{"id":3689,"date":"2017-09-05T11:31:10","date_gmt":"2017-09-05T08:31:10","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=3689"},"modified":"2020-05-13T19:04:41","modified_gmt":"2020-05-13T16:04:41","slug":"hacking-electronic-locks","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/hacking-electronic-locks\/3689\/","title":{"rendered":"Elektronik kilitleri hacker filmlerindeki gibi k\u0131rmak"},"content":{"rendered":"

Film karakterleri, elektronik kilitli kap\u0131 engeliyle kar\u015f\u0131la\u015ft\u0131\u011f\u0131nda genellikle ne yapar? Tabii ki hacker arar. Hacker kilide bir t\u00fcr cihaz ba\u011flar. Birka\u00e7 saniye sonra ba\u011flanan cihaz m\u00fcmk\u00fcn olan t\u00fcm kombinasyonlar\u0131 dener ve bunlar\u0131 segment ekran\u0131nda (elbette bu ekran parlak olmak zorundad\u0131r) g\u00f6sterir. \u0130\u015fte bu kadar! Kap\u0131 hemen a\u00e7\u0131l\u0131r.<\/p>\n

Colin O\u2019Flynn, Black Hat 2017<\/a>\u2018de elektronik kap\u0131 kilitlerini k\u0131rmak<\/a> hakk\u0131nda bir rapor sundu ve kap\u0131n\u0131n a\u00e7\u0131lmaan\u0131 i\u00e7in m\u00fckemmel bir replik bularak bu t\u00fcr filmlerdeki karakterlerin kar\u015f\u0131la\u015ft\u0131\u011f\u0131 en b\u00fcy\u00fck zorluktan esprili bir \u015fekilde bahsetti.<\/p>\n

Peki bu durum ger\u00e7e\u011fe ne kadar uygun? S\u00f6z konusu kilitler end\u00fcstriyel s\u0131n\u0131f elektronik kilitlerse ger\u00e7ekle hi\u00e7 ilgisi yok. Ancak son zamanlarda piyasada \u00f6zel m\u00fclkler i\u00e7in tasarlanan bir\u00e7ok elektronik kilit ortaya \u00e7\u0131kt\u0131 ve bu kilitler pek ba\u015far\u0131l\u0131 say\u0131lmaz.<\/p>\n

O\u2019Flynn evlerde kullan\u0131lan elektronik kilitlerden iki numune se\u00e7ti ve bunlar\u0131 inceledi. \u0130lk modelin, Evil Maid ad\u0131 verilen sald\u0131r\u0131lara kar\u015f\u0131 savunmas\u0131z oldu\u011funu g\u00f6rd\u00fc. Bu sald\u0131r\u0131da, k\u00f6t\u00fc niyetli bir ki\u015finin kilidin i\u00e7 par\u00e7alar\u0131na yaln\u0131zca bir kere fiziksel olarak ula\u015fmas\u0131 yeterlidir. Bir kez i\u00e7eri girdikten sonra kolayl\u0131kla kendi \u015fifresini sisteme ekleyebilir ve bu sayede istedi\u011fi zaman kap\u0131y\u0131 a\u00e7abilir.<\/p>\n

Bunun i\u00e7in hi\u00e7bir \u00f6zel yetene\u011fe gerek yoktur. \u015eifrenin nas\u0131l eklenebilece\u011fiyle ilgili talimatlar\u0131n her a\u015famas\u0131 pil yuvas\u0131n\u0131n i\u00e7inde yer al\u0131r. \u0130\u015flem s\u0131ras\u0131nda mevcut kullan\u0131c\u0131 \u015fifrelerinden birinin veya ana \u015fifrenin girilmesi gerekmez.<\/p>\n

Di\u011fer modelde ise bu hata yoktur. Ancak bu model d\u0131\u015far\u0131dan gelen sald\u0131r\u0131lara kar\u015f\u0131 savunmas\u0131zd\u0131r. Kilidin d\u0131\u015f k\u0131sm\u0131nda PIN kodunu girmek i\u00e7in dokunmatik ekranl\u0131 bir mod\u00fcl bulunur. Anla\u015f\u0131lan o ki bu mod\u00fcl kolayl\u0131kla s\u00f6k\u00fclebilir (ara\u015ft\u0131rmac\u0131 bu i\u015flemi bir yemek b\u0131\u00e7a\u011f\u0131yla ger\u00e7ekle\u015ftirmi\u015f) ve b\u00f6ylece d\u00fczg\u00fcnce yerle\u015ftirilmi\u015f bir konnekt\u00f6r ortaya \u00e7\u0131kar.<\/p>\n

