{"id":7605,"date":"2020-01-29T13:55:44","date_gmt":"2020-01-29T10:55:44","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=7605"},"modified":"2020-01-29T13:56:40","modified_gmt":"2020-01-29T10:56:40","slug":"curious-mems-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/curious-mems-vulnerabilities\/7605\/","title":{"rendered":"S\u0131radan MEMS&#8217;lerin (Mikroelektromekanik sistemler) tuhaf g\u00fcvenlik a\u00e7\u0131klar\u0131"},"content":{"rendered":"<p>Dijital cihazlar\u0131n art\u0131k fiziksel d\u00fcnyayla etkile\u015fim kurmalar\u0131n\u0131 sa\u011flayan \u201cduyu organlar\u0131\u201d var. Bu, bir yandan kullan\u0131c\u0131lar i\u00e7in b\u00fcy\u00fck bir konfor sa\u011fl\u0131yor. \u00d6te yandan, yeni tehditler de olu\u015fturuyor ve bunlar \u00e7o\u011funlukla olduk\u00e7a beklenmedik <a href=\"https:\/\/www.kaspersky.com\/blog\/voice-recognition-threats\/14134\/\" target=\"_blank\" rel=\"noopener nofollow\">tehditler<\/a> oluyor. Elektronik sens\u00f6rler i\u015flevsel anlamda insanlardaki sens\u00f6rlere benzese de, tasar\u0131m ve beceri a\u00e7\u0131s\u0131ndan hala \u00e7ok farkl\u0131lar; tasar\u0131mc\u0131lar ise bu farkl\u0131l\u0131klar\u0131 her zaman hesaba katmayabiliyor.<\/p>\n<p>\u00d6rne\u011fin insanlar\u0131n duyamad\u0131\u011f\u0131, fakat sesli asistanlar\u0131n duydu\u011fu ve yerine getirdi\u011fi <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/ultrasound-attacks\/5675\/\" target=\"_blank\" rel=\"noopener\">ultrason komutlar\u0131<\/a> d\u00fc\u015f\u00fcn\u00fcn. Sese kar\u015f\u0131l\u0131k veren bir asistan\u0131, insan\u0131n duyamayaca\u011f\u0131 seviyede de olsa bir <em>ses<\/em> yard\u0131m\u0131yla hacklemek, en az\u0131ndan olduk\u00e7a \u00f6ng\u00f6r\u00fclebilir. Peki ya <em>\u0131\u015f\u0131k<\/em> kullanarak hacklemek?<\/p>\n<h2>I\u015f\u0131\u011f\u0131 duymak: MEMS mikrofonlar ve hatalar\u0131<\/h2>\n<p>Sesli bir komut, sesli asistan\u0131n mikrofonuna y\u00f6neltilen bir lazer \u0131\u015f\u0131n\u0131 titre\u015fimine d\u00f6n\u00fc\u015ft\u00fcr\u00fcld\u00fc\u011f\u00fc takdirde asistan talebi saptay\u0131p yerine <a href=\"https:\/\/lightcommands.com\/\" target=\"_blank\" rel=\"noopener nofollow\">getiriyor<\/a>. Bu ke\u015ffi Elektro-\u0130leti\u015fim \u00dcniversitesi (Chofu, Japonya ve Michigan \u00dcniversitesi\u2019nden ara\u015ft\u0131rmac\u0131lar yapt\u0131. Birka\u00e7 on metre uzakl\u0131ktan cihazlara komut g\u00f6nderdiler. Gerekli tek ko\u015ful, lazer \u0131\u015f\u0131n\u0131 kayna\u011f\u0131 ile mikrofon aras\u0131nda do\u011frudan g\u00f6r\u00fcn\u00fcrl\u00fck olmas\u0131yd\u0131.<\/p>\n<p>Ara\u015ft\u0131rmac\u0131lar <a href=\"https:\/\/lightcommands.com\/20191104-Light-Commands.pdf\" target=\"_blank\" rel=\"noopener nofollow\">lazer tabanl\u0131 sald\u0131r\u0131y\u0131<\/a> ak\u0131ll\u0131 hoparl\u00f6rler, ak\u0131ll\u0131 telefonlar, tabletler ve Amazon Alexa, Apple Siri veya Google Assistant ile \u00e7al\u0131\u015fan di\u011fer cihazlarda test etti. Hile hepsinde i\u015fe yarad\u0131, fakat mikrofonun sinyali tespit etme uzakl\u0131\u011f\u0131 5 ila 110 metre aras\u0131nda de\u011fi\u015fiklik g\u00f6sterdi. Teoride, yeterince g\u00fc\u00e7l\u00fc bir lazer ve do\u011fru bir mercekle bu uzakl\u0131k daha da art\u0131r\u0131labilir.