131 olarak d\u00fc\u015f\u00fcnebilirsiniz) mesajlar okur. G\u00fcvenlik s\u0131n\u0131rlamalar\u0131n\u0131 baypas etmek istiyorsan\u0131z, mesajlar\u0131 otobanda u\u00e7uyor olsan\u0131z bile araban\u0131n durdu\u011funa manip\u00fcle etmeniz gerekir. <\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2016\/08\/06014004\/jeep-hacked-again-can-hacks-state.jpg\" alt=\"jeep-hacked-again-can-hacks-state\" width=\"1280\" height=\"760\" class=\"alignnone size-full wp-image-2351\"><\/p>\n<p>Miller ve Valasek bunu yapt\u0131. Vir\u00fcsl\u00fc bir yama ile araban\u0131n bilgisayar\u0131n\u0131 enfekte ettiler. Sonu\u00e7 olarak, CAN\u2019dan sahte mesajlar g\u00f6ndermeyi ba\u015fard\u0131lar. Metod olduk\u00e7a basit. Okunacak mesajlar genelde numaral\u0131 olur. Elektronik b\u00f6l\u00fcm ayn\u0131 numarada iki mesaj al\u0131r, birincisine g\u00fcvenip ikincisini reddeder. <\/p>\n<p>Yani hackerlar sahte mesajlara do\u011fru numaralar\u0131 atay\u0131p sistem ger\u00e7ek mesajlar\u0131 g\u00f6ndermeden g\u00f6nderirse, sistem sahte veriye g\u00fcvenip ger\u00e7ek olan\u0131 bir k\u00f6\u015feye atar. <\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2016\/08\/06014002\/jeep-hacked-again-counter-buster.jpg\" alt=\"jeep-hacked-again-counter-buster\" width=\"1280\" height=\"760\" class=\"alignnone size-full wp-image-2352\"><br>\nSahte veriler ye\u015fil ile g\u00f6steriliyor (h\u0131z 0 km\/s), kabul edilmeyen ger\u00e7ek h\u0131z verileri k\u0131rm\u0131z\u0131 ile g\u00f6steriliyor.<\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar bunu \u00e7\u00f6zd\u00fcklerinde herhangi bir h\u0131zda olabilecek daha tehlikeli e\u015fi benzeri g\u00f6r\u00fclmemi\u015f numaralarla ba\u015f etmeyi \u00f6\u011frendiler. \u00d6rnek olarak, direksiyonun kontrol\u00fcn\u00fc ele alarak tekerlekleri d\u00f6nd\u00fcrmeyi emredebilirler. Ya da, s\u00fcr\u00fcc\u00fc ne kadar durdurmaya \u00e7al\u0131\u015fsa da el frenini kullanabilirler. Veya \u015fof\u00f6r ne kadar durdurmaya \u00e7al\u0131\u015fsa da, geri vitesi aktif edebilirler \u2013 sald\u0131r\u0131 s\u0131ras\u0131nda ara\u00e7 kontrolleri kullan\u0131\u015fs\u0131z olur. Ayr\u0131ca h\u0131z sabitleyicisinin ayarlar\u0131n\u0131 de\u011fi\u015ftirerek arac\u0131 daha h\u0131zl\u0131 ivmelenmeyi \u00f6\u011frendiler. <\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/ONDSAMfNGP0?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>Ancak hackerlar\u0131n arac\u0131n t\u00fcm kontrol\u00fcn\u00fc ele ge\u00e7irdiklerini d\u00fc\u015f\u00fcnmeyin. \u00d6rne\u011fin, istedikleri yere arabay\u0131 g\u00f6t\u00fcrmek ba\u015far\u0131s\u0131z oldular. Sald\u0131r\u0131 s\u0131ras\u0131nda s\u00fcr\u00fcc\u00fc arabay\u0131 durdurmak i\u00e7in frene basabilir ya da direksiyonu yeterince g\u00fc\u00e7l\u00fcyse \u00e7evirmeye \u00e7al\u0131\u015fabilir. Ara\u015ft\u0131rmac\u0131lar \u015funu g\u00f6sterdi, \u015fof\u00f6rler arabaya odaklanarak arac\u0131n hareketlerini anlamal\u0131lar, herhangi bir \u015feyin ters gidip gitmedi\u011fini fark etmeliler. <\/p>\n<p>Beklenmedik anlarda gelen sald\u0131r\u0131lar\u0131n daha tehlikeli oldu\u011funu s\u00f6ylememiz gerekir. Hackerlar s\u00fcr\u00fcc\u00fclerin dikkatini m\u00fczi\u011fi son ses a\u00e7arak ya da klimay\u0131 son seviyede \u00e7al\u0131\u015ft\u0131rarak da\u011f\u0131tabilir. Miller ve Valasek bunlar\u0131 yapt\u0131. S\u00fcr\u00fcc\u00fc \u201cbozulmu\u015f elektronik k\u0131s\u0131mlarla\u201d ilgilenirken hackerlar direksiyonu d\u00f6nd\u00fcrebilir, h\u0131zlanabilir hatta el frenini \u00e7ekebilir. <\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/ue-5hlU5BWA?