Ithimba locwaningo lamavolontiya aseJalimane-America futhi kuqhathaniswe ukuphepha kwamadijithi ayisithupha kanye namakhodi ephinikhodi anezinombolo ezine zokukhiya i-smartphone. Uma i-smartphone yakho ilahleka noma yebiwa, kungcono okungenani uqiniseke ukuthi ulwazi luzovikelwa ekugetshengeni. Ingabe kunjalo?
U-Philipp Markert ovela e-Horst Goertz Institute for IT Security e-Ruhr University Bochum kanye no-Maximilian Golla ovela e-Max Planck Institute for Security and Privacy bathola ukuthi ekusebenzeni kwengqondo ibusa izibalo. Ngokombono wezibalo, ukwethembeka kwamakhodi e-PIN anezinhlamvu eziyisithupha kuphezulu kakhulu kunalawo anezinombolo ezine. Kodwa abasebenzisi bakhetha izinhlanganisela ezithile zezinombolo, ngakho-ke amakhodi ephinikhodi athile asetshenziswa kaningi futhi lokhu kucishe kusule umehluko ebunkimbinkingeni phakathi kwamakhodi amadijithi ayisithupha namane.
Ocwaningweni, ababambiqhaza basebenzise amadivaysi e-Apple noma e-Android futhi basetha amakhodi e-PIN anezinhlamvu ezine noma eziyisithupha. Kumadivaysi e-Apple aqala nge-iOS 9, kuvele uhlu olumnyama lwenhlanganisela yedijithali enqatshelwe yamakhodi e-PIN, ukukhethwa kwawo kungavunyelwe ngokuzenzakalelayo. Abacwaningi babenohlu olumnyama olusesandleni (kumakhodi angu-6 namadijithi angu-4) futhi baqhuba ukusesha kwezinhlanganisela kukhompuyutha. Uhlu oluvinjelwe lwamakhodi e-PIN anezinombolo ezi-4 atholwe kwa-Apple luqukethe izinombolo ezingama-274, ezinezinombolo eziyisi-6 - 2910.
Kumadivayisi e-Apple, umsebenzisi unikezwa imizamo engu-10 yokufaka i-PIN. Ngokusho kwabacwaningi, kulokhu uhlu lwabamnyama alunangqondo neze. Ngemuva kwemizamo eyi-10, kube nzima ukuqagela inombolo elungile, noma ngabe ilula kakhulu (njenge-123456). Kumadivayisi e-Android, ukufakwa kwekhodi ye-PIN eyi-11 kungenziwa emahoreni ayi-100, futhi kulokhu, uhlu lwabavinjiwe seluyindlela enokwethenjelwa yokugcina umsebenzisi ukuthi angangeni inhlanganisela elula futhi avimbele i-smartphone ukuthi ingagetshengwa izinombolo ze-brute force.
Esivivinyweni, ababambiqhaza abangu-1220 bakhethe ngokuzimela amakhodi e-PIN, futhi abahloli bazame ukuwaqagela ngemizamo engu-10, 30 noma engu-100. Ukukhethwa kwezinhlanganisela kwenziwa ngezindlela ezimbili. Uma uhlu oluvinjelwe lunikwe amandla, ama-smartphone ayehlaselwa ngaphandle kokusebenzisa izinombolo ezisohlwini. Ngaphandle kokuthi uhlu oluvinjelwe lunikwe amandla, ukukhethwa kwekhodi kwaqala ngokusesha izinombolo ohlwini lwabavinjelwe (njengezinye ezisetshenziswa kakhulu). Ngesikhathi sokuhlolwa, kuvele ukuthi iphinikhodi enamadijithi angu-4 ekhethwe ngobuhlakani, ngenkathi ikhawulela inani lemizamo yokufaka, iphephe kakhulu futhi ithembeke kancane kunekhodi ye-PIN enamadijithi angu-6.
Amakhodi ephinikhodi anamadijithi angu-4 ajwayeleke kakhulu kwakungu-1234, 0000, 1111, 5555 kanye no-2580 (le ikholomu emile ekhiphedi yezinombolo). Ukuhlaziywa okujulile kubonise ukuthi uhlu oluvinjelwe olufanelekile lwamaphinikhodi anezinombolo ezine kufanele luqukathe okufakiwe okungaba ngu-1000 futhi lwehluke kancane kulolo olwatholwa amadivayisi we-Apple.
Ekugcineni, abacwaningi bathola ukuthi amakhodi e-PIN enamadijithi angu-4 kanye namadijithi angu-6 avikeleke kancane kunamagama-mfihlo, kodwa aphephe kakhulu kunokukhiya ama-smartphone okusekelwe iphethini. Okugcwele izokwethulwa eSan Francisco ngoMeyi 2020 ku-IEEE Symposium on Security and Privacy.
Source: 3dnews.ru