{"id":476070,"date":"2023-08-09T07:25:33","date_gmt":"2023-08-09T07:25:33","guid":{"rendered":""},"modified":"2023-09-05T11:11:58","modified_gmt":"2023-09-05T11:11:58","slug":"blueborne","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/tr\/wiki\/blueborne\/","title":{"rendered":"BlueBorne"},"content":{"rendered":"

BlueBorne, Bluetooth cihazlar\u0131n\u0131 etkileyen ve potansiyel olarak milyarlarca kablosuz ve internet \u00f6zellikli cihaz\u0131 riske sokan bir g\u00fcvenlik a\u00e7\u0131klar\u0131 koleksiyonudur. Bu sald\u0131r\u0131 vekt\u00f6r\u00fc, sald\u0131rgan\u0131n cihaz\u0131yla e\u015fle\u015ftirilmesine veya hedef cihaz\u0131n ke\u015ffedilebilir moda ayarlanmas\u0131na gerek kalmadan cihazlara bula\u015fabilece\u011finden, kullan\u0131c\u0131lar\u0131n ve sistemlerin g\u00fcvenli\u011fi ve gizlili\u011fi i\u00e7in \u00f6nemli bir tehdit olu\u015fturmaktad\u0131r.<\/p>\n

BlueBorne'un Ortaya \u00c7\u0131k\u0131\u015f\u0131 ve \u0130lk S\u00f6z\u00fc<\/h2>\n

BlueBorne'un varl\u0131\u011f\u0131 ilk olarak Eyl\u00fcl 2017'de bir siber g\u00fcvenlik firmas\u0131 olan Armis Labs taraf\u0131ndan a\u00e7\u0131kland\u0131. Bluetooth ba\u011flant\u0131s\u0131n\u0131 etkileyen g\u00fcvenlik a\u00e7\u0131klar\u0131, Bluetooth teknolojisinin rutin analizi s\u0131ras\u0131nda ke\u015ffedildi ve d\u00f6rd\u00fc kritik olarak s\u0131n\u0131fland\u0131r\u0131lan sekiz s\u0131f\u0131r g\u00fcn g\u00fcvenlik a\u00e7\u0131\u011f\u0131 ortaya \u00e7\u0131kt\u0131.<\/p>\n

BlueBorne, benzeri g\u00f6r\u00fclmemi\u015f sald\u0131r\u0131 y\u00f6ntemi nedeniyle \u00e7\u0131\u011f\u0131r a\u00e7\u0131c\u0131 olarak kabul edildi. Her yerde kullan\u0131lmas\u0131na ra\u011fmen s\u0131kl\u0131kla g\u00f6zden ka\u00e7\u0131r\u0131lan bir protokol olan Bluetooth'u hedef ald\u0131 ve yerle\u015fik ve yayg\u0131n teknolojilerin bile \u00f6nemli g\u00fcvenlik a\u00e7\u0131klar\u0131 bar\u0131nd\u0131rabilece\u011fini g\u00f6sterdi.<\/p>\n

BlueBorne'un Detayland\u0131r\u0131lmas\u0131: Derin Bir \u0130nceleme<\/h2>\n

BlueBorne tek bir istismar de\u011fil, bir g\u00fcvenlik a\u00e7\u0131klar\u0131 paketidir. Bu g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131n k\u00f6keni Android, iOS, Windows ve Linux dahil olmak \u00fczere \u00e7e\u015fitli i\u015fletim sistemleri taraf\u0131ndan kullan\u0131lan Bluetooth protokollerinden kaynaklanmaktad\u0131r. Ak\u0131ll\u0131 telefonlar, diz\u00fcst\u00fc bilgisayarlar, ak\u0131ll\u0131 TV'ler ve IoT cihazlar\u0131 dahil milyarlarca cihaz\u0131 etkiliyorlar. BlueBorne asl\u0131nda bir cihaza s\u0131zmak ve onu kontrol alt\u0131na almak i\u00e7in ba\u011f\u0131ms\u0131z olarak veya birlikte kullan\u0131labilecek bir dizi sald\u0131r\u0131d\u0131r.<\/p>\n

BlueBorne ile ili\u015fkili birincil risk fakt\u00f6r\u00fc, yay\u0131lmas\u0131 i\u00e7in herhangi bir kullan\u0131c\u0131 etkile\u015fimi gerektirmemesidir. Hedeflenen cihaz\u0131n bir ba\u011flant\u0131 iste\u011fini kabul etmesine veya k\u00f6t\u00fc ama\u00e7l\u0131 bir ba\u011flant\u0131ya t\u0131klamas\u0131na gerek kalmadan savunmalara n\u00fcfuz edebilir. Yaln\u0131zca Bluetooth'un hedef cihazda etkinle\u015ftirilmesini gerektirir ve kapsama alan\u0131 i\u00e7indeki di\u011fer cihazlara yay\u0131larak h\u0131zl\u0131 bir art\u0131\u015fa ve geni\u015f \u00e7apl\u0131 hasar potansiyeline yol a\u00e7abilir.<\/p>\n

\u0130\u00e7 Yap\u0131: BlueBorne Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/h2>\n

BlueBorne, \u00e7e\u015fitli i\u015fletim sistemlerindeki Bluetooth uygulamalar\u0131ndaki g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanarak \u00e7al\u0131\u015f\u0131r. Sald\u0131r\u0131, sald\u0131rgan\u0131n aktif Bluetooth ba\u011flant\u0131s\u0131 olan cihazlar\u0131 taramas\u0131yla ba\u015flar. Sald\u0131rgan, tespit edildikten sonra bu g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanarak k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m enjekte etmekten cihaz\u0131n tam kontrol\u00fcn\u00fc ele ge\u00e7irmeye kadar \u00e7e\u015fitli k\u00f6t\u00fc ama\u00e7l\u0131 faaliyetler ger\u00e7ekle\u015ftirir.<\/p>\n

