{"id":9137,"date":"2020-12-23T15:12:09","date_gmt":"2020-12-23T12:12:09","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9137"},"modified":"2020-12-23T15:12:09","modified_gmt":"2020-12-23T12:12:09","slug":"evil-maid-attack","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/evil-maid-attack\/9137\/","title":{"rendered":"K\u00f6t\u00fc hizmet\u00e7i sald\u0131r\u0131lar\u0131 nas\u0131l \u00f6nlenir"},"content":{"rendered":"<p>Hemen hemen var olan en ilkel sald\u0131r\u0131 t\u00fcr\u00fc olan K\u00f6t\u00fc hizmet\u00e7i sald\u0131r\u0131s\u0131, ayn\u0131 zamanda en tats\u0131z sald\u0131r\u0131lardan da biridir. G\u00f6zetimsiz cihazlar\u0131 avlayan \u201ck\u00f6t\u00fc hizmet\u00e7i\u201d, gizli bilgileri \u00e7almaya veya \u015firket a\u011f\u0131na eri\u015fmek i\u00e7in casus yaz\u0131l\u0131mlar ya da uzaktan eri\u015fim ara\u00e7lar\u0131 y\u00fcklemeye \u00e7al\u0131\u015f\u0131r. Bu t\u00fcr davetsiz misafirlerin eylemlerinden nas\u0131l korunaca\u011f\u0131n\u0131z\u0131 a\u015fa\u011f\u0131da a\u00e7\u0131kl\u0131yoruz.<\/p>\n<h2>Klasik bir \u00f6rnek<\/h2>\n<p>Aral\u0131k 2007\u2019de, ABD Ticaret Bakanl\u0131\u011f\u0131\u2019ndan bir heyet, korsanl\u0131\u011fa kar\u015f\u0131 ortak bir strateji \u00fczerinde g\u00f6r\u00fc\u015fmek i\u00e7in Pekin\u2019e gitti. Ancak ABD\u2019ye d\u00f6nd\u00fcklerinde, ticaret bakan\u0131n\u0131n diz\u00fcst\u00fc bilgisayar\u0131nda, kurulumu bilgisayara fiziksel eri\u015fim gerektiren <a href=\"https:\/\/www.nbcnews.com\/id\/wbna24880526\" target=\"_blank\" rel=\"noopener nofollow\">casus yaz\u0131l\u0131mlar bulundu<\/a>. Diz\u00fcst\u00fc bilgisayar\u0131n sahibi, cihaz\u0131 m\u00fczakereler s\u0131ras\u0131nda s\u00fcrekli yan\u0131nda bulundurdu\u011funu ve sadece alt katta yemek yerken otel odas\u0131ndaki kasada b\u0131rakt\u0131\u011f\u0131n\u0131 s\u00f6yledi.<\/p>\n<p>Teoride, profesyonel biri bir cihaz\u0131n g\u00fcvenli\u011fini 3 ila 4 dakika i\u00e7inde ihlal edebilir, ancak bu t\u00fcr olaylar genellikle bilgisayar g\u00f6zetimsiz ve kilidi a\u00e7\u0131k b\u0131rak\u0131ld\u0131\u011f\u0131nda (veya parola korumal\u0131 olmad\u0131\u011f\u0131nda) meydana gelir. \u00d6te yandan, temel g\u00fcvenlik \u00f6nlemleri al\u0131nm\u0131\u015f olsa bile k\u00f6t\u00fc hizmet\u00e7i sald\u0131r\u0131s\u0131n\u0131n ger\u00e7ekle\u015fme olas\u0131l\u0131\u011f\u0131 vard\u0131r.<\/p>\n<h2>Sald\u0131rganlar bilgilere nas\u0131l eri\u015fir?<\/h2>\n<p>Kritik bilgilere ula\u015fman\u0131n bir\u00e7ok yolu vard\u0131r. Bu yollar, bilgisayar\u0131n ya\u015f\u0131na ve bilgisayardaki g\u00fcvenlik yaz\u0131l\u0131m\u0131na g\u00f6re de\u011fi\u015fir. \u00d6rne\u011fin, G\u00fcvenli \u00d6ny\u00fcklemeyi desteklemeyen eski makineler, harici s\u00fcr\u00fcc\u00fclerden \u00f6ny\u00fcklenebilirler; bu nedenle de k\u00f6t\u00fc hizmet\u00e7i sald\u0131r\u0131lar\u0131na kar\u015f\u0131 savunmas\u0131zd\u0131rlar. Modern bilgisayarlarda varsay\u0131lan olarak G\u00fcvenli \u00d6ny\u00fckleme etkinle\u015ftirilmi\u015ftir.<\/p>\n<p>H\u0131zl\u0131 veri al\u0131\u015fveri\u015fini veya cihaz belle\u011fiyle do\u011frudan etkile\u015fimi destekleyen ileti\u015fim ba\u011flant\u0131 noktalar\u0131, ki\u015fisel veya kurumsal s\u0131rlar\u0131 \u00e7almak i\u00e7in kullan\u0131labilir. \u00d6rne\u011fin Thunderbolt, y\u00fcksek veri aktar\u0131m h\u0131z\u0131n\u0131 belle\u011fe do\u011frudan eri\u015fim yoluyla elde eder; bu da k\u00f6t\u00fc hizmet\u00e7i sald\u0131r\u0131lar\u0131na a\u00e7\u0131k kap\u0131 b\u0131rak\u0131r.