<\/p>\n<p>A\u015fa\u011f\u0131daki video, (bu y\u00f6ntem kullan\u0131larak neler yap\u0131labilece\u011finin bir \u00f6rne\u011fi olarak) Google Home ak\u0131ll\u0131 hoparl\u00f6r\u00fcn\u00fc kand\u0131rarak yan binadaki garaj kap\u0131s\u0131n\u0131 a\u00e7t\u0131ran ara\u015ft\u0131rmac\u0131lar\u0131 g\u00f6steriyor.<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/EtzP-mCwNAs?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<h3>MEMS mikrofonlar neden \u0131\u015f\u0131\u011fa cevap veriyor<\/h3>\n<p>Lazer sald\u0131r\u0131s\u0131, cihazlardaki mikrofonlar\u0131n tasar\u0131m\u0131 sayesinde m\u00fcmk\u00fcn oluyor. Ak\u0131l\u0131 elektronik cihazlarda kullan\u0131lan modern mikrofonlar\u0131n \u00e7o\u011funa mikroelektromekanik sistemler (MEMS) deniyor; bunlar, elektronik ve mekanik bile\u015fenlerin girift tek bir tasar\u0131mda birle\u015ftirildi\u011fi minyat\u00fcr cihazlar.<\/p>\n<p>MEMS bazl\u0131 sens\u00f6rler, bilgisayar \u00e7iplerinde kullan\u0131lan teknolojinin ayn\u0131s\u0131 kullan\u0131larak, \u00e7o\u011funlukla ayn\u0131 malzemeden (silikon) ve ayn\u0131 minyat\u00fcrle\u015ftirme seviyesiyle (bireysel par\u00e7alar\u0131 mikrometrelerle, hatta nonometrelerle \u00f6l\u00e7\u00fcl\u00fcyor) seri olarak \u00fcretiliyor. Bunun yan\u0131 s\u0131ra olduk\u00e7a ucuz olan MEMS sens\u00f6rler, elektronik ve fiziksel d\u00fcnyan\u0131n kesi\u015fti\u011fi noktadaki di\u011fer sens\u00f6rlerin ve minyat\u00fcr cihazlar\u0131n yerini ald\u0131.<\/p>\n<p>Bir MEMS mikrofonun ana duyu unsuru, yakla\u015f\u0131k olarak insan sa\u00e7\u0131n\u0131n y\u00fczde biri kal\u0131nl\u0131\u011f\u0131nda olan \u00e7ok ince bir zar. Ses dalgalar\u0131 bu zar\u0131 titre\u015ftirdi\u011finde zar ile sens\u00f6r\u00fcn sabit k\u0131sm\u0131 aras\u0131ndaki bo\u015fluk titre\u015fimle birlikte geni\u015fler ve k\u00fc\u00e7\u00fcl\u00fcr. Zar ve sens\u00f6r\u00fcn sabit taban\u0131 birlikte bir yo\u011funla\u015ft\u0131r\u0131c\u0131 meydana getirir, b\u00f6ylelikle ikisi aras\u0131ndaki mesafenin varyasyonu, bir s\u0131\u011fa varyasyonuna d\u00f6n\u00fc\u015f\u00fcr. Kolay \u00f6l\u00e7\u00fclen ve kaydedilen bu varyasyonlar, ard\u0131ndan sese d\u00f6n\u00fc\u015ft\u00fcr\u00fclebilir.<\/p>\n<p>Bir \u0131\u015f\u0131n demeti de hassas zar\u0131 titre\u015ftirecek dalgalar olu\u015fturabilir. Fotoakustik etki denen bu durum, on dokuzuncu y\u00fczy\u0131l\u0131n sonlar\u0131ndan bu yana biliniyor. Telefonun patentini alarak \u00fcnlenen \u0130sko\u00e7 bilim insan\u0131 Alexander Graham Bell, fotofonu, yani \u0131\u015f\u0131n demetlerini kullanarak birka\u00e7 y\u00fcz metre mesafeden sesli mesaj al\u0131\u015fveri\u015fi yapmay\u0131 sa\u011flayan cihaz\u0131 bu s\u0131ralarda icat etti.