O\u2019Flynn, kilidin i\u00e7 ve d\u0131\u015f par\u00e7alar\u0131n\u0131n nas\u0131l etkile\u015fim kurdu\u011funu inceledikten sonra hacker filmlerindekine benzer bir cihaz yaratmay\u0131 ba\u015fard\u0131. Elbette cihaz\u0131n segment ekran\u0131 olduk\u00e7a parlakt\u0131. \u015eifreyi brute-force y\u00f6ntemiyle k\u0131rmak i\u00e7in cihaz\u0131 daha \u00f6nce bahsedilen konnekt\u00f6re (kilidin elektronik par\u00e7as\u0131 tam olarak ne ba\u011fland\u0131\u011f\u0131n\u0131 kontrol etmez) ba\u011flad\u0131.<\/p>\n

\"\"

O\u2019Flynn taraf\u0131ndan geli\u015ftirilen elektronik kilit k\u0131rma cihaz\u0131. Kaynak<\/a>.<\/p><\/div>\n

Tabii ki cihaz \u00fcreticisi brute-force sald\u0131r\u0131lar\u0131n\u0131n olabilece\u011fini tahmin etmi\u015fti. \u015eifre \u00fc\u00e7 kez yanl\u0131\u015f girilince kilidin alarm\u0131 aktif hale geldi. Ancak, O\u2019Flynn d\u0131\u015f konnekt\u00f6r\u00fcn kontaklar\u0131na belirli bir seviyede voltaj uygulaman\u0131n i\u00e7 elektronik par\u00e7alarda k\u0131sa devreye neden olaca\u011f\u0131n\u0131, bu sayede sistemin yeniden ba\u015flayaca\u011f\u0131n\u0131 ve ba\u015far\u0131s\u0131z giri\u015fim sayac\u0131n\u0131n s\u0131f\u0131rlanaca\u011f\u0131n\u0131 fark etti.<\/p>\n

Sonu\u00e7 olarak O\u2019Flynn\u2019in yapt\u0131\u011f\u0131 cihaz dakikada 120 \u015fifre deneyebilir. Kilit i\u00e7in m\u00fcmk\u00fcn olan d\u00f6rt haneli t\u00fcm PIN kombinasyonlar\u0131n\u0131 denemek yakla\u015f\u0131k olarak 85 dakika s\u00fcrer. Bu durum kilidi a\u00e7man\u0131n \u00e7o\u011funlukla yar\u0131m saat ile bir saat aras\u0131nda bir zaman alaca\u011f\u0131 anlam\u0131na gelir. Tabii ki bu s\u00fcre filmlerdekinden \u00e7ok daha uzundur. Ancak geri kalan her \u015fey neredeyse filmlerdeki gibi ger\u00e7ekle\u015fir.<\/p>\n

Ayr\u0131ca O\u2019Flynn ana \u015fifreyi k\u0131rman\u0131n da bir yolunu bulmu\u015ftur. Ana \u015fifreler daha uzundur ve d\u00f6rt hane yerine alt\u0131 haneli bir \u015fifrenin olmas\u0131 brute-force sald\u0131r\u0131s\u0131n\u0131n yakla\u015f\u0131k bir hafta s\u00fcrmesine neden olabilir. Yine de elektronik kilidin \u00fcr\u00fcn yaz\u0131l\u0131m\u0131ndaki bir ba\u015fka hata bu s\u00fcreci epeyce k\u0131salt\u0131r. Ana \u015fifrenin ilk d\u00f6rt hanesini girdi\u011finizde sistem ya hata mesaj\u0131 verir ya da di\u011fer iki hanenin girilmesini bekler. Bu sayede ilk d\u00f6rt hanenin do\u011fru oldu\u011fu onaylanm\u0131\u015f olur.<\/p>\n

