{"id":2356,"date":"2016-08-22T02:33:43","date_gmt":"2016-08-22T06:33:43","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=2356"},"modified":"2019-11-15T14:58:14","modified_gmt":"2019-11-15T11:58:14","slug":"vw-hack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/vw-hack\/2356\/","title":{"rendered":"Evrensel Volkswagen anahtar\u0131, sadece 40$"},"content":{"rendered":"<p>Bazen ara\u00e7 g\u00fcvenli\u011fi uzmanlar\u0131 sadece bir ara\u00e7, marka ya da model \u00fcst\u00fcnde \u00e7al\u0131\u015f\u0131rlar. \u00d6rne\u011fin, Charlie Miller ve Chris Valasek Fiat Chrysler\u2019in <a href=\"https:\/\/www.kaspersky.com\/blog\/jeep-hacked-again\/12752\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Jeep Cherokee\u2019sini ara\u015ft\u0131rmaya iki y\u0131llar\u0131n\u0131<\/a> verdiler. Se\u00e7imleri mant\u0131kl\u0131yd\u0131 \u00e7\u00fcnk\u00fc Jeep\u2019leri vard\u0131.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"tr\" dir=\"ltr\">Jeep nas\u0131l hacklendi. \u0130kinci kere. <a href=\"https:\/\/t.co\/EWHxi3nVZp\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/EWHxi3nVZp<\/a> <a href=\"https:\/\/t.co\/L4JHTygOvE\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/L4JHTygOvE<\/a><\/p>\n<p>\u2014 Kaspersky T\u00fcrkiye (@KasperskyTR) <a href=\"https:\/\/twitter.com\/KasperskyTR\/status\/766592920786968576?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 19, 2016<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Di\u011fer ara\u015ft\u0131rmac\u0131lar evrensel bir ara\u015ft\u0131rma ba\u015flatt\u0131lar. \u00d6rne\u011fin, 2015\u2019de, Flavio Garcia ve Birmingham \u00dcniversitesindeki tak\u0131m\u0131 anahtars\u0131z giri\u015f sistemi bulunduran ara\u00e7 end\u00fcstrisinin neredeyse yar\u0131s\u0131n\u0131 hi\u00e7bir anahtar olmadan a\u00e7\u0131labildi\u011fini bulduklar\u0131nda deh\u015fete d\u00fc\u015ft\u00fcler. Bu arabalar Audi, Citro\u00ebn, Fiat, Honda, Skoda, Volvo ve di\u011fer markalar\u0131 i\u00e7eriyordu.<\/p>\n<p>Son zamanlarda ara\u015ft\u0131rmac\u0131lar Alman m\u00fchendislik firmas\u0131 Kasper &amp; Oswald ile birlikte \u00e7al\u0131\u015farak <a href=\"https:\/\/www.wired.com\/2016\/08\/oh-good-new-hack-can-unlock-100-million-volkswagens\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">iki yeni g\u00fcvenlik a\u00e7\u0131\u011f\u0131<\/a> buldular.<\/p>\n<p>Bu sefer hedef Volkswagen\u2019di: Volkswagen arabalar\u0131 da anahtar olmadan a\u00e7\u0131labiliyordu. Tehdit olduk\u00e7a b\u00fcy\u00fck: Ara\u015ft\u0131rmac\u0131lar neredeyse 100 milyon araban\u0131n, 1995\u2019den beri \u00fcretilen \u00e7o\u011fu VW modelinin risk alt\u0131nda oldu\u011funu s\u00f6yl\u00fcyor. Golf VII ile ba\u015flayan sadece yeni arabalar bu tehdit alt\u0131nda de\u011fil.<\/p>\n<p>Sald\u0131r\u0131 sadece bir basit ekipmanla olduk\u00e7a ula\u015f\u0131labilir: Bir laptop ve yaz\u0131l\u0131m tan\u0131ml\u0131 radyo. Hatta daha ucuzu, 40 dolarl\u0131k radyo al\u0131c\u0131s\u0131 bulundurdan <a href=\"https:\/\/tr.wikipedia.org\/wiki\/Arduino\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">Arduino<\/a>.<\/p>\n<p><del><strong>100 milyon Volkswagen\u2019i nas\u0131l \u00e7alars\u0131n\u0131z<\/strong><\/del><br>\nOtomobillerin gizli par\u00e7alar\u0131n\u0131 ara\u015ft\u0131ran ara\u015ft\u0131rmac\u0131lar Volkswagen\u2019in 1995\u2019te \u00fcretilen arabadan yedinci Golf\u2019e kadar olan t\u00fcm arabalarda tek bir kriptografik anahtar kullan\u0131ld\u0131\u011f\u0131n\u0131 buldu. Ba\u015fka anahtarlar var ancak di\u011ferlerinden pek bir fark\u0131 yok. Anahtar\u0131 bulmak saniyeler al\u0131rd\u0131.<\/p>\n<p>Anahtar\u0131 bilmek yolun yar\u0131s\u0131. Sonras\u0131nda radyo al\u0131c\u0131s\u0131 olan Arduino\u2019nun yard\u0131m\u0131yla hackerlar araban\u0131n \u00f6zg\u00fcn anahtar\u0131na \u201ckulak misafiri\u201d olabilir. Bu anahtar araban\u0131n sahibi arabay\u0131 a\u00e7\u0131nca iletilir. \u0130ki kriptografik anahtar kullanarak su\u00e7lular arabay\u0131 a\u00e7acak sahte anahtar elde edebilirler.