A ƙarshen 2019, 'yan kasuwa da yawa na Rasha sun tuntuɓi sashen binciken laifuffukan yanar gizo na Group-IB waɗanda ke fuskantar matsalar samun izini ba tare da izini ba daga waɗanda ba a san su ba zuwa wasiƙunsu a cikin saƙon Telegram. Abubuwan da suka faru sun faru a kan na'urorin iOS da Android, ko da wane ma'aikacin wayar salula na tarayya wanda abin ya shafa abokin ciniki ne.
Harin ya fara ne tare da mai amfani yana karɓar saƙo a cikin manzo na Telegram daga tashar sabis na Telegram (wannan ita ce tashar hukuma ta manzo tare da alamar tabbatarwa ta shuɗi) tare da lambar tabbatarwa wanda mai amfani bai nema ba. Bayan haka, an aika SMS tare da lambar kunnawa zuwa wayar wanda aka azabtar - kuma kusan nan da nan an karɓi sanarwa a tashar sabis na Telegram cewa an shigar da asusun daga sabuwar na'ura.
A duk yanayin da kungiyar-IB ta sani, maharan sun shiga cikin asusun wani ta hanyar Intanet ta wayar hannu (watakila ta amfani da katunan SIM mai yuwuwa), kuma adireshin IP na maharan a mafi yawan lokuta yana cikin Samara.
Samun shiga akan buƙata
Wani bincike da Cibiyar Nazarin Kwamfuta ta Group-IB, inda aka tura na'urorin lantarki na wadanda abin ya shafa, ya nuna cewa na'urorin ba su dauke da kayan leken asiri ko Trojan na banki ba, ba a kutse a asusun ba, kuma ba a sauya katin SIM ba. A kowane hali, maharan sun sami damar shiga manzon wanda aka azabtar ta amfani da lambobin SMS da aka karɓa lokacin shiga cikin asusun daga wata sabuwar na'ura.
Wannan hanya ita ce kamar haka: lokacin kunna manzo akan sabuwar na'ura, Telegram yana aika lamba ta hanyar tashar sabis zuwa duk na'urorin masu amfani, sannan (bisa buƙatar) ana aika saƙon SMS zuwa wayar. Sanin wannan, maharan da kansu sun fara buƙatar manzo don aika SMS tare da lambar kunnawa, tsaga wannan SMS kuma amfani da lambar da aka karɓa don shiga cikin nasara cikin manzo.
Don haka, maharan suna samun damar shiga ba bisa ka'ida ba ga duk hirarrakin yau da kullun, sai dai na sirri, da kuma tarihin wasiƙu a cikin waɗannan taɗi, gami da fayiloli da hotuna da aka aika musu. Bayan gano wannan, halaltaccen mai amfani da Telegram zai iya dakatar da zaman maharin da karfi. Godiya ga tsarin kariya da aka aiwatar, akasin haka ba zai iya faruwa ba; mai hari ba zai iya ƙare tsofaffin zaman na ainihin mai amfani cikin sa'o'i 24 ba. Don haka, yana da mahimmanci a gano zaman waje a cikin lokaci kuma a ƙare shi don kada a rasa damar shiga asusunku. Kwararrun ƙungiyar-IB sun aika da sanarwa ga ƙungiyar Telegram game da binciken su na halin da ake ciki.
Ana ci gaba da nazarin abubuwan da suka faru, kuma a halin yanzu ba a tabbatar da ainihin abin da aka yi amfani da shi ba don keɓance abubuwan SMS. A lokuta daban-daban, masu bincike sun ba da misalan satar SMS ta amfani da hare-hare kan ka'idojin SS7 ko Diamita da ake amfani da su a cikin hanyoyin sadarwar wayar hannu. A ka'ida, ana iya aiwatar da irin waɗannan hare-hare tare da haramtacciyar amfani da hanyoyin fasaha na musamman ko bayanan ciki daga ma'aikatan salula. Musamman, akan dandalin hacker akan Darknet akwai sabbin tallace-tallace tare da tayin hacking na manzanni daban-daban, gami da Telegram.
"Masana a kasashe daban-daban, ciki har da Rasha, sun sha bayyana cewa za a iya yin kutse ta hanyar sadarwar zamantakewa, banki ta hannu da kuma saƙon gaggawa ta hanyar amfani da rauni a cikin ka'idar SS7, amma waɗannan su ne keɓaɓɓen lokuta na harin da aka yi niyya ko bincike na gwaji," comments Sergey Lupanin , shugaban. na sashen binciken laifuffukan yanar gizo a Group-IB, “A cikin jerin sabbin abubuwan da suka faru, wadanda tuni aka samu sama da 10, sha’awar maharan na sanya wannan hanyar samun kudi a rafi a bayyane yake. Don hana faruwar hakan, ya zama dole a haɓaka matakin tsabtace ku na dijital: aƙalla, yi amfani da ingantaccen abu biyu a duk inda zai yiwu, kuma ƙara wani abu na biyu na wajibi a SMS, wanda aka haɗa da aiki a cikin Telegram iri ɗaya. ”
Yadda za a kare kanka?
1. Telegram ya riga ya aiwatar da duk hanyoyin da ake buƙata na tsaro ta yanar gizo wanda zai rage ƙoƙarin maharan zuwa komai.
2. A kan iOS da Android na'urorin don Telegram, kana bukatar ka je zuwa Telegram settings, zaži "Privacy" tab kuma sanya "Cloud kalmar sirriTwo mataki tabbaci" ko "Biyu mataki tabbaci". An ba da cikakken bayanin yadda ake kunna wannan zaɓi a cikin umarnin kan gidan yanar gizon hukuma na manzo: (https://telegram.org/blog/sessions-and-2-step-verification)
3. Yana da mahimmanci kada a saita adireshin imel don dawo da wannan kalmar sirri, tun da yake, a matsayin mai mulkin, dawo da kalmar sirri ta imel yana faruwa ta hanyar SMS. Hakazalika, zaku iya ƙara tsaro na asusunku na WhatsApp.
source: www.habr.com