{"id":9704,"date":"2021-06-08T13:05:08","date_gmt":"2021-06-08T10:05:08","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9704"},"modified":"2021-06-08T13:05:08","modified_gmt":"2021-06-08T10:05:08","slug":"rsa2021-dangerous-iot","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/rsa2021-dangerous-iot\/9704\/","title":{"rendered":"A\u011fa ba\u011fl\u0131 IoT cihazlar\u0131n\u0131 m\u0131 korumal\u0131 yoksa a\u011f\u0131 IoT cihazlar\u0131ndan m\u0131?"},"content":{"rendered":"

2021 RSA Konferans\u0131<\/a>\u2018nda d\u00fczenlenen Bir IoT Hacker\u0131n\u0131n Zihnine (Into the Mind of an IoT Hacker)<\/a> oturumunda g\u00fcvenlik uzmanlar\u0131 Itzik Feiglevitch ve Justin Sowder, \u00e7e\u015fitli IoT cihazlar\u0131ndaki g\u00fcvenlik a\u00e7\u0131klar\u0131 ve kurumsal siber g\u00fcvenlik a\u00e7\u0131s\u0131ndan ele al\u0131nmas\u0131 gereken \u00f6zel uygulamalar konusuna dikkat \u00e7ektiler. Bununla birlikte g\u00fcn\u00fcm\u00fcz i\u015fletmelerideki IoT g\u00fcvenli\u011fine ili\u015fkin durumu g\u00f6steren birka\u00e7 \u00e7arp\u0131c\u0131 \u00f6rnek sundular.<\/p>\n

Kurumsal IoT donan\u0131mlar\u0131n\u0131 takip eden az say\u0131da siber g\u00fcvenlik uzman\u0131 var. B\u00fcy\u00fck bir \u00e7o\u011funlu\u011fu bu donan\u0131mlar\u0131 takip etmez \u00e7\u00fcnk\u00fc ak\u0131ll\u0131 asans\u00f6rler, her t\u00fcrdeki sens\u00f6rler, IPTV, yaz\u0131c\u0131lar, g\u00fcvenlik kameralar\u0131 ve bunun gibi \u00e7ok geni\u015f bir yelpazede yer alan cihazlar\u0131n her biri kendi i\u015fletim sistemine ve tescilli protokollere sahiptir ve bir\u00e7o\u011funda olup biteni g\u00f6rebilece\u011finiz d\u00fczg\u00fcn bir kontrol aray\u00fcz\u00fc bulunmaz. \u015eirketinizde bu cihazlardan binlercesi olabilir.<\/p>\n

IoT cihazlar\u0131n\u0131n yeni siber g\u00fcvenlik riskleri yaratmas\u0131n\u0131n nedeni<\/h2>\n

IoT cihazlar\u0131 her zaman ilgili altyap\u0131ya ait de\u011fildir; bir a\u011fa ba\u011fl\u0131 bir yaz\u0131c\u0131 normalde bir a\u011f ayg\u0131t\u0131 olarak say\u0131lsa da, ayn\u0131 \u015fey \u201cak\u0131ll\u0131 bina\u201d bile\u015fenleri ve hatta IP telefon sistemleri i\u00e7in ge\u00e7erli de\u011fildir. A\u00e7\u0131k olmak gerekirse, bu t\u00fcr cihazlar kurumsal i\u015f istasyonlar\u0131yla ayn\u0131 a\u011fa ba\u011flanma e\u011filimindedir.<\/p>\n

Personel de\u011fi\u015fikli\u011fi de durumun daha karma\u015f\u0131k hale gelmesine neden olabiliyor. Siber g\u00fcvenlik ve BT personelindeki de\u011fi\u015fim oran\u0131 ne kadar y\u00fcksekse, yeni \u00e7al\u0131\u015fmaya ba\u015flayan bir personelin a\u011fa ba\u011fl\u0131 IoT hayvanat bah\u00e7esi hakk\u0131nda bilgi sahibi olma olas\u0131l\u0131\u011f\u0131 da o kadar d\u00fc\u015f\u00fck olur.<\/p>\n

Belki de bu durumla ilgili ya\u015fanabilecek en k\u00f6t\u00fc senaryo, bu cihazlardan baz\u0131lar\u0131na d\u0131\u015far\u0131dan eri\u015filebilmesidir. Bunu konuda sa\u011flay\u0131c\u0131n\u0131n cihaz \u00fczerinde baz\u0131 kontroller ger\u00e7ekle\u015ftirmesi, evden \u00e7al\u0131\u015fma imkan\u0131, bak\u0131m gibi ge\u00e7erli nedenler olabilir ancak ancak bir yandan kurumsal a\u011fa ba\u011fl\u0131 cihazlar\u0131n olmas\u0131, di\u011fer yandan cihazlar\u0131n s\u00fcrekli internet ba\u011fl\u0131 olmas\u0131 risk do\u011furur.<\/p>\n

Kula\u011fa \u00e7eli\u015fkili gelebilir ancak g\u00fcn\u00fcm\u00fcz elektronik cihazlar\u0131n sa\u011flaml\u0131\u011f\u0131 bir ba\u015fka risk fakt\u00f6r\u00fcd\u00fcr: Baz\u0131 IoT cihazlar\u0131n\u0131n \u00f6mr\u00fc \u00e7ok uzundur ve tasarland\u0131klar\u0131 zamana g\u00f6re \u00e7ok daha karma\u015f\u0131k g\u00fcvenlik ortamlar\u0131nda \u00e7al\u0131\u015f\u0131rlar.<\/p>\n

\u00d6rne\u011fin baz\u0131 cihazlar, art\u0131k g\u00fcncellenmeyen eski, g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan i\u015fletim sistemleri \u00fczerinde \u00e7al\u0131\u015f\u0131rlar ve bu sistemler g\u00fcncellenebilseler bile g\u00fcncellemenin cihaza fiziksel eri\u015fim sa\u011flanarak yap\u0131lmas\u0131 gerekebilir ki bu da zordan imkans\u0131za varan seviyede bir olas\u0131l\u0131kt\u0131r. Baz\u0131 cihazlarda ise de\u011fi\u015ftirilemeyen parolalar, arka kap\u0131 hata ay\u0131klamalar\u0131n\u0131n yanl\u0131\u015fl\u0131kla son s\u00fcr\u00fcmdeki \u00fcr\u00fcn yaz\u0131l\u0131m\u0131nda kalmas\u0131 ve bunun gibi, bir BT g\u00fcvenlik uzman\u0131n\u0131n hayat\u0131na heyecan katacak bir \u00e7ok s\u00fcrpriz vard\u0131r.<\/p>\n

Sald\u0131rganlar\u0131n IoT cihazlar\u0131na ilgi duymalar\u0131n\u0131n nedeni<\/h2>\n

Siber su\u00e7lular, hem ana bilgisayar\u0131n bulundu\u011fu \u015firketlere sald\u0131rmak hem de di\u011fer \u015firketlere y\u00f6nelik sald\u0131r\u0131lar d\u00fczenlemek gibi \u00e7e\u015fitli nedenlerle IoT cihazlar\u0131n\u0131 ilgi \u00e7ekici buluyorlar. G\u00fcvenli\u011fi ihlal edilmi\u015f ak\u0131ll\u0131 cihazlar genellikle \u015fu temel ama\u00e7lar i\u00e7in kullan\u0131l\u0131yor:<\/p>\n