<br>\nAra\u015ft\u0131rmac\u0131lar su\u00e7lular\u0131n sadece bir kez \u201ckulak misafiri\u201d olmas\u0131n\u0131n yeterli olaca\u011f\u0131n\u0131 s\u00f6yl\u00fcyor. Ayr\u0131ca, hedef arac\u0131n 100 metre yak\u0131n\u0131nda olmalar\u0131 gerekiyor ki bu uzakl\u0131k dikkat \u00e7ekmemek i\u00e7in olduk\u00e7a iyi bir mesafe.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/Progressive?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Progressive<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/Snapshot?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Snapshot<\/a> Exposes Drivers to Car Hacking: <a href=\"https:\/\/t.co\/c8I8lc1zu0\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/c8I8lc1zu0<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/560112663741857794?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">January 27, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar de\u011ferli anahtarlar\u0131n araban\u0131n hangi b\u00f6l\u00fcm\u00fcnde tutuldu\u011funu a\u00e7\u0131klam\u0131yor. Ara\u015ft\u0131rmalar\u0131 h\u0131rs\u0131zlar\u0131n araba \u00e7almas\u0131na yard\u0131m etmek i\u00e7in yap\u0131lmad\u0131. B\u00f6l\u00fcmlerin modellere g\u00f6re de\u011fi\u015fti\u011fini s\u00f6yl\u00fcyorlar. Volkswagen tehdidin fark\u0131nda ancak bunu d\u00fczeltmek i\u00e7in yapabilecekleri \u00e7ok k\u0131s\u0131tl\u0131.<\/p>\n<p>Baz\u0131 g\u00fczel haberler de var: Bu metot, su\u00e7lular\u0131n arabay\u0131 a\u00e7mas\u0131na olanak sa\u011fl\u0131yor ancak arabay\u0131 s\u00fcremiyorlar. \u0130mmobilizerlar, fiziksel anahtar olmadan araban\u0131n s\u00fcr\u00fclmesine kar\u015f\u0131 arabay\u0131 koruyorlar. Ancak k\u00f6t\u00fc haberler de var: <a href=\"https:\/\/www.engadget.com\/2015\/08\/14\/car-immobilizer-easily-hacked\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\">\u0130mmobilizerlar\u0131n da g\u00fcvenlik a\u00e7\u0131klar\u0131 var<\/a>. Su\u00e7lular istedikleri VW arabas\u0131n\u0131 a\u00e7mak i\u00e7in iki yolu da kullan\u0131yorlar. Tabi baz\u0131 istisnalar var. Golf VII ile ba\u015flayan modellerde her model i\u00e7in \u00f6zg\u00fcn anahtarlar kullan\u0131ld\u0131.<\/p>\n<p><strong>Uzman yorumlar\u0131<\/strong><br>\nKaspersky Lab uzman\u0131 Sergey Zorin durumu \u015f\u00f6yle a\u00e7\u0131kl\u0131yor: <\/p>\n<p><em>Bu hikaye sald\u0131rgan\u0131n tak\u0131m\u0131nda profesyoneller ve yeterince zaman varsa her \u015feyin tehlikede olabildi\u011fini g\u00f6steriyor. Ek yat\u0131r\u0131mla bu ara\u015ft\u0131rman\u0131n di\u011fer araba \u00fcreticileri i\u00e7in yap\u0131lmas\u0131 m\u00fcmk\u00fcn. Ancak, bu \u00f6rnekle ara\u015ft\u0131rmac\u0131lar araba \u00fcreticilerinin asl\u0131nda bilgi g\u00fcvenli\u011fine \u00f6nem verdiklerini ve yeni model arabalarda bu g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n olmad\u0131\u011f\u0131n\u0131 g\u00f6steriyor. Yani bu araba ve di\u011fer araba \u00fcreticilerinin g\u00fcvenlik konusunda eksik oldu\u011funu s\u00f6ylemek do\u011fru olmaz. <\/em><\/p>\n<p>Ancak, otomobil end\u00fcstrisinde s\u0131k\u0131nt\u0131ya yol a\u00e7acak baz\u0131 problemler var. <\/p>\n<p>\u0130lk problem, geleneksel olarak araba \u00fcreticilerinin g\u00fcvenlik dahil her \u015feyi planlamas\u0131 gerekti\u011fi. Bu be\u015f ila yedi sene s\u00fcren bir s\u00fcre\u00e7. G\u00fcvenlik ve hack metotlar\u0131n\u0131n bundan \u00e7ok daha k\u0131sa s\u00fcrede geli\u015fti\u011fi \u00e7ok a\u00e7\u0131k.<br>\n<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Shock at the wheel: your Jeep can be hacked while driving down the road <a href=\"https:\/\/t.co\/40h8StaLFG\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/40h8StaLFG<\/a> <a href=\"http:\/\/t.co\/bOvjzQb9K4\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/bOvjzQb9K4<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/624291836996284418?