Ozi SMS bụ ụzọ kacha ewu ewu maka nyocha ihe abụọ (2FA). A na-eji ya na ụlọ akụ, eletrọnịkị na obere akpa crypto, igbe ozi na ụdị ọrụ niile; .
Enwere m iwe na ọnọdụ a, n'ihi na usoro a adịghị mma. Ịnyegharị nọmba site na kaadị SIM gaa na nke ọzọ malitere na mmalite nke oge mkpanaka - otu a ka esi eweghachi nọmba ahụ mgbe kaadị SIM efunahụ. "Ndị ọkachamara na-ezu ohi ego dijitalụ" ghọtara na nhọrọ "rewrite SIM kaadị" nwere ike iji mee atụmatụ aghụghọ. A sị ka e kwuwe, onye na-achịkwa kaadị SIM nwere ike ijikwa ụlọ akụ n'ịntanetị nke ndị ọzọ, obere akpa eletrọnịkị, na ọbụna cryptocurrency. Ma ị nwere ike weghara nọmba onye ọzọ site n'inye onye ọrụ telecom aka azụ, na-eji aghụghọ ma ọ bụ akwụkwọ adịgboroja.
Achọpụtala ọtụtụ puku akụkụ nke ịgbanye SIM, dịka a na-akpọ atụmatụ aghụghọ a. Ọnụ ọgụgụ nke ọdachi ahụ na-egosi na n'oge na-adịghị anya ụwa ga-ahapụ 2FA site na SMS. Mana nke a anaghị eme - n'ime ha na-ekwu na ọ bụghị ndị ọrụ na-ahọrọ usoro 2FA, kama ọ bụ ndị nwe ọrụ.
Anyị na-atụ aro iji usoro 2FA echekwara na nnyefe nke koodu otu oge site na blockchain, anyị ga-agwa gị otu onye nwe ọrụ nwere ike isi jikọọ ya.
Ọnụ ọgụgụ ahụ na-abanye n'ime nde mmadụ
N'afọ 2019, ndị uwe ojii London siri kwuo, aghụghọ swap SIM mụbara site na 63%, yana “nkezi ụgwọ” nke onye mwakpo bụ 4,000 GBP. Ahụbeghị m ọnụ ọgụgụ ọ bụla na Russia, ma echere m na ha ka njọ.
A na-eji swapping SIM na-ezu ohi Twitter, Instagram, Facebook, akaụntụ VK, akaụntụ akụ, na nso nso a ọbụna cryptocurrencies - dị ka Bitcoin entrepreneur Joby Weeks si kwuo. Ọnụ ọgụgụ dị elu nke izu ohi cryptocurrency na-eji SIM swapping na-apụta na akwụkwọ akụkọ kemgbe 2016; 2019 hụrụ ezigbo ọnụ ọgụgụ.
N’ọnwa Mee, ọfịs onye ọka iwu US maka Eastern District nke Michigan Ndị na-eto eto itoolu nọ n'agbata afọ 19 na 26: ekwenyere na ha so n'òtù hacker a na-akpọ "Ogbe". A na-ebo ndị otu ahụ ebubo na mwakpo mgbanwe asaa, n'ihi nke ndị hackers zuru cryptocurrency nke ruru ihe karịrị nde $2,4. Na n'April, nwa akwụkwọ California Joel Ortiz nwetara afọ 10 n'ụlọ mkpọrọ maka ịgbanye SIM; mmepụta ya bụ $7.5 nde na cryptocurrencies.
Foto nke Joel Ortiz na nnọkọ mgbasa ozi mahadum. Afọ abụọ ka e mesịrị, a ga-ejide ya maka aghụghọ cyber.
Otu mgbanwe SIM si arụ ọrụ
"Swaping" pụtara mgbanwe. N'atụmatụ niile dị otú ahụ, ndị omempụ na-eweghara nọmba ekwentị onye ahụ, na-abụkarị site n'iweghachi kaadị SIM, ma jiri ya megharịa paswọọdụ. Ụdị mgbanwe SIM na tiori dị ka nke a:
- Ọrụ ọgụgụ isi. Ndị wayo na-achọpụta ozi nkeonwe nke onye ahụ: aha na nọmba ekwentị. Enwere ike ịchọta ha na ebe mepere emepe (netwọọdụ mmekọrịta, ndị enyi) ma ọ bụ nweta n'aka onye so ya - onye ọrụ nke onye na-ahụ maka ekwentị.
