Ayiphumelelanga
Umsebenzi wokucenga kwinkqubo ye-ASUS WebStorage yafunyanwa ziingcali ze-Eset ekupheleni kuka-Epreli. Ngaphambili, iqela leBlackTech lalisasaza i-Plead lisebenzisa uhlaselo lobuqhetseba nge-imeyile kunye neerotha ezinobuthathaka obuvulekileyo. Uhlaselo lwamva nje lwalungaqhelekanga. Abahlaseli bafake i-Plead kwinkqubo ye-ASUS Webstorage Upate.exe, esisixhobo sokuhlaziya isoftware yenkampani. Emva koko i-backdoor yenziwe yasebenza yinkqubo ye-ASUS WebStorage eyimfihlo.
Ngokutsho kweengcali, abahlaseli bakwazi ukwazisa i-backdoor kwiinkonzo ze-ASUS ngenxa yokhuseleko olunganeleyo kwiprotocol ye-HTTP usebenzisa into ebizwa ngokuba yi-man-in-middle attack. Isicelo sokuhlaziya kunye nokudlulisa iifayile kwiinkonzo ze-ASUS nge-HTTP sinokubanjwa, kwaye endaweni yesofthiwe ethembekileyo, iifayile ezithintekayo zidluliselwa kwixhoba. Kwangaxeshanye, isoftware ye-ASUS ayinazo iindlela zokuqinisekisa ubunyani beenkqubo ezikhutshelweyo ngaphambi kokubulawa kwikhompyuter yexhoba. Ukungenelela kohlaziyo kunokwenzeka kwiirotha eziphazamisekileyo. Kule nto, kwanele ukuba abalawuli bangahoyi useto olungagqibekanga. Uninzi lwee-routers kwinethiwekhi ehlaselweyo zivela kumvelisi ofanayo kunye ne-factory-set logins kunye ne-passwords, ulwazi olungeyona imfihlo egcinwe ngokusondeleyo.
Inkonzo ye-ASUS Cloud iphendule ngokukhawuleza ukuba sesichengeni kwaye ihlaziywe iindlela kwiseva yohlaziyo. Nangona kunjalo, inkampani icebisa ukuba abasebenzisi bajonge iikhompyuter zabo kwiintsholongwane.
umthombo: 3dnews.ru