Pakupera kwa2019, mabhizinesi akati wandei ekuRussia vakabatana neBoka-IB cybercrime dhipatimendi rekuferefeta avo vakatarisana nedambudziko rekuwanikwa kusingatenderwe nevanhu vasingazivikanwe kune tsamba yavo muTeregiramu mutumwa. Zviitiko izvi zvakaitika paIOS neAroid zvishandiso, zvisinei kuti ndeipi yemubatanidzwa cellular opareta uyo akabatwa aive mutengi.
Kurwiswa kwacho kwakatanga nemushandisi achigamuchira meseji muTeregiramu mutumwa kubva kuTeregiramu sevhisi chiteshi (iyi ndiyo chiteshi chepamutemo chemutumwa ine cheki yekuongorora yebhuruu) ine kodhi yekusimbisa iyo mushandisi asina kukumbira. Mushure meizvi, SMS ine activation kodhi yakatumirwa kune smartphone yemunhu akabatwa - uye nekukurumidza chiziviso chakagamuchirwa muTeregiramu sevhisi chiteshi kuti account yaive yapinzwa kubva kune mudziyo mutsva.
Muzviitiko zvese zvinozivikanwa neBoka-IB, vapambi vakapinda muakaundi yemumwe munhu kuburikidza neInternet nhare (zvichida vachishandisa SIM makadhi anoraswa), uye IP kero yevanorwisa nguva zhinji yaive muSamara.
Kuwana pakukumbira
Ongororo yakaitwa neGroup-IB Computer Forensics Laboratory, uko midziyo yemagetsi yevakabatwa yakaendeswa, yakaratidza kuti michina yacho haina kutapukirwa nespyware kana kubhengi Trojan, maakaundi haana kubiwa, uye SIM kadhi haina kutsiviwa. Muzviitiko zvese, vapambi vakawana mukana kune mutumwa weakabatwa vachishandisa maSMS makodhi akagamuchirwa pakupinda muakaunti kubva kune mudziyo mutsva.
Maitiro aya ndeaya anotevera: kana uchimisikidza mutumwa pachigadzirwa chitsva, Teregiramu inotumira kodhi kuburikidza nechiteshi chesevhisi kune ese maturusi emidziyo, uyezve (pakukumbira) meseji yeSMS inotumirwa kurunhare. Vachiziva izvi, vanorwisa ivo pachavo vanotanga chikumbiro chekuti mutumwa atumire SMS ine activation kodhi, tora iyi SMS uye shandisa iyo yakagamuchirwa kodhi kuti ibudirire kupinda kune mutumwa.
Saka, vanorwisa vanowana kupinda zvisiri pamutemo kune zvese zvazvino chats, kunze kweakavanzika, pamwe nenhoroondo yetsamba mune idzi chats, kusanganisira mafaera uye mapikicha akatumirwa kwavari. Wawana izvi, mushandisi weTeregiramu ari pamutemo anogona kumisa nechisimba chikamu cheanorwisa. Nekuda kwemaitiro ekudzivirira akaitwa, zvakapesana hazvigone kuitika; anorwisa haakwanise kumisa zvikamu zvekare zvemushandisi chaiye mukati memaawa makumi maviri nemana. Naizvozvo, zvakakosha kuti uone chikamu chekunze nenguva uye nekuchipedza kuti usarasikirwe nekuwana account yako. Boka-IB nyanzvi dzakatumira chiziviso kuchikwata cheTeregiramu nezve kuferefeta kwavo mamiriro ezvinhu.
Kudzidza kwezviitiko kunoenderera mberi, uye panguva ino hazvisati zvanyatsozivikanwa kuti chirongwa chei chakashandiswa kudarika chinhu cheSMS. Panguva dzakasiyana-siyana, vaongorori vakapa mienzaniso yekuvharirwa kweSMS vachishandisa kurwiswa kweSS7 kana Diameter mapuroteni anoshandiswa munharembozha. Nechepfungwa, kurwiswa kwakadaro kunogona kuitwa nekushandiswa zvisiri pamutemo kwehunyanzvi nzira dzehunyanzvi kana ruzivo rwemukati kubva kune cellular operators. Kunyanya, pamaforamu ehacker paRimanet pane zviziviso zvitsva nezvipo zvekubira nhume dzakasiyana, kusanganisira Telegraph.
"Nyanzvi dziri munyika dzakasiyana, kusanganisira Russia, dzakaramba dzichitaura kuti masocial network, nharembozha uye vatumwa vatumwa vanogona kubiwa vachishandisa njodzi muSS7 protocol, asi idzi dzaive nyaya dzega dzekurwiswa kwakanangwa kana ongororo," anodaro Sergey Lupanin, mukuru. wedhipatimendi rekuferefeta cybercrime kuBoka-IB, "Munhevedzano yezviitiko zvitsva, izvo zvatopfuura gumi, chishuwo chevanorwisa kuisa nzira iyi yekuwana mari pamhepo chiri pachena. Kuti udzivise izvi kuti zvisaitike, zvinodikanwa kuti uwedzere yako yega nhanho yehutsanana hwedhijitari: padiki, shandisa mbiri-chinhu chechokwadi pese pazvinogoneka, uye wedzera chinosungirwa chechipiri chinhu kuSMS, iyo inoshanda inosanganisirwa muTeregiramu imwechete. β
Ungazvidzivirira sei?
1. Teregiramu yakatoshandisa zvese zvinodiwa zvecybersecurity izvo zvichaderedza kuedza kwevanorwisa pasina.
2. PaIOS neAroid zvishandiso zveTeregiramu, unofanira kuenda kuSettings yeTeregiramu, sarudza βPrivacyβ tab wopa βCloud passwordTwo step verificationβ kana βTwo step verificationβ. Tsananguro yakadzama yekuti ungagonesa sei iyi sarudzo inopihwa mumirayiridzo iri pawebhusaiti yepamutemo yemutumwa: (https://telegram.org/blog/sessions-and-2-step-verification)
3. Zvakakosha kuti urege kuisa kero ye email kuti uwanezve iyi password, sezvo, sekutonga, email password recovery inowanikwawo kuburikidza neSMS. Nenzira imwecheteyo, iwe unogona kuwedzera kuchengetedzwa kweiyo WhatsApp account.
Source: www.habr.com