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>\u0130yi haberlerimiz de var. Birincisi, hacklenmi\u015f ara\u00e7lar\u0131n geli\u015ftiricisi Fiar Chrysler i\u00e7in: Black Hat USA 2016\u2019n\u0131n sonunda g\u00fcvenlik uzmanlar\u0131 Jeep\u2019in bu ac\u0131s\u0131na son vereceklerini a\u00e7\u0131klad\u0131lar. <\/p>\n<p>\u0130kincisi, Fiat Chrysler arabalar\u0131 olanlar i\u00e7in: \u015eirket, ara\u015ft\u0131rmac\u0131lar\u0131n bulduklar\u0131n\u0131 g\u00f6rmezden gelmedi. Miller ve Valasek\u2019in buldu\u011fu g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 yamalad\u0131lar. \u00d6rne\u011fin, arac\u0131n internete ba\u011flanmak i\u00e7in kulland\u0131\u011f\u0131 Sprint h\u00fccresel a\u011f\u0131, art\u0131k TCP trafi\u011fini bloke ediyor. Bu da ge\u00e7en senenin hack metotunun bu sene \u00e7al\u0131\u015fmayaca\u011f\u0131 anlam\u0131na geliyor. <\/p>\n<p>Son olarak, Fiat Chrysler yak\u0131n zamanda bug bulan bir program <a href=\"https:\/\/threatpost.com\/fiat-chrysler-launches-bug-bounty-with-1-5k-payout-cap\/119255\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">ba\u015flatt\u0131<\/a>, hata ve a\u00e7\u0131k bildiren insanlara \u00f6d\u00fcl veriliyor. Tesla ve General Motors buna benzer programlara sahip. Yine de, Fiat Chrysler\u2019in program\u0131 t\u00fcr\u00fcn\u00fcn en iyisi de\u011fil. Buldu\u011fu buglar siber g\u00fcvenlik standartlar\u0131na g\u00f6re k\u00fc\u00e7\u00fck. Bu en az\u0131ndan do\u011fru y\u00f6nde at\u0131lan bir ad\u0131m. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u201cJeep hackerlar\u0131\u201d Charlie Miller ve Chris Valasek, takma isimlerini hareket eden bir Jeep Cherokee\u2019yi uzaktan kontrol alt\u0131na al\u0131nca hak ettiler. Bir y\u0131l sonra, bu ikili daha tehlikeli g\u00fcvenlik a\u00e7\u0131klar\u0131 buldular.<\/p>\n","protected":false},"author":421,"featured_media":2350,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[970,667,972,973,971,744,78,974,97],"class_list":{"0":"post-2349","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-arabalar","10":"tag-arastirma","11":"tag-charlie-miller","12":"tag-chris-valasek","13":"tag-chrysler","14":"tag-guvenlik","15":"tag-hackers","16":"tag-jeep-cherokee","17":"tag-security-2"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/jeep-hacked-again\/2349\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/jeep-hacked-again\/7502\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/jeep-hacked-again\/7526\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/jeep-hacked-again\/7486\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/jeep-hacked-again\/8923\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/jeep-hacked-again\/8753\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/jeep-hacked-again\/12733\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/jeep-hacked-again\/12752\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/jeep-hacked-again\/8436\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/jeep-hacked-again\/12260\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/jeep-hacked-again\/12733\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/jeep-hacked-again\/12752\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/jeep-hacked-again\/12752\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/arabalar\/","name":"arabalar"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2349","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=2349"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2349\/revisions"}],"predecessor-version":[{"id":7156,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2349\/revisions\/7156"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/2350"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=2349"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=2349"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=2349"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}