<\/p>\n<p>Bilgisayar g\u00fcvenli\u011fi uzman\u0131 Bj\u00f6r\u00acn Ruytenberg, ge\u00e7ti\u011fimiz bahar, <a href=\"https:\/\/thunderspy.io\/\" target=\"_blank\" rel=\"noopener nofollow\">Thunderbolt\u2019un etkin oldu\u011fu herhangi bir Windows veya Linux cihaz\u0131n\u0131 hacklemek i\u00e7in buldu\u011fu bir yolu payla\u015ft\u0131<\/a>. Bu yol, cihaz kilitli olsa ve harici ba\u011flant\u0131 noktalar\u0131 \u00fczerinden tan\u0131d\u0131k olmayan cihazlar\u0131n ba\u011flant\u0131lar\u0131 devre d\u0131\u015f\u0131 b\u0131rak\u0131lsa bile i\u015fe yar\u0131yordu. Ruytenberg\u2019in Thunderspy olarak adland\u0131r\u0131lan, cihaza fiziksel eri\u015fim oldu\u011funu varsayan y\u00f6ntemi, kontrol\u00f6r\u00fcn \u00fcr\u00fcn yaz\u0131l\u0131m\u0131n\u0131n yeniden yaz\u0131lmas\u0131na dayal\u0131yd\u0131.<\/p>\n<p>Thunderspy, sald\u0131rgan\u0131n Thunderbolt \u00e7ipini kendi cihaz yaz\u0131l\u0131m\u0131 s\u00fcr\u00fcm\u00fcyle yeniden programlamas\u0131n\u0131 gerektiren bir y\u00f6ntemdi. Yeni \u00fcretici yaz\u0131l\u0131m\u0131, yerle\u015fik korumay\u0131 devre d\u0131\u015f\u0131 b\u0131rak\u0131yordu; b\u00f6ylece sald\u0131rgan, cihaz \u00fczerinde tam kontrol sahibi oluyordu.<\/p>\n<p>Teoride, \u00c7ekirdek Do\u011frudan Bellek Eri\u015fim Korumas\u0131 politikas\u0131, bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131 yamalasa da herkes bu politikay\u0131 kullanm\u0131yor (10\u2019dan \u00f6nceki Windows s\u00fcr\u00fcmlerine sahip olanlar ise istese de kullanam\u0131yor). Bununla birlikte Intel, bu soruna bir \u00e7\u00f6z\u00fcm buldu\u011funu duyurdu: Thunderbolt 4.<\/p>\n<p>Daha iyi tan\u0131d\u0131\u011f\u0131m\u0131z USB de ayn\u0131 zamanda bir sald\u0131r\u0131 kanal\u0131 g\u00f6revi g\u00f6rebiliyor. Bir USB ba\u011flant\u0131 noktas\u0131na tak\u0131lan minyat\u00fcr bir cihaz, kullan\u0131c\u0131 bilgisayar\u0131 a\u00e7t\u0131\u011f\u0131nda aktif hale gelerek BadUSB sald\u0131r\u0131s\u0131n\u0131 ger\u00e7ekle\u015ftiriyor.<\/p>\n<p>Siber su\u00e7lular, \u00f6zellikle pe\u015finde olduklar\u0131 bilgiler de\u011ferliyse cihaz\u0131 \u00e7al\u0131p yerine casus yaz\u0131l\u0131m i\u00e7eren benzer bir cihaz koymak gibi zor ve maliyetli yollar\u0131 bile deneyebiliyorlar. Elbette, cihaz\u0131n de\u011fi\u015ftirildi\u011fi k\u0131sa s\u00fcrede ortaya \u00e7\u0131k\u0131yor, ama ma\u011fdur \u00e7o\u011funlukla durumu anlayana kadar \u015fifresini girmi\u015f oluyor. Neyse ki, dedi\u011fimiz gibi, bu y\u00f6ntem hem zor hem de pahal\u0131.<\/p>\n<h2>Riski nas\u0131l en aza indirebilirsiniz?<\/h2>\n<p>K\u00f6t\u00fc hizmet\u00e7i sald\u0131r\u0131lar\u0131na kar\u015f\u0131 korunman\u0131n en kolay ve en g\u00fcvenilir yolu, cihaz\u0131n\u0131z\u0131 yaln\u0131zca sizin eri\u015febilece\u011finiz bir yerde tutmakt\u0131r. \u00d6rne\u011fin, m\u00fcmk\u00fcnse cihaz\u0131n\u0131z\u0131 otel odas\u0131nda b\u0131rakmay\u0131n. Bununla birlikte, \u00e7al\u0131\u015fanlar\u0131n\u0131z\u0131n i\u015f seyahatlerine \u00e7\u0131kmas\u0131 gerekiyorsa riski azaltmak i\u00e7in atabilece\u011finiz baz\u0131 ad\u0131mlar \u015funlar:<\/p>\n<ul>\n<li>Kritik kurumsal sistemlere veya i\u015f verilerine eri\u015fimi olmayan ge\u00e7ici diz\u00fcst\u00fc bilgisayarlar da\u011f\u0131t\u0131n; ard\u0131ndan sabit s\u00fcr\u00fcc\u00fcy\u00fc bi\u00e7imlendirin ve her yolculuktan sonra i\u015fletim sistemini yeniden y\u00fckleyin;<\/li>\n<li>G\u00f6zetimsiz