{"id":90329,"date":"2019-04-02T19:20:24","date_gmt":"2019-04-02T16:20:24","guid":{"rendered":"https:\/\/www.enerjigazetesi.ist\/?p=90329"},"modified":"2019-04-02T19:29:26","modified_gmt":"2019-04-02T16:29:26","slug":"siber-saldirganlarin-yeni-hedefi-akilli-evler","status":"publish","type":"post","link":"https:\/\/www.enerjigazetesi.ist\/en\/siber-saldirganlarin-yeni-hedefi-akilli-evler\/","title":{"rendered":"(Turkish) Siber Sald\u0131rganlar\u0131n Yeni Hedefi: Ak\u0131ll\u0131 Evler"},"content":{"rendered":"

Sorry, this entry is only available in Turkish<\/a>. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language.<\/p>

<\/p>\n

Ak\u0131ll\u0131 evlerdeki ayd\u0131nlatmadan \u0131s\u0131tmaya, ev sinema sistemlerinden g\u00fcvenli\u011fe kadar bir\u00e7ok sistemin dahil oldu\u011fu Kompleks IoT (Nesnelerin \u0130nterneti) Ortamlar\u0131 siber sald\u0131rganlar\u0131n tehdidi alt\u0131nda. Ak\u0131ll\u0131 evlerin yayg\u0131nla\u015fmas\u0131 ve yeni IoT siber tehditlerinin geli\u015fmesi \u00f6n\u00fcm\u00fczdeki birka\u00e7 y\u0131l i\u00e7erisinde siber su\u00e7lular i\u00e7in milyarlarca dolarl\u0131k yeni bir end\u00fcstri haline gelece\u011fini ortaya koyuyor.<\/h1>\n

CIE [Complex IoT Environments] olarak adland\u0131rd\u0131\u011f\u0131m\u0131z bir\u00e7ok cihaz ve sistemin birle\u015fmesinden olu\u015fan kompleks IoT ortamlar\u0131 siber su\u00e7lular\u0131n yeni hedefi oldu. Asans\u00f6r sistemleri, kartl\u0131 kap\u0131 sistemleri, yang\u0131n sensor sistemleri gibi BT d\u0131\u015f\u0131ndaki cihazlar\u0131n y\u00f6netilmesini sa\u011flayan yaz\u0131l\u0131mlara ula\u015fan su\u00e7lular, \"\"kullan\u0131c\u0131lar\u0131n g\u00fcvenliklerini ihlal edecek durumlar olu\u015fturabiliyor ve eski haline d\u00f6nd\u00fcr\u00fclmesi i\u00e7in fidye talebinde bulunuyor. Bunun en yak\u0131n \u00f6rne\u011fi ise Avusturya\u2019n\u0131n \u00f6nemli bir otelinde ya\u015fand\u0131. Bir grup siber korsan otelin m\u00fc\u015fterilerini odalar\u0131na kilitleyerek durumun \u00e7\u00f6z\u00fclmesi kar\u015f\u0131l\u0131\u011f\u0131nda otel i\u015fletmesinden bitcoin talep etmi\u015fti.<\/p>\n

Sald\u0131rganlar\u0131n kompleks IoT ortamlar\u0131n\u0131n kontrol\u00fcn\u00fc ele ge\u00e7irebilece\u011fi senaryolar\u0131 inceledi\u011finde siber sald\u0131rganlar\u0131n kolayl\u0131kla kompleks IoT ortam\u0131nda otomasyon sunucusuna s\u0131zabilece\u011fini, mevcut kurallar\u0131 de\u011fi\u015ftirebilece\u011fini ve kontrol\u00fc eline ge\u00e7irerek olas\u0131 riskleri art\u0131rabilece\u011fini tespit etti.<\/p>\n

Trend Micro Akdeniz \u00dclkeleri Teknik M\u00fcd\u00fcr\u00fc Mehmet G\u00fclyurt<\/strong>, bu tip yaz\u0131l\u0131mlar\u0131n al\u0131\u015fveri\u015f merkezleri, havalimanlar\u0131, oteller, hastaneler, ak\u0131ll\u0131 binalar, plazalar gibi yerlerde yayg\u0131n \u015fekilde kullan\u0131lmas\u0131 nedeniyle siber su\u00e7lular\u0131n sald\u0131r\u0131lar\u0131na maruz kald\u0131\u011f\u0131n\u0131 belirtti. Bu t\u00fcr sald\u0131r\u0131lar sonucunda da fidye talep edilebildi\u011finin, siber ter\u00f6r gruplar\u0131n\u0131n eylemlerine neden olabildi\u011finin, insanlar\u0131n rehin al\u0131nmalar\u0131n\u0131n, h\u0131rs\u0131zl\u0131k ve soygun vakalar\u0131n\u0131n ya\u015fanmas\u0131yla sonu\u00e7lanabildi\u011finin alt\u0131n\u0131 \u00e7izdi.<\/p>\n

