ƘARA
ƘARA

Google yayi cikakken bayani game da kayan leken asiri na kasuwanci wanda ke hari duka na'urorin Android da iOS

Google ya yi gargadi game da nau'in nau'in kayan leken asiri na masana'antu wanda ke kaiwa masu amfani da na'urorin Android da iOS.

Bisa lafazin Rukunin Binciken Barazana na Google (TAG) masu bincike Benoit Sevens da Clement Lecigne, da kuma Tsarin Zero, gwamnati dabam da kuma sha'anin-sa iOS da Android kayan leken asiri bambance-bambancen yanzu a cikin aiki wurare dabam dabam.

An gano wadanda abin ya shafa a Italiya da Kazakhstan.

Kayan leken asiri, wanda ake yiwa lakabi da Hermit, kayan sa ido na zamani ne. Bayan nazarin 16 daga cikin 25 sanannun kayayyaki, masu binciken yanar gizo na Lookout sun ce malware za su yi ƙoƙarin yin tushen na'urori kuma suna da fasali da suka haɗa da: rikodin sauti, sake turawa ko yin kiran waya, satar bayanai kamar saƙon SMS, rajistan ayyukan kira, jerin lambobin sadarwa, hotuna. , da kuma fitar da bayanan wurin GPS.

Binciken Lookout, wanda aka buga a ranar Yuni 16, ya ba da shawarar cewa ana aika kayan leken asiri ta saƙonnin SMS mara kyau. Ƙarshen TAG iri ɗaya ne, tare da keɓaɓɓun hanyoyin haɗin kai da aka aika zuwa ga manufa mai kama da saƙon da mai ba da sabis na intanit (ISP) ya aika ko aikace-aikacen aika saƙon.

Popular a yanzu
'NextGen TV' Yana Watsawa Yanzu akan Iska a DC

"A wasu lokuta, mun yi imanin cewa 'yan wasan sun yi aiki tare da ISP na manufa don kashe haɗin bayanan wayar hannu," in ji Google. "Da zarar an kashe shi, maharin zai aika da hanyar sadarwa mara kyau ta hanyar SMS yana neman wanda ya sa a shigar da aikace-aikacen don dawo da haɗin bayanan su."

Ƙungiyar Lookout kawai za ta iya amintar da nau'in Android na Hermit, amma yanzu, gudunmawar Google ta ƙara samfurin iOS ga binciken. Ba a sami kowane samfurin a cikin ma'ajin Google ko Apple na hukuma ba. Madadin haka, kayan leƙen asiri masu kayatarwa apps an zazzage su daga runduna ta uku.

Samfurin Android yana buƙatar wanda aka azabtar ya zazzage .APK bayan barin shigar da wayar hannu apps daga majiyoyin da ba a san su ba. malware ɗin ya canza kansa azaman app na Samsung kuma yayi amfani da Firebase a matsayin wani ɓangare na kayan aikin sa na umarni da sarrafawa (C2).

"Yayin da apk ɗin kanta ba ta ƙunshi kowane fa'ida ba, lambar tana nuna kasancewar abubuwan amfani waɗanda za a iya zazzagewa da aiwatar da su," in ji masu binciken.

Google ya sanar da masu amfani da Android da app ɗin ya shafa kuma ya yi canje-canje a Google Play Kare don kare masu amfani daga ayyukan ɓarna na app. Ƙari ga haka, an kashe ayyukan Firebase masu alaƙa da kayan leƙen asiri.

Samfurin iOS, wanda aka rattaba hannu tare da takardar shaidar da aka samu daga Shirin Kasuwancin Haɓaka na Apple, yana ƙunshe da haɓakar gata wanda lahani shida ke iya jawowa.