Sald\u0131r\u0131n\u0131n ilk a\u015famas\u0131, Bluetooth \u00f6zellikli cihazlar\u0131n tan\u0131mlanmas\u0131n\u0131 ve kulland\u0131klar\u0131 i\u015fletim sisteminin belirlenmesini i\u00e7eriyor. Bu belirlendikten sonra sald\u0131rgan, cihaza s\u0131zmak i\u00e7in BlueBorne g\u00fcvenlik a\u00e7\u0131klar\u0131 paketinden uygun istismar\u0131 se\u00e7ebilir.<\/p>\n

Sald\u0131rgan daha sonra a\u011f trafi\u011fini ele ge\u00e7irmek, k\u00f6t\u00fc ama\u00e7l\u0131 uygulamalar y\u00fcklemek, hassas verileri \u00e7almak veya cihaz\u0131n t\u00fcm kontrol\u00fcn\u00fc ele ge\u00e7irmek gibi eylemler ger\u00e7ekle\u015ftirebilir. Bu, herhangi bir fark edilebilir belirti olmadan m\u00fcmk\u00fcn olup, sald\u0131r\u0131n\u0131n fark edilmeden ge\u00e7mesine olanak tan\u0131r.<\/p>\n

BlueBorne'un Temel \u00d6zellikleri<\/h2>\n
    \n
  1. Tespit edilemiyor<\/strong>: BlueBorne, kullan\u0131c\u0131 etkile\u015fimi olmadan yay\u0131l\u0131r, bu da fark edilmesini veya \u00f6nlenmesini zorla\u015ft\u0131r\u0131r. Cihaz\u0131n e\u015fle\u015ftirilmesine veya ke\u015ffedilebilir moda ayarlanmas\u0131na gerek yoktur.<\/li>\n
  2. Her \u015feye g\u00fcc\u00fc yeten<\/strong>: Sald\u0131rgan cihaz\u0131n t\u00fcm kontrol\u00fcn\u00fc ele ge\u00e7irebilir, verileri \u00e7alabilir veya cihaz\u0131 ba\u015fka k\u00f6t\u00fc ama\u00e7larla manip\u00fcle edebilir.<\/li>\n
  3. Atik<\/strong>: Menzilindeki di\u011fer Bluetooth \u00f6zellikli cihazlara h\u0131zla yay\u0131labilir.<\/li>\n
  4. Evrensel<\/strong>: \u00c7e\u015fitli i\u015fletim sistemlerindeki \u00e7ok \u00e7e\u015fitli cihazlar\u0131 etkiler.<\/li>\n<\/ol>\n

    BlueBorne G\u00fcvenlik A\u00e7\u0131klar\u0131n\u0131n S\u0131n\u0131fland\u0131r\u0131lmas\u0131<\/h2>\n

    BlueBorne'u olu\u015fturan sekiz g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n bir d\u00f6k\u00fcm\u00fc:<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
    G\u00fcvenlik A\u00e7\u0131\u011f\u0131 Ad\u0131<\/th>\ni\u015fletim sistemi<\/th>\nDarbe<\/th>\n<\/tr>\n<\/thead>\n
    CVE-2017-1000251<\/td>\nLinux<\/td>\nUzaktan kod y\u00fcr\u00fctme<\/td>\n<\/tr>\n
    CVE-2017-1000250<\/td>\nLinux<\/td>\nBilgi s\u0131z\u0131nt\u0131s\u0131<\/td>\n<\/tr>\n
    CVE-2017-0785<\/td>\nAndroid<\/td>\nBilgi s\u0131z\u0131nt\u0131s\u0131<\/td>\n<\/tr>\n
    CVE-2017-0781<\/td>\nAndroid<\/td>\nUzaktan kod y\u00fcr\u00fctme<\/td>\n<\/tr>\n
    CVE-2017-0782<\/td>\nAndroid<\/td>\nUzaktan kod y\u00fcr\u00fctme<\/td>\n<\/tr>\n
    CVE-2017-0783<\/td>\nAndroid<\/td>\nMitM sald\u0131r\u0131s\u0131<\/td>\n<\/tr>\n
    CVE-2017-8628<\/td>\npencereler<\/td>\nMitM sald\u0131r\u0131s\u0131<\/td>\n<\/tr>\n
    CVE-2017-14315<\/td>\niOS<\/td>\nUzaktan kod y\u00fcr\u00fctme<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

    BlueBorne'u Kullanma: Sorunlar ve \u00c7\u00f6z\u00fcmler<\/h2>\n

    BlueBorne'un ke\u015ffi, Bluetooth teknolojisiyle ilgili \u00f6nemli g\u00fcvenlik sorunlar\u0131n\u0131 ortaya \u00e7\u0131kard\u0131 ve b\u00fcy\u00fck teknoloji \u015firketlerinin h\u0131zla harekete ge\u00e7mesini sa\u011flad\u0131. Bu \u015firketlerin acil \u00e7\u00f6z\u00fcm, bu g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 gideren yamalar yay\u0131nlamas\u0131yd\u0131.<\/p>\n

    Kullan\u0131c\u0131 a\u00e7\u0131s\u0131ndan bak\u0131ld\u0131\u011f\u0131nda BlueBorne ile ili\u015fkili riskleri azaltmak i\u00e7in a\u015fa\u011f\u0131daki ad\u0131mlar at\u0131labilir:<\/p>\n