Ngasekupheleni kuka-2019, oosomashishini abaninzi baseRashiya baqhagamshelane nesebe lophando lolwaphulo-mthetho lwe-intanethi leGroup-IB emva kokuba befumene ukufikelela okungagunyaziswanga kwimiyalezo yabo yeTelegram. Ezi ziganeko zenzeke kwizixhobo ze-iOS kunye ne-Android. Android, nokuba ixhoba lalingumthengi walo naliphi na isebe leenkonzo zeselula likarhulumente.
Uhlaselo lwaqala kunye nomsebenzisi ofumana umyalezo kumthunywa weTelegram ovela kwisiteshi senkonzo yeTelegram (esi sijelo esisemthethweni somthunywa ngetshekhi yokuqinisekisa eluhlaza okwesibhakabhaka) kunye nekhowudi yokuqinisekisa ukuba umsebenzisi akazange ayicele. Emva koku, i-SMS enekhowudi yokuvula yathunyelwa kwi-smartphone yexhoba-kwaye ngokukhawuleza kwafunyanwa isaziso kwijelo lenkonzo yeTelegram yokuba iakhawunti ingene kwisixhobo esitsha.
Kuzo zonke iimeko apho iQela-IB liyazi, abahlaseli bangene kwi-akhawunti yomnye umntu nge-Intanethi yeselula (mhlawumbi besebenzisa amakhadi e-SIM alahlayo), kunye nedilesi ye-IP yabahlaseli kwiimeko ezininzi eSamara.
Ufikelelo ngesicelo
Uphononongo olwenziwa yiGroup-IB Computer Forensics Laboratory, apho izixhobo zombane zamaxhoba zidluliselwe, zibonise ukuba izixhobo azizange zichaphazeleke nge-spyware okanye iTrojan yebhanki, i-akhawunti ayizange ikhutshwe, kwaye i-SIM khadi ayizange ithathelwe indawo. Kuzo zonke iimeko, abahlaseli bafumana ukufikelela kumthunywa wexhoba besebenzisa iikhowudi ze-SMS ezifunyenweyo xa ungena kwi-akhawunti kwisixhobo esitsha.
Le nkqubo ilandelayo: xa uvula umthunywa kwisixhobo esitsha, iTelegram ithumela ikhowudi ngesiteshi senkonzo kuzo zonke izixhobo zabasebenzisi, emva koko (ngesicelo) umyalezo weSMS uthunyelwa kwifowuni. Ukwazi oku, abahlaseli ngokwabo baqalisa isicelo somthunywa ukuba athumele i-SMS kunye nekhowudi yokuqalisa, bamkele le SMS kwaye basebenzise ikhowudi efunyenweyo ukuze bangene ngempumelelo kumthunywa.
Ngaloo ndlela, abahlaseli bafumana ukufikelela ngokungekho mthethweni kuzo zonke iingxoxo zangoku, ngaphandle kweemfihlo, kunye nembali yembalelwano kwezi ngxoxo, kubandakanywa iifayile kunye neefoto ezithunyelwe kubo. Ukufumanisa oku, umsebenzisi osemthethweni weTelegram unokuphelisa ngenkani iseshoni yomhlaseli. Ndiyabulela kwindlela yokukhusela ephunyeziweyo, into eyahlukileyo ayinakwenzeka; Ke ngoko, kubalulekile ukubona iseshoni yangaphandle ngexesha kwaye uyiphelise ukuze ungaphulukani nokufikelela kwiakhawunti yakho. Iingcali zeQela-IB zathumela isaziso kwiqela leTelegram malunga nophando lwazo malunga nale meko.
Uphononongo lweziganeko luyaqhubeka, kwaye okwangoku akukaqinisekwanga ukuba yeyiphi na inkqubo esetyenzisiweyo ukudlula i-SMS factor. Ngamaxesha ahlukeneyo, abaphandi banike imizekelo yokunqanyulwa kweSMS kusetyenziswa uhlaselo kwi-SS7 okanye i-Diameter protocol ezisetyenziswa kuthungelwano lweselula. Ngokwethiyori, uhlaselo olunjalo lunokwenziwa ngokusetyenziswa okungekho mthethweni kweendlela ezizodwa zobugcisa okanye ulwazi lwangaphakathi oluvela kubaqhubi beeselula. Ngokukodwa, kwiiforum ze-hacker kwi-Darknet kukho iintengiso ezitsha kunye nezibonelelo zokuqhekeza abathunywa abahlukeneyo, kubandakanya iTelegram.
"Iingcali kumazwe ahlukeneyo, kuquka iRashiya, ziye zatsho ngokuphindaphindiweyo ukuba iinethiwekhi zentlalo, iibhanki eziphathwayo kunye nezithunywa ezikhawulezayo zinokuqhekezwa kusetyenziswa ubuthathaka kwi-protocol ye-SS7, kodwa ezi yayiziimeko ezizimeleyo zokuhlaselwa okujoliswe kuyo okanye uphando," uphawula uSergey Lupanin, intloko. wesebe lophando ngolwaphulo-mthetho kwi-cybercrime kwi-Group-IB, “Kuluhlu lweziganeko ezitsha, esele zingaphezu kwe-10, umnqweno wabahlaseli ukubeka le ndlela yokufumana imali kwi-stream uyabonakala. Ukuze uthintele oku kungenzeki, kuyimfuneko ukwandisa izinga lakho lococeko lwedijithali: ubuncinci, sebenzisa ukuqinisekiswa kwezinto ezimbini xa kunokwenzeka, kwaye ungeze into yesibini enyanzelekileyo kwi-SMS, efakwe ngokusebenzayo kwiTelegram efanayo. ”
Indlela yokuzikhusela?
1. I-Telegram sele iphunyezwe zonke iindlela ezifunekayo ze-cybersecurity eziza kunciphisa iinzame zabahlaseli ukuba zingabi nto.
2. Kwizixhobo ze-iOS kunye Android KwiTelegram, yiya kwizicwangciso zeTelegram, khetha ithebhu ethi "Ubumfihlo", uze usete "Iphasiwedi yelifu/Ukuqinisekiswa kwamanyathelo amabini." Imiyalelo eneenkcukacha zendlela yokuvula olu khetho ifumaneka kwiwebhusayithi esemthethweni yemessenger: (https://telegram.org/blog/sessions-and-2-step-verification)
3. Kubalulekile ukuba ungacwangcisi idilesi ye-imeyile yokubuyisela le password, kuba, njengomthetho, ukubuyiswa kwephasiwedi ye-imeyile kwakhona kwenzeka ngeSMS. Ngendlela efanayo, unokwandisa ukhuseleko lwe-akhawunti yakho ye-WhatsApp.
umthombo: www.habr.com
