Ayiphumelelanga , indlela abaphandi bezokhuseleko beqonga lekhompyutheni baphinde babamba inkonzo yefu ye-ASUS kwi ngasemva. Ngeli xesha, inkonzo yeWebStorage kunye nesoftware ziye zachaphazeleka. Ngoncedo lwayo, iqela le-Hacker BlackTech Group lifake i-Plead malware kwiikhompyuter zamaxhoba. Ngokuchanekileyo, ingcali ye-cybersecurity yaseJapan iTrend Micro ithatha isoftware yePlead njengesixhobo seqela leBlackTech, elivumela ukuba lichonge abahlaseli ngomgangatho othile wokuchaneka. Makhe songeze ukuba iqela le-BlackTech ligxile kwi-cyber espionage, kwaye izinto eziqwalaselwayo ngamaziko karhulumente kunye neenkampani eziseMzantsi-mpuma Asia. Imeko nge-hack yamva nje ye-ASUS WebStorage yayinxulumene nemisebenzi yeqela eTaiwan.
Umsebenzi wokucenga kwinkqubo ye-ASUS WebStorage yafunyanwa ziingcali ze-Eset ekupheleni kuka-Epreli. Ngaphambili, iqela leBlackTech lalisasaza i-Plead lisebenzisa uhlaselo lobuqhetseba nge-imeyile kunye neerotha ezinobuthathaka obuvulekileyo. Uhlaselo lwamva nje lwalungaqhelekanga. Abahlaseli bafake i-Plead kwinkqubo ye-ASUS Webstorage Upate.exe, esisixhobo sokuhlaziya isoftware yenkampani. Emva koko i-backdoor yenziwe yasebenza yinkqubo ye-ASUS WebStorage eyimfihlo.
Ngokutsho kweengcali, abahlaseli bakwazi ukwazisa i-backdoor kwiinkonzo ze-ASUS ngenxa yokhuseleko olunganeleyo kwiprotocol ye-HTTP usebenzisa into ebizwa ngokuba yi-man-in-middle attack. Isicelo sokuhlaziya kunye nokudlulisa iifayile kwiinkonzo ze-ASUS nge-HTTP sinokubanjwa, kwaye endaweni yesofthiwe ethembekileyo, iifayile ezithintekayo zidluliselwa kwixhoba. Kwangaxeshanye, isoftware ye-ASUS ayinazo iindlela zokuqinisekisa ubunyani beenkqubo ezikhutshelweyo ngaphambi kokubulawa kwikhompyuter yexhoba. Ukungenelela kohlaziyo kunokwenzeka kwiirotha eziphazamisekileyo. Kule nto, kwanele ukuba abalawuli bangahoyi useto olungagqibekanga. Uninzi lwee-routers kwinethiwekhi ehlaselweyo zivela kumvelisi ofanayo kunye ne-factory-set logins kunye ne-passwords, ulwazi olungeyona imfihlo egcinwe ngokusondeleyo.
Inkonzo ye-ASUS Cloud iphendule ngokukhawuleza ukuba sesichengeni kwaye ihlaziywe iindlela kwiseva yohlaziyo. Nangona kunjalo, inkampani icebisa ukuba abasebenzisi bajonge iikhompyuter zabo kwiintsholongwane.
umthombo: 3dnews.ru