- Mgbochi. Akwụsịla SIM kaadị onye ihe tara ahụhụ; Iji mee nke a, naanị kpọọ nkwado teknụzụ nke onye na-eweta, nye nọmba ma kwuo na ekwentị efuola.
- Weghara, nyefee nọmba na kaadị SIM gị. A na-emekarị nke a site n'aka onye na-eso ya na ụlọ ọrụ telecom ma ọ bụ site na ụgha nke akwụkwọ.
N'ezie, ihe na-akawanye njọ. Ndị na-awakpo ahụ na-ahọrọ onye a tara ahụhụ wee soro ọnọdụ ekwentị dị kwa ụbọchị - otu arịrịọ iji nweta ozi na onye debanyere aha gbanwere gaa na-akwụ ụgwọ 1-2 cents. Ozugbo onye nwe kaadị SIM gara mba ọzọ, ha na onye njikwa n'ụlọ ahịa nkwurịta okwu na-ekwurịta ka ịnye kaadị SIM ọhụrụ. Ọ na-efu ihe dị ka $ 50 (Ahụrụ m ozi - na mba dị iche iche na ndị ọrụ dị iche iche sitere na $ 20 ruo $ 100), na n'ọnọdụ kachasị njọ, a ga-achụpụ onye njikwa - ọ nweghị ọrụ maka nke a.
Ugbu a, SMS niile ga-enweta ndị na-awakpo, na onye nwe ekwentị agaghị enwe ike ime ihe ọ bụla gbasara ya - ọ nọ ná mba ọzọ. Na mgbe ahụ, ndị ọjọọ na-enweta ohere ịnweta akaụntụ onye ọ bụla metụtara wee gbanwee okwuntughe ma ọ bụrụ na achọrọ ya.
Ohere nke iweghachi ihe onwunwe zuru
Ụlọ akụ mgbe ụfọdụ na-anabata ndị ihe metụtara ọkara ma na-ewepụ mbufe na akaụntụ ha. Ya mere, ọ ga-ekwe omume iweghachi ego fiat ọ bụrụgodị na achọtaghị onye omempụ ahụ. Ma na cryptocurrency wallets ihe niile bụ ihe mgbagwoju anya - na teknụzụ, na n'usoro iwu. Ka ọ dị ugbu a, ọ nweghị otu mgbanwe/obere akpa akwụgoro ụgwọ maka ndị gbanwere agbanwe.
Ọ bụrụ na ndị a metụtara chọrọ ịgbachitere ego ha n'ụlọ ikpe, ha na-ata onye ọrụ ahụ ụta: o kere ọnọdụ maka izu ohi ego site na akaụntụ ahụ. Nke ahụ bụ kpọmkwem ihe m mere , onye funahụrụ $224 nde n'ihi mgbanwe ọ na-agba ụlọ ọrụ mgbasa ozi AT&T ikpe.
Ka ọ dị ugbu a, ọ nweghị steeti nwere atụmatụ ọrụ iji chebe ndị nwe cryptocurrency n'ụzọ iwu. Ọ gaghị ekwe omume ịkwado isi obodo gị ma ọ bụ nweta ụgwọ maka mfu ya. Ya mere, igbochi mbuso agha swap dị mfe karịa ịnagide nsonaazụ ya. Ụzọ kacha pụta ìhè bụ iji "ihe nke abụọ" a pụrụ ịdabere na ya maka 2FA.
Ịgbanwe SIM abụghị naanị nsogbu na 2FA site na SMS
Koodu nkwenye na SMS adịghịkwa mma site na echiche teknụzụ. Enwere ike igbochi ozi n'ihi adịghị ike emechiri emechi na Sistemụ Mgbaama 7 (SS7). A na-amata 2FA karịrị SMS dị ka enweghị nchebe (United States Institute of Standards and Technology na-ekwu nke a na ya ).
N'otu oge ahụ, ọnụnọ nke 2FA na-enyekarị onye ọrụ echiche nke nchekwa ụgha, ọ na-ahọrọkwa paswọọdụ dị mfe. Ya mere, nkwenye dị otú ahụ adịghị eme ka ọ sie ike, mana ọ na-eme ka ọ dịrị onye na-awakpo mfe ịnweta akaụntụ ahụ.