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">July 23, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br>\n<em><br>\nBa\u015fka bir problem teknolojinin k\u0131s\u0131tlamalar\u0131ndan do\u011fuyor. Riskleri yok etmek i\u00e7in g\u00fcvenlik d\u00fczeltmelerini h\u0131zl\u0131 ve geni\u015f \u00e7apl\u0131 yapmak her zaman m\u00fcmk\u00fcn olmuyor. Bu iki sorun bundan sonra \u00fcretilen arabalarda y\u00fckseltme mekanizmalar\u0131 kullan\u0131larak \u00e7\u00f6z\u00fclebilir. B\u00f6ylelikle g\u00fcvenlik a\u00e7\u0131klar\u0131 bulunan b\u00f6lgeler yamalanabilir. \u00dcretimi bundan be\u015f sene sonraya olan yeni jenerasyon arabalar\u0131n bu teknolojiye sahip olmas\u0131n\u0131 umuyoruz. <\/em><\/p>\n<p>\u00dc\u00e7\u00fcnc\u00fc problem, araba \u00fcreticilerinin u\u011fra\u015ft\u0131\u011f\u0131 arabalarda ba\u011flant\u0131 sorunu. Ba\u011fl\u0131 araba konsepti, araban\u0131n i\u00e7indeki birden \u00e7ok mod\u00fcl\u00fcn d\u0131\u015far\u0131dan bir domain ile ileti\u015fime ge\u00e7mesidir. Bu veri payla\u015f\u0131m kanallar\u0131ndan baz\u0131 g\u00fcvenlik a\u00e7\u0131klar\u0131 \u00e7oktan bulundu. Bir g\u00fcvenlik firmas\u0131 olarak, bu alanda birka\u00e7 y\u0131ld\u0131r \u00e7al\u0131\u015f\u0131yoruz ve ba\u015fka tehlikelerin geldi\u011fini g\u00f6rebiliyoruz. G\u00fcvenilir ba\u011flant\u0131 teknolojileri hem g\u00fcvenlik hem otomotiv firmalar\u0131n\u0131n gelecek y\u0131llarda yo\u011funla\u015fmas\u0131 gereken bir alan olacak. <\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bazen ara\u00e7 g\u00fcvenli\u011fi uzmanlar\u0131 sadece bir ara\u00e7, marka ya da model \u00fcst\u00fcnde \u00e7al\u0131\u015f\u0131rlar. \u00d6rne\u011fin, Charlie Miller ve Chris Valasek Fiat Chrysler\u2019in Jeep Cherokee\u2019sini ara\u015ft\u0131rmaya iki y\u0131llar\u0131n\u0131 verdiler. Se\u00e7imleri mant\u0131kl\u0131yd\u0131 \u00e7\u00fcnk\u00fc<\/p>\n","protected":false},"author":696,"featured_media":2357,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[969,970,93,744,545,78,363,975],"class_list":{"0":"post-2356","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-aciklar","10":"tag-arabalar","11":"tag-cybercriminals","12":"tag-guvenlik","13":"tag-hack","14":"tag-hackers","15":"tag-personal-data","16":"tag-volkswagen"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/vw-hack\/2356\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/vw-hack\/7523\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/vw-hack\/7549\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/vw-hack\/7525\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/vw-hack\/8954\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/vw-hack\/8780\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/vw-hack\/12781\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/vw-hack\/12784\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/vw-hack\/6475\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/vw-hack\/5250\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/vw-hack\/8474\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/vw-hack\/12282\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/vw-hack\/12781\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/vw-hack\/12784\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/vw-hack\/12784\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/aciklar\/","name":"a\u00e7\u0131klar"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2356","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/696"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=2356"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2356\/revisions"}],"predecessor-version":[{"id":7155,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2356\/revisions\/7155"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/2357"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=2356"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=2356"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=2356"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}