<\/p>\n<p>Fotoakustik etki \u00e7o\u011funlukla \u0131\u015f\u0131\u011fa maruz kalan nesnelerin \u0131s\u0131nmas\u0131yla olu\u015fuyor. Nesneler \u0131s\u0131nd\u0131klar\u0131nda geni\u015fliyor, tekrar so\u011fuduklar\u0131nda ise orijinal boyutlar\u0131na geri k\u00fc\u00e7\u00fcl\u00fcyor. Dolay\u0131s\u0131yla bir lazer \u0131\u015f\u0131n\u0131na maruz kald\u0131klar\u0131nda boyutlar\u0131 de\u011fi\u015fiyor. Bizler bunu asla fark edemesek de a\u015f\u0131r\u0131 derecede k\u00fc\u00e7\u00fck olan MEMS sens\u00f6rler mikroskobik hareketleri bile alg\u0131layabiliyor. B\u00f6ylelikle titre\u015fimleri alg\u0131layarak ses kay\u0131tlar\u0131na d\u00f6n\u00fc\u015ft\u00fcr\u00fcyorlar, bu ses kay\u0131tlar\u0131 ise ard\u0131ndan sesli birer komut olarak tan\u0131nabiliyor.<\/p>\n<h2>Hareketin sesi: Bir MEMS ivme\u00f6l\u00e7erin ses hassasiyeti<\/h2>\n<p>Mikrofonlardan ba\u015fka bir\u00e7ok sens\u00f6r, \u00f6rne\u011fin jiroskop ve ivme\u00f6l\u00e7er gibi hareket sens\u00f6rleri de MEMS teknolojisini kullan\u0131yor. Kalp pillerinde, arabalar\u0131n hava yast\u0131klar\u0131nda ve bir\u00e7ok ba\u015fka yerde b\u00f6yle sens\u00f6rler bulunuyor. Ak\u0131ll\u0131 telefonlardaki ve tabletlerdeki ekran d\u00f6nd\u00fcrmeyi de bu sens\u00f6rler kontrol ediyor. Ayr\u0131ca haval\u0131 bir hileyle kand\u0131r\u0131labiliyorlar da.<\/p>\n<p>Birka\u00e7 y\u0131l \u00f6nce, Michigan ve South Carolina \u00fcniversitelerinden ara\u015ft\u0131rmac\u0131lar, normalde harekete cevap veren <a href=\"https:\/\/spqr.eecs.umich.edu\/papers\/trippel-IEEE-oaklawn-walnut-2017.pdf\" target=\"_blank\" rel=\"noopener nofollow\">ivme\u00f6l\u00e7erleri sesle kontrol ettikleri<\/a> bir deney sergilediler.<\/p>\n<h3>MEMS ivme\u00f6l\u00e7erler neden sese cevap veriyor<\/h3>\n<p>\u0130vme\u00f6l\u00e7er sens\u00f6rleri hareketi, mikroskopik y\u00fcklerin yer de\u011fi\u015ftirmesini hesaplayarak tespit ediyor. Ses dalgalar\u0131 da y\u00fck\u00fcn titre\u015fmesine sebep olarak ivme\u00f6l\u00e7erin nesnenin hareket etti\u011fini d\u00fc\u015f\u00fcnmesine sebep olabilir. Ara\u015ft\u0131rmac\u0131lar 20 k\u00fcsur pop\u00fcler ivme\u00f6l\u00e7er modelini test etti ve bunlar\u0131n d\u00f6rtte \u00fc\u00e7\u00fcn\u00fcn ses girdisine duyarl\u0131 oldu\u011funu buldu.<\/p>\n<p>\u00c7al\u0131\u015fmalar\u0131n\u0131n bir par\u00e7as\u0131 olarak bir Fitbit fitness takip cihaz\u0131na sahte ad\u0131mlar sayd\u0131rd\u0131lar ve masan\u0131n \u00fczerinde sabit duran bir ak\u0131ll\u0131 telefonla radyo kumandal\u0131 bir arabaya manevra yapt\u0131rd\u0131lar. (Araba normalde cihaz\u0131n pozisyonuna cevap veriyordu, fakat bu deneyde cihazda \u00e7alan m\u00fczik, ak\u0131ll\u0131 telefonun sens\u00f6r\u00fcn\u00fc kand\u0131rd\u0131.)