Na mgbe SMS na-abịa na ogologo oge ma ọ bụ na-abịaghị ma ọlị.
Ụzọ 2FA ndị ọzọ
N'ezie, ọkụ anaghị ejikọta na smartphones na SMS. Enwere ụzọ ndị ọzọ nke 2FA. Dịka ọmụmaatụ, koodu TAN otu oge: usoro oge ochie, mana ọ na-arụ ọrụ - a ka na-eji ya na ụfọdụ ụlọ akụ. Enwere sistemu na-eji data biometric: akara mkpisiaka, nyocha anya. Nhọrọ ọzọ nke dị ka nkwekọrịta ezi uche dị na ya na ịdị mma, ntụkwasị obi na ọnụahịa bụ ngwa pụrụ iche maka 2FA: RSA Token, Google Authenticator. Enwekwara igodo anụ ahụ na ụzọ ndị ọzọ.
Na tiori, ihe niile na-ele anya ezi uche na ntụkwasị obi. Ma na omume, ngwọta 2FA nke oge a nwere nsogbu, na n'ihi ha, eziokwu dị iche na atụmanya.
Dị ka , iji 2FA bụ ihe na-adịghị mma na ụkpụrụ, na-akọwa ewu ewu nke 2FA site na SMS site na "obere ihe adịghị mma ma e jiri ya tụnyere ụzọ ndị ọzọ" - ịnweta koodu otu oge bụ ihe kwere nghọta maka onye ọrụ.
Ndị ọrụ na-ejikọta ọtụtụ ụzọ 2FA na egwu na ohere ga-efunahụ ya. Enwere ike tufuo ma ọ bụ zuo igodo anụ ahụ ma ọ bụ ndepụta okwuntughe TAN. Mụ onwe m enweela ahụmihe ọjọọ na Google Authenticator. Ekwentị mbụ m nwere ngwa a mebiri - nwee ekele maka mbọ m mere n'iweghachite ohere na akaụntụ m. Nsogbu ọzọ bụ ịgbanwee gaa na ngwaọrụ ọhụrụ. Google Authenticator enweghị nhọrọ mbupu n'ihi ihe nchekwa (ọ bụrụ na enwere ike ibupụ igodo, kedu ihe nchekwa dị?). Ozugbo m jiri aka na-ebu igodo ahụ, mgbe ahụ, ekpebiri m na ọ dị mfe ịhapụ smartphone ochie na igbe na shelf.
Usoro 2FA kwesịrị ịbụ:
- Nchekwa - naanị gị na ọ bụghị ndị na-awakpo kwesịrị ịnweta akaụntụ gị
- Kwesịrị ntụkwasị obi - ị ga-enweta akaụntụ gị mgbe ọ bụla ịchọrọ ya
- Ọ dị mma na ịnweta - iji 2FA doro anya ma na-ewe obere oge
- Dị ọnụ ala
Anyị kwenyere na blockchain bụ ngwọta ziri ezi.
Jiri 2FA na blockchain
Maka onye ọrụ, 2FA na blockchain bụ otu ihe ahụ dị ka ịnweta koodu otu oge site na SMS. Naanị ihe dị iche bụ ọwa nnyefe. Ụzọ esi enweta koodu 2FA dabere na onyinye blockchain. N'ọrụ anyị (ozi dị na profaịlụ m), nke a gụnyere ngwa weebụ, Tor, na iOS. Android, Linux, Windows, MacOS.
Ọrụ ahụ na-ewepụta koodu otu oge wee ziga ya na onye ozi na blockchain. Wee soro oge ochie: onye ọrụ na-abanye koodu enwetara na interface ọrụ wee banye.
Ke ibuotikọ M dere na blockchain na-ahụ maka nchekwa na nzuzo nke nnyefe ozi. N'okwu nke izipu koodu 2FA, m ga-eme ka ọ pụta ìhè:
- Otu ọpịpị iji mepụta akaụntụ - enweghị ekwentị ma ọ bụ ozi-e.
- Ozi niile nwere koodu 2FA ezoro ezoro ezoro ezoro akụkụ ngwụcha ruo ngwụcha25519xsalsa20poly1305.