Yayin da hudu (CVE-2018-4344, CVE-2019-8605, CVE-2020-3837, CVE-2020-9907) an san su, wasu biyu - CVE-2021-30883 da kuma CVE-2021-30983 - ana zargin ana amfani da su a cikin daji azaman kwanaki sifili kafin Apple ya daidaita su a cikin Disamba 2021. Mai yin iPad da iPhone ya kuma soke takaddun shaida da ke da alaƙa da yaƙin neman zaɓe.

Popular a yanzu
Beelink GK Mini Review | PCMag

Google da Lookout sun ce mai yiwuwa ana iya danganta su da kayan leken asiri ga RCS Lab, wani kamfani na Italiya da ke aiki tun 1993. 

RCS Lab ya gaya wa TechCrunch cewa kamfanin "yana fitar da samfuransa bisa ga ƙa'idodin ƙasa da Turai," da "duk wani tallace-tallace ko aiwatar da samfuran ana yin su ne kawai bayan samun izini na hukuma daga hukumomin da suka cancanta."

Yaduwar Hermit kawai yana ba da haske ga babban al'amari: haɓakar kayan leƙen asiri da masana'antar sa ido na dijital.

A makon da ya gabata, Google ya ba da shaida a kwamitin bincike na Majalisar Tarayyar Turai kan amfani da Pegasus da sauran kayan leƙen asiri na kasuwanci.

A halin yanzu TAG yana bin sama da dillalai 30 waɗanda ke ba da amfani ko kayan leken asiri ga ƙungiyoyin da ke samun goyon bayan gwamnati, kuma bisa ga Charley Snyder ne adam wata, Shugaban Manufofin Tsaro na Intanet a Google, yayin da amfani da su na iya zama doka, " galibi ana samun su da gwamnatoci suna amfani da su don dalilai da suka saba wa tsarin dimokuradiyya: hari ga 'yan adawa, 'yan jarida, ma'aikatan kare hakkin dan adam & 'yan siyasa."

"Shi ya sa lokacin da Google ya gano waɗannan ayyukan, ba kawai muna ɗaukar matakai don kare masu amfani ba, amma mu bayyana wannan bayanin a bainar jama'a don wayar da kan jama'a da taimakawa yanayin muhalli," in ji Snyder. 

Previous da kuma ɗaukar hoto

Shin da tip? Shiga ciki lafiya ta hanyar WhatsApp | Alamar a +447713 025 499, ko sama da haka a Keybase: charlie0



source

Keep Calm and Stay Smart

00:00

Ƙwararrunmu da ƙwarewa suna gwada ɗaruruwan software, ayyuka da dabarun kasuwanci kowace shekara ta hanyar masu ba da shawara da ƙungiyar shugabannin kasuwanci.

Muna ɗaukar mafita mai tsauri kawai tare da mafi girman ƙimar fa'ida waɗanda ke da sauƙin amfani, waɗanda ke haɗa kai da kyau cikin kowane nau'in ƙungiya kuma waɗanda suka haɗa da manyan fasalulluka don tabbatar da ci gaba da kasancewa a saman sashin kasuwancin ku.

en English
ar Arabicbe Belarusianbn Bengalibs Bosnianbg Bulgarianzh-CN Chinese (Simplified)hr Croatiancs Czechda Danishnl Dutchen Englishet Estoniantl Filipinofi Finnishfr Frenchka Georgiande Germanel Greekgu Gujaratiha Hausaiw Hebrewhi Hindihmn Hmonghu Hungarianig Igboid Indonesianit Italianja Japanesejw Javanesekk Kazakhko Koreanku Kurdish (Kurmanji)ky Kyrgyzlo Laolv Latvianlt Lithuanianmk Macedonianmg Malagasyno Norwegianfa Persianpl Polishpt Portuguesepa Punjabiro Romanianru Russiansr Serbiansk Slovaksl Slovenianes Spanishsv Swedishth Thaitr Turkishuk Ukrainianvi Vietnameseyo Yoruba

Dole ne a sami software a cikin 2024

Manyan Kategorien

Latest reviews