Bu y\u00f6ntemle ana \u015fifrenin ilk d\u00f6rt hanesinin brute-force y\u00f6ntemiyle k\u0131r\u0131lmas\u0131 i\u00e7in yine 85 dakika (maksimum); di\u011fer iki hanenin bulunmas\u0131 i\u00e7inse yaln\u0131zca bir dakika gerekir. Art\u0131k eri\u015fim \u015fifresini kendi \u015fifrenize s\u0131f\u0131rlayabilirsiniz. Ayr\u0131ca mevcut \u015fifreleri silerek ev sahibini kap\u0131y\u0131 k\u0131rmak veya bir hacker ile anla\u015fma yapmak zorunda b\u0131rakabilirsiniz.<\/p>\n

O\u2019Flynn daha sonra kilit \u00fcreticisi ile ileti\u015fime ge\u00e7mi\u015f ve anlatt\u0131\u011f\u0131na g\u00f6re kilit \u00fcreticisi konuyla ilgili son derece duyarl\u0131 davranm\u0131\u015ft\u0131r. G\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n (ve baz\u0131 di\u011fer g\u00fcvenlik sorunlar\u0131n\u0131n) m\u00fcmk\u00fcn olan en k\u0131sa s\u00fcre i\u00e7inde d\u00fczeltilece\u011fini s\u00f6ylemi\u015ftir.<\/p>\n

Genel olarak ara\u015ft\u0131rman\u0131n sonu\u00e7lar\u0131 \u015funu a\u00e7\u0131k\u00e7a g\u00f6stermektedir: Evlerde kullan\u0131lan elektronik kilitler hala g\u00fcvenlik konusunda yetersizdir. Mekanik kilitlerinde benzer hatalara sahip oldu\u011fu inkar edilemeyecek bir ger\u00e7ektir. En az\u0131ndan bu konu \u00fczerinde daha kapsaml\u0131 olarak \u00e7al\u0131\u015f\u0131lmaya ba\u015flanmas\u0131 sayesinde konunun uzmanlar\u0131 g\u00fcvenlik a\u00e7\u0131s\u0131ndan hangi modellerin daha iyi oldu\u011funu ortaya \u00e7\u0131karabilir. Hangi elektronik kilitlerin ger\u00e7ekten g\u00fcvenli oldu\u011fu hangilerinin olmad\u0131\u011f\u0131 zamanla anla\u015f\u0131lacakt\u0131r.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Film karakterleri, elektronik kilitli kap\u0131 engeliyle kar\u015f\u0131la\u015ft\u0131\u011f\u0131nda genellikle ne yapar? Tabii ki hacker arar. Hacker kilide bir t\u00fcr cihaz ba\u011flar. Birka\u00e7 saniye sonra ba\u011flanan cihaz m\u00fcmk\u00fcn olan t\u00fcm kombinasyonlar\u0131 dener ve bunlar\u0131 segment ekran\u0131nda (elbette bu ekran parlak olmak zorundad\u0131r) g\u00f6sterir. \u0130\u015fte bu kadar! Kap\u0131 hemen a\u00e7\u0131l\u0131r.<\/p>\n","protected":false},"author":421,"featured_media":3690,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1351],"tags":[950,1319,545,1324],"class_list":{"0":"post-3689","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-threats","9":"tag-black-hat","10":"tag-black-hat-2017","11":"tag-hack","12":"tag-kilit"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/hacking-electronic-locks\/3689\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/hacking-electronic-locks\/11077\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/hacking-electronic-locks\/9161\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/hacking-electronic-locks\/4904\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/hacking-electronic-locks\/12306\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/hacking-electronic-locks\/11586\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/hacking-electronic-locks\/11139\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/hacking-electronic-locks\/14055\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/hacking-electronic-locks\/14063\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/hacking-electronic-locks\/18203\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hacking-electronic-locks\/17920\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/hacking-electronic-locks\/7206\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/hacking-electronic-locks\/14374\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/hacking-electronic-locks\/8266\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/hacking-electronic-locks\/17672\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/hacking-electronic-locks\/17667\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/hacking-electronic-locks\/17617\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/black-hat\/","name":"black hat"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3689","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=3689"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3689\/revisions"}],"predecessor-version":[{"id":8257,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3689\/revisions\/8257"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/3690"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=3689"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=3689"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=3689"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}