- Ewepula mbuso agha MITM - ozi ọ bụla nwere koodu 2FA bụ azụmahịa na blockchain ma Ed25519 EdDSA bịanyere aka na ya.
- Ozi nwere koodu 2FA na-ejedebe na ngọngọ nke ya. Enweghị ike idozi usoro na akara oge nke ngọngọ, ya mere usoro ozi.
- Enweghị usoro etiti nke na-enyocha "ezigbo" nke ozi. A na-eme nke a site na usoro ọnụ ụzọ ekesa nke dabere na nkwenye, ma ndị ọrụ nwe ya.
- Enweghị ike gbanyụọ - enweghị ike igbochi akaụntụ yana enweghị ike ihichapụ ozi.
- Nweta koodu 2FA site na ngwaọrụ ọ bụla n'oge ọ bụla.
- Nkwenye nke nnyefe ozi na koodu 2FA. Ọrụ na-eziga okwuntughe otu oge mara n'ezie na ewebatala ya. Enweghị bọtịnụ "Zipu ọzọ"
Iji tụnyere ụfọdụ ụzọ 2FA ndị ọzọ, emere m tebụl:
Onye ọrụ na-enweta akaụntụ n'ime blockchain messenger iji nata koodu n'ime sekọnd - naanị passphrase ka a na-eji abanye. Ya mere, usoro nke ngwa nwere ike ịdị iche: ị nwere ike iji otu akaụntụ ịnata koodu maka ọrụ niile, ma ọ bụ ị nwere ike ịmepụta akaụntụ dị iche maka ọrụ ọ bụla.
Enwekwara nsogbu - akaụntụ ahụ ga-enwerịrị opekata mpe otu azụmahịa. Ka onye ọrụ wee nweta ozi ezoro ezo na koodu, ịkwesịrị ịma igodo ọha ya, ọ na-apụta na blockchain naanị na azụmahịa mbụ. Nke a bụ otu anyị siri nwee ike isi na ya pụta: anyị nyere ha ohere ịnweta akara ngosi n'efu na obere akpa ha. Agbanyeghị, azịza kachasị mma bụ ịkpọ akaụntụ ahụ igodo ọha. (Maka ntụnyere, anyị nwere nọmba akaụntụ U1467838112172792705 bụ ihe ewepụtara nke igodo ọha cc1ca549413b942029c4742a6e6ed69767c325f8d989f7e4b71ad82a164c2ada. Maka onye ozi nke a dabara adaba ma nwee ike ịgụ ya, mana maka sistemụ izipu koodu 2FA ọ bụ oke). Echere m na n'ọdịnihu mmadụ ga-eme mkpebi dị otú ahụ ma kwaga "mma na ịnweta" gaa na mpaghara akwụkwọ ndụ akwụkwọ ndụ.
Ọnụ ego izipu koodu 2FA dị obere - 0.001 ADM, ugbu a ọ bụ 0.00001 USD. Ọzọ, ị nwere ike bulie blockchain gị wee mee ka ọnụahịa efu efu.
Otu esi jikọọ 2FA na blockchain na ọrụ gị
Enwere m olileanya na m nwere ike ịmasị ndị na-agụ akwụkwọ ole na ole ịgbakwunye ikike blockchain na ọrụ ha.
M ga-agwa gị otu esi eme nke a site na iji onye ozi anyị dịka ọmụmaatụ, site na ntụnyere ị nwere ike iji blockchain ọzọ. N'ime ngwa ngosi 2FA anyị na-eji postgresql10 iji chekwaa ozi akaụntụ.
Njikọ njikọ:
- Mepụta akaụntụ na blockchain nke ị ga-eziga koodu 2FA. Ị ga-enweta passphrase, nke a na-eji dị ka igodo nzuzo iji zoo ozi na koodu yana ịbanye azụmahịa.
- Tinye edemede na nkesa gị ka ịmepụta koodu 2FA. Ọ bụrụ na ị na-eji usoro 2FA ọ bụla ọzọ nwere nnyefe okwuntughe otu oge, ịmechaala nzọụkwụ a.
- Tinye ederede na ihe nkesa gị iji zipu koodu nye onye ọrụ na onye ozi blockchain.