<\/p>\n<h2>Helyum yutmak: iPhone\u2019lar yere serildi<\/h2>\n<p>MEMS hatalar\u0131n\u0131n hepsini ke\u015ffetmek i\u00e7in laboratuvar ortam\u0131 gerekmiyor. ABD\u2019deki bir klinikte yeni bir MR cihaz\u0131n\u0131n kurulumu s\u0131ras\u0131nda \u00e7al\u0131\u015fanlar, <a href=\"https:\/\/www.ifixit.com\/News\/11986\/iphones-are-allergic-to-helium\" target=\"_blank\" rel=\"noopener nofollow\">cep telefonlar\u0131n\u0131n \u00e7al\u0131\u015fmad\u0131\u011f\u0131n\u0131<\/a> fark etti. Ara\u015ft\u0131rma sonucunda yaln\u0131zca Apple cihazlar\u0131n sorundan etkilendi\u011fi ortaya \u00e7\u0131kt\u0131. Su\u00e7lu, baz\u0131 makine bile\u015fenlerini so\u011futmak i\u00e7in kullan\u0131lan s\u0131v\u0131 helyumdu. Gaz\u0131n bir k\u0131sm\u0131 s\u0131zm\u0131\u015f ve klini\u011fe yay\u0131lm\u0131\u015ft\u0131; bu da iPhone\u2019lar\u0131 yere sermeye yetti.<\/p>\n<h2>iPhone\u2019lar neden helyum y\u00fcz\u00fcnden \u00e7al\u0131\u015fm\u0131yor<\/h2>\n<p>Klinikte MEMS\u2019in kullan\u0131ld\u0131\u011f\u0131 fakat performans i\u00e7in kritik \u00f6nem ta\u015f\u0131mad\u0131\u011f\u0131 di\u011fer sistemlerin aksine Apple Watch\u2019lar ve iPhone\u2019un 6 ve \u00fcst\u00fc modelleri, sistem saati i\u00e7in MEMS kullan\u0131yor.<\/p>\n<p>MEMS\u2019in i\u00e7inde normal \u00e7al\u0131\u015fma i\u00e7in gereken bir vakum bulunuyor. Vakumu bozulmadan tutmak i\u00e7in \u00e7ipler ince bir silikon tabakas\u0131yla m\u00fch\u00fcrleniyor. Fakat helyum molek\u00fclleri silika \u00f6l\u00e7e\u011finden s\u0131zacak ve \u00e7ipin i\u00e7erisindeki mikroskobik rezonans devresinin normal \u00e7al\u0131\u015fmas\u0131n\u0131 engelleyecek kadar k\u00fc\u00e7\u00fck; bu da elektronikleri bozup iPhone\u2019un an\u0131nda kapanmas\u0131na sebep oluyor.<\/p>\n<p>Apple, cihazlar\u0131n\u0131n helyuma kar\u015f\u0131 hassas oldu\u011funun fark\u0131nda; <a href=\"https:\/\/support.apple.com\/tr-tr\/guide\/iphone\/iph301fc905\/ios\" target=\"_blank\" rel=\"noopener nofollow\">kullan\u0131c\u0131 k\u0131lavuzlar\u0131<\/a> bununla ilgili bir uyar\u0131 i\u00e7eriyor: \u201ciPhone\u2019u helyum gibi buharla\u015fmaya yak\u0131n likit gazlar da dahil olmak \u00fczere end\u00fcstriyel kimyasallar\u0131 y\u00fcksek konsantrasyonda i\u00e7eren ortamlara maruz b\u0131rakmak, iPhone\u2019un fonksiyonlar\u0131na zarar verebilir veya bu fonksiyonlar\u0131 tahrip edebilir.\u201d Ne var ki b\u00f6yle durumlar o kadar nadir g\u00f6r\u00fcl\u00fcyor ki kimse bunlar hakk\u0131nda kayg\u0131lanm\u0131yor.<\/p>\n<p>Zarar verici maddeden uzakla\u015ft\u0131ktan sonra (baz\u0131lar\u0131 birka\u00e7 g\u00fcne ihtiya\u00e7 duyuyor) zarar g\u00f6ren cihazlar\u0131n \u00e7o\u011fu normale d\u00f6nd\u00fc. iPhone\u2019larda kullan\u0131lan MEMS sens\u00f6rlerin \u00fcreticisi, yeni nesil birimlerin bu t\u00fcr ar\u0131zalara duyarl\u0131 olmad\u0131\u011f\u0131n\u0131 s\u00f6yl\u00fcyor.<\/p>\n<h2>Cihazlar\u0131n\u0131za iyi bak\u0131n<\/h2>\n<p>Yukar\u0131da anlatt\u0131\u011f\u0131m\u0131z MEMS g\u00fcvenlik a\u00e7\u0131klar\u0131, kuraldan ziyade birer istisna. Bununla birlikte cihazlar\u0131n\u0131z\u0131 helyum kutular\u0131ndan uzak tutman\u0131z\u0131 tavsiye ediyoruz. Ne olur ne olmaz.