G\u00fclyurt \u201cSald\u0131rganlar ak\u0131ll\u0131 kilitler kurup kompleks IoT ortam\u0131na ba\u011flanarak, eve \/ \u015firkete eri\u015fime imkan veren otomasyon kurallar\u0131n\u0131 de\u011fi\u015ftirebiliyor. Bu kural de\u011fi\u015fiklikleri sonucunda sensorlar sald\u0131rgan\u0131 ya evde ya\u015fayan biri gibi alg\u0131l\u0131yor ya da kap\u0131lar\u0131 kilitlemiyor. Bu t\u00fcr kurallar ayn\u0131 zamanda kompleks IoT ortam\u0131nda kurulu herhangi bir alarm sistemini kontrol alt\u0131na alarak sald\u0131rgan\u0131n \u00e7ok kolay bir \u015fekilde alarm\u0131 devre d\u0131\u015f\u0131 b\u0131rakmas\u0131n\u0131 da sa\u011fl\u0131yor.<\/p>\n

Di\u011fer bir senaryoda da sald\u0131rganlar internete ba\u011fl\u0131 hoparl\u00f6rler vas\u0131tas\u0131yla Alexa ve Siri gibi sanal asistanlara komutlar verebiliyor. Sald\u0131rganlar ev sahibinin sesini analiz ederek klonluyor, b\u00f6ylece elde ettikleri ses dosyas\u0131yla kompleks IoT ortamlar\u0131na ba\u011fl\u0131 cihazlar\u0131n ger\u00e7ekle\u015ftirdi\u011fi ses tan\u0131ma prosed\u00fcr\u00fcn\u00fc ge\u00e7ebiliyor. Bu t\u00fcr tehditler Alexa ve Google Asistan gibi ses hizmetleriyle kontrol edilebilen ve ev Wi-Fi a\u011flar\u0131na ba\u011fl\u0131 olan ak\u0131ll\u0131 otomobillerin de yayg\u0131nla\u015fmaya ba\u015flad\u0131\u011f\u0131 d\u00fc\u015f\u00fcn\u00fcl\u00fcrse \u00f6n\u00fcm\u00fczdeki d\u00f6nemde \u00e7ok daha ciddi sald\u0131r\u0131lara neden olabilir\u201d a\u00e7\u0131klamas\u0131nda bulundu.<\/p>\n

Ak\u0131ll\u0131 evlerin g\u00fcvenli\u011fi i\u00e7in her cihaza \u00f6zel g\u00fcvenlik prosed\u00fcr\u00fc uygulanmal\u0131!<\/strong><\/p>\n

IoT g\u00fcvenli\u011finin, ak\u0131ll\u0131 evler yayg\u0131nla\u015ft\u0131k\u00e7a ve yeni IoT siber tehditleri geli\u015ftik\u00e7e \u00f6n\u00fcm\u00fczdeki birka\u00e7 y\u0131l i\u00e7erisinde milyarlarca dolarl\u0131k end\u00fcstri haline gelece\u011fi d\u00fc\u015f\u00fcn\u00fcl\u00fcyor. Yeni \u00e7\u0131kacak IoT g\u00fcvenlik \u00fcr\u00fcnlerinin geleneksel anti vir\u00fcs, antispam ve web filtreleme gibi siber g\u00fcvenlik denince akla ilk gelen g\u00fcvenlik \u00fcr\u00fcnlerinden tamamen farkl\u0131 olmas\u0131 gerekiyor. IoT g\u00fcvenli\u011finin gelece\u011fi d\u00fc\u015f\u00fcn\u00fcld\u00fc\u011f\u00fcnde sahip oldu\u011fu dinamik ekosistem ve \u00f6ng\u00f6r\u00fclemeyecek say\u0131da birbirleriyle ba\u011flant\u0131l\u0131 cihazlar\u0131n bu sistemde olaca\u011f\u0131 unutulmamal\u0131. T\u00fcm bu cihazlar ayr\u0131 ayr\u0131 korunurken kullan\u0131c\u0131lar da onlara kar\u015f\u0131 kendilerini korumak zorunda kalabilirler.<\/p>\n

– \u0130lk sorun, IoT g\u00fcvenlik \u00fcr\u00fcnlerinin a\u011fa hangi cihazlar\u0131n ba\u011fland\u0131\u011f\u0131n\u0131 ve hangi cihazlar\u0131n a\u011fdan \u00e7\u0131kt\u0131\u011f\u0131n\u0131 an\u0131nda fark etmesinin sa\u011flanmas\u0131d\u0131r.<\/p>\n

– \u0130kinci sorun IoT g\u00fcvenlik \u00fcr\u00fcnlerinin, do\u011fru bir \u015fekilde, ne t\u00fcr bir cihaz\u0131n a\u011fa tan\u0131mland\u0131\u011f\u0131n\u0131n fark\u0131na varabilmesidir. Bunu s\u00f6ylemek ise yapmaktan \u00e7ok daha kolayd\u0131r. \u00c7\u00fcnk\u00fc her cihaz, a\u011f sorgulamalar\u0131na gerekti\u011fi gibi cevap veremez. Google taraf\u0131ndan \u00fcretilen pop\u00fcler cihazlar kolayl\u0131kla tan\u0131nabilecek \u015fekilde a\u011f sorgulamalar\u0131na yan\u0131t verirlerken e-ticaret sitelerinden al\u0131nan daha ucuz cihazlar\u0131n yan\u0131tlama mekanizmalar\u0131 olmayabilir. Bu da onlar\u0131n tan\u0131mlanmas\u0131n\u0131 ve sorgulanmalar\u0131n\u0131 zorla\u015ft\u0131rabilir.<\/p>\n