- Mepụta interface onye ọrụ maka izipu na itinye koodu 2FA. Ọ bụrụ na ị na-eji usoro 2FA ọ bụla ọzọ nwere nnyefe okwuntughe otu oge, ịmechaala nzọụkwụ a.
1 Ịmepụta akaụntụ
Ịmepụta akaụntụ na blockchain pụtara ịmepụta igodo nzuzo, igodo ọha na adreesị akaụntụ ewepụtara.
Nke mbụ, a na-emepụta okwuntughe BIP39, yana SHA-256 hash si na ya gbakọọ. A na-eji hash ewepụta igodo nzuzo ks na igodo ọha kp. Site na igodo ọha, na-eji otu SHA-256 na ntụgharị, anyị na-enweta adreesị na blockchain.
Ọ bụrụ na ịchọrọ izipu koodu 2FA oge ọ bụla site na akaụntụ ọhụrụ, koodu imepụta akaụntụ ga-achọ ịgbakwunye na sava ahụ:
import Mnemonic from 'bitcore-mnemonic'
this.passphrase = new Mnemonic(Mnemonic.Words.ENGLISH).toString()
…
import * as bip39 from 'bip39'
import crypto from 'crypto'
adamant.createPassphraseHash = function (passphrase) {
const seedHex = bip39.mnemonicToSeedSync(passphrase).toString('hex')
return crypto.createHash('sha256').update(seedHex, 'hex').digest()
}
…
import sodium from 'sodium-browserify-tweetnacl'
adamant.makeKeypair = function (hash) {
var keypair = sodium.crypto_sign_seed_keypair(hash)
return {
publicKey: keypair.publicKey,
privateKey: keypair.secretKey
}
}
…
import crypto from 'crypto'
adamant.getAddressFromPublicKey = function (publicKey) {
const publicKeyHash = crypto.createHash('sha256').update(publicKey, 'hex').digest()
const temp = Buffer.alloc(8)
for (var i = 0; i < 8; i++) {
temp[i] = publicKeyHash[7 - i]
}
return 'U' + bignum.fromBuffer(temp).toString()
}N'ime ngwa ngosi, anyị mere ka ọ dị mfe - anyị mepụtara otu akaụntụ na ngwa weebụ, wee zipụ koodu na ya. N'ọtụtụ ọnọdụ, nke a dịkwa mma maka onye ọrụ: ọ maara na ọrụ ahụ na-eziga koodu 2FA site na otu akaụntụ ma nwee ike ịkpọ ya.
2 Na-emepụta koodu 2FA
Ekwesịrị iwepụta koodu 2FA maka nbanye onye ọrụ ọ bụla. Anyị na-eji ụlọ akwụkwọ , ma ị nwere ike họrọ nke ọ bụla ọzọ.
const hotp = speakeasy.hotp({
counter,
secret: account.seSecretAscii,
});
Na-enyocha izi ezi nke koodu 2FA nke onye ọrụ tinyere:
se2faVerified = speakeasy.hotp.verify({
counter: this.seCounter,
secret: this.seSecretAscii,
token: hotp,
});
3 Na-eziga koodu 2FA
Iji nyefee koodu 2FA, ị nwere ike iji API node blockchain, ọba akwụkwọ JS API, ma ọ bụ ihe njikwa. Na ihe atụ a, anyị na-eji console - nke a bụ Command Line Interface, ngwa na-eme ka mmekọrịta dị mfe na blockchain. Iji zipu ozi nwere koodu 2FA, ịkwesịrị iji iwu ahụ send message nkasi obi.
const util = require('util');
const exec = util.promisify(require('child_process').exec);
…
const command = `adm send message ${adamantAddress} "2FA code: ${hotp}"`;
let { error, stdout, stderr } = await exec(command);
Ụzọ ọzọ iji zipu ozi bụ iji usoro ahụ send n'ọbá akwụkwọ JS API.
4 interface onye ọrụ
Ekwesịrị inye onye ọrụ ohere ịbanye koodu 2FA, enwere ike ime nke a n'ụzọ dị iche iche dabere na ikpo okwu ngwa gị. N'ihe atụ anyị, nke a bụ Vue.
Enwere ike ịlele koodu isi mmalite maka ngwa ngosi ngosi ihe abụọ blockchain na . Enwere njikọ na Readme gaa na ngosi Live iji nwalee ya.
isi: www.habr.com