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"earth2050\">\n","protected":false},"excerpt":{"rendered":"<p>Sesli asistanlar\u0131 veya hareket sens\u00f6rlerini kand\u0131rmak i\u00e7in lazer ve m\u00fczik gibi basit ara\u00e7lar kullanmak.<\/p>\n","protected":false},"author":2049,"featured_media":7606,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351,995],"tags":[1845,2103,26,2102,1982,1850,878],"class_list":{"0":"post-7605","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"category-technology","9":"tag-alexa","10":"tag-google-assistant","11":"tag-iphone","12":"tag-mems","13":"tag-sesli-asistanlar","14":"tag-siri","15":"tag-teknoloji"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/curious-mems-vulnerabilities\/7605\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/curious-mems-vulnerabilities\/18436\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/curious-mems-vulnerabilities\/15311\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/curious-mems-vulnerabilities\/7396\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/curious-mems-vulnerabilities\/20192\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/curious-mems-vulnerabilities\/18505\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/curious-mems-vulnerabilities\/16942\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/curious-mems-vulnerabilities\/20963\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/curious-mems-vulnerabilities\/19741\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/curious-mems-vulnerabilities\/26211\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/curious-mems-vulnerabilities\/32245\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/curious-mems-vulnerabilities\/13693\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/curious-mems-vulnerabilities\/22010\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/curious-mems-vulnerabilities\/10676\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/curious-mems-vulnerabilities\/26734\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/curious-mems-vulnerabilities\/24881\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/curious-mems-vulnerabilities\/20878\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/curious-mems-vulnerabilities\/25717\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/curious-mems-vulnerabilities\/25549\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/teknoloji\/","name":"teknoloji"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7605","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2049"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=7605"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7605\/revisions"}],"predecessor-version":[{"id":7608,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7605\/revisions\/7608"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/7606"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=7605"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=7605"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=7605"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}