– \u00dc\u00e7\u00fcnc\u00fc sorun ise sisteme tan\u0131mlanan bir cihaz\u0131n IoT g\u00fcvenlik \u00fcr\u00fcn\u00fc taraf\u0131ndan o cihaza y\u00f6nelik riskleri ve cihaz\u0131n a\u011fa y\u00f6nelik olas\u0131 risklerini de\u011ferlendirmesidir. Kompleks IoT ortamlar\u0131nda cihazlar\u0131n ak\u0131ll\u0131 uygulamalar yaratmak i\u00e7in olu\u015fturacaklar\u0131 olas\u0131 perm\u00fctasyon ve kombinasyonlar\u0131n say\u0131s\u0131 s\u0131n\u0131rs\u0131zd\u0131r. Eklenen her cihazla da bu say\u0131 katlanarak artar. Bu y\u00fczden de IoT g\u00fcvenlik \u00fcr\u00fcnlerinin kompleks IoT ortam\u0131na y\u00f6nelik tehditleri \u00f6ng\u00f6rebilmenin yan\u0131nda bunlar\u0131 analiz etmesi de gerekir. T\u00fcm bunlar\u0131n yan\u0131nda DDoS, MitM, s\u0131f\u0131r\u0131nc\u0131 g\u00fcn sald\u0131r\u0131lar\u0131, IoT zararl\u0131 yaz\u0131l\u0131mlar\u0131, zararl\u0131 yaz\u0131l\u0131mlar ve benzeri tehditlere kar\u015f\u0131 korumadan bahsetmiyoruz bile.<\/p>\n

– Bir IoT g\u00fcvenlik \u00fcr\u00fcn\u00fcn ilk amac\u0131 olan korunma da son sorun olarak kar\u015f\u0131m\u0131za \u00e7\u0131k\u0131yor. Kullan\u0131c\u0131lar\u0131n birbirleriyle ba\u011fl\u0131 cihazlardan \u00fc\u00e7 temel beklentileri vard\u0131r: 1) Her zaman \u00e7evrimi\u00e7i olmal\u0131, 2) Her zaman eri\u015filebilir olmal\u0131, 3) Kullan\u0131m\u0131 kolay olmal\u0131. Bu \u00fc\u00e7 beklentiden birinin d\u00fczg\u00fcn \u00e7al\u0131\u015fmamas\u0131, t\u00fcm IoT deneyiminin y\u0131k\u0131lmas\u0131na yol a\u00e7ar. IoT g\u00fcvenlik \u00fcr\u00fcnleri bahsetti\u011fimiz \u00fc\u00e7 temel beklentiyi kar\u015f\u0131lamal\u0131 ve kullan\u0131c\u0131n\u0131n IoT g\u00fcvenli\u011fini bir y\u00fck olarak de\u011ferlendirmeyece\u011fi \u015fekilde t\u00fcm kompleks IoT ortamlar\u0131na y\u00f6nelik koruma sa\u011flamal\u0131d\u0131r.<\/p>\n

Unutulmamas\u0131 gereken son \u015fey ise farkl\u0131 tip cihazlar\u0131n farkl\u0131 seviye ve \u015fekilde korumaya ihtiyac\u0131 oldu\u011fudur. Her yeni cihazla birlikte yeni koruma kurallar\u0131n\u0131n tan\u0131mlanmas\u0131 gerekir. Bir cihaz\u0131 korumak di\u011fer bir cihaz\u0131n g\u00fcvenli\u011fini tehlikeye atmamal\u0131d\u0131r.<\/p>","protected":false},"excerpt":{"rendered":"

Sorry, this entry is only available in Turkish. For the sake of viewer convenience, the content is shown below in the alternative language. You may click the link to switch the active language. Ak\u0131ll\u0131 evlerdeki ayd\u0131nlatmadan \u0131s\u0131tmaya, ev sinema sistemlerinden g\u00fcvenli\u011fe kadar bir\u00e7ok sistemin dahil oldu\u011fu Kompleks IoT (Nesnelerin \u0130nterneti) Ortamlar\u0131 siber sald\u0131rganlar\u0131n tehdidi alt\u0131nda. […]<\/p>\n","protected":false},"author":1,"featured_media":90332,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[51,53],"tags":[8155,48785,48782,67,1009,48779,48780,48783,48778,39268,48781,19577,48784],"views":740,"_links":{"self":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/90329"}],"collection":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/comments?post=90329"}],"version-history":[{"count":0,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/posts\/90329\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media\/90332"}],"wp:attachment":[{"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/media?parent=90329"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/categories?post=90329"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.enerjigazetesi.ist\/en\/wp-json\/wp\/v2\/tags?post=90329"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}