b\u0131rak\u0131lmas\u0131 gereken i\u015f diz\u00fcst\u00fc bilgisayarlar\u0131n\u0131n kapat\u0131lmas\u0131n\u0131 zorunlu hale getirin;<\/li>\n<li>Ofis binas\u0131ndan \u00e7\u0131kan t\u00fcm bilgisayarlar\u0131n sabit disklerini \u015fifreleyin;<\/li>\n<li>\u015e\u00fcpheli giden trafi\u011fi engelleyen g\u00fcvenlik \u00e7\u00f6z\u00fcmleri kullan\u0131n;<\/li>\n<li>G\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcn\u00fcz\u00fcn BadUSB sald\u0131r\u0131lar\u0131n\u0131 alg\u0131lad\u0131\u011f\u0131ndan emin olun <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky Endpoint Security for Business<\/a> bu sald\u0131r\u0131lar\u0131 tespit eder);<\/li>\n<li>T\u00fcm yaz\u0131l\u0131mlar\u0131, \u00f6zellikle de i\u015fletim sistemini zaman\u0131nda g\u00fcncelleyin;<\/li>\n<li>M\u00fcmk\u00fcn olan t\u00fcm cihazlarda FireWire, Thunderbolt, PCI ve PCI Express ba\u011flant\u0131 noktalar\u0131 arac\u0131l\u0131\u011f\u0131yla cihaz belle\u011fine do\u011frudan eri\u015fimi k\u0131s\u0131tlay\u0131n.<\/li>\n<\/ul>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial-leadgen\">\n","protected":false},"excerpt":{"rendered":"<p>Kurumsal bilgisayar\u0131n\u0131z\u0131 yetkisiz fiziksel eri\u015fimden koruyun.<\/p>\n","protected":false},"author":2411,"featured_media":9138,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2332,2331],"class_list":{"0":"post-9137","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-thunderbolt","10":"tag-yetkisiz-erisim"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/evil-maid-attack\/9137\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/evil-maid-attack\/22173\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/evil-maid-attack\/17650\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/evil-maid-attack\/23811\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/evil-maid-attack\/21895\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/evil-maid-attack\/20706\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/evil-maid-attack\/24360\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/evil-maid-attack\/23552\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/evil-maid-attack\/29588\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/evil-maid-attack\/37901\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/evil-maid-attack\/16092\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/evil-maid-attack\/14257\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/evil-maid-attack\/25897\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/evil-maid-attack\/12347\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/evil-maid-attack\/29732\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/evil-maid-attack\/26468\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/evil-maid-attack\/23135\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/evil-maid-attack\/28470\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/evil-maid-attack\/28286\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/yetkisiz-erisim\/","name":"yetkisiz eri\u015fim"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2411"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9137"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9137\/revisions"}],"predecessor-version":[{"id":9142,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9137\/revisions\/9142"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/9138"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}