Signal Developers, vhura meseji application, vakaburitsa ruzivo nezve kurwiswa yakanangana nekutora kutonga maakaundi evamwe vashandisi.
Saizvozvo kurwisa yakanga isiri 100% yakananga kune application, asi ndinoziva zvakabva pakurwiswa iyo yakaitwa na phishing kune Twilio sevhisi inoshandiswa neSignal kuronga kutumira mameseji eSMS ane macode ekusimbisa.
Nguva pfupi yadarika, Twilio, kambani inopa masevhisi ekuongorora nhamba dzenhare kuSignal, yakatambura nekurwiswa kwehumbavha. Izvi ndizvo izvo vashandisi vedu vanofanirwa kuziva:
Vese vashandisi vanogona kuzorora vaine chokwadi chekuti nhoroondo yavo yemeseji, mazita ekufonera, ruzivo rweprofile, wavakavharira, uye imwe data yega yega icharamba yakavanzika, yakachengeteka, uye isina kukanganiswa.
Kune vangangoita 1900 vashandisi, munhu anorwisa angadai akaedza kunyoresazve nhamba yavo pane imwe mudziyo kana kuziva kuti nhamba yavo yakanyoreswa neSignal. Kurwiswa uku kwakabva kwavharwa naTwilio. Vashandisi ve1900 chikamu chidiki kwazvo chevashandisi veSignal vese, zvinoreva kuti ruzhinji haruna kukanganiswa.
Ongororo yedata yakaratidza kuti eThe Twilio hack inogona kunge yakakanganisa nhamba dzenhare dzinosvika chiuru nemazana mapfumbamwe yevashandisi veSignal, avo vapambi vakakwanisa kunyoresazve nhamba dzefoni pane chimwe chishandiso vobva vagamuchira kana kutumira mameseji eiyo nhamba yefoni yakabatana (kuwana nhoroondo yetsamba yakapfuura, ruzivo rweprofile, uye ruzivo rwekero) haina kukwanisa kudzoreredza nekuti ruzivo rwakadaro. inochengetwa pamudziyo wemushandisi uye haina kutumirwa kumaseva eSignal).
Tiri kuzivisa ava vashandisi ve1900 zvakananga uye tichivakumbira kuti vanyore zvakare Signal pamidziyo yavo. Kana iwe wakagamuchira meseji yeSMS kubva kuSignal ine chinongedzo kune ichi chinyorwa chekutsigira, tevera matanho aya:
Vhura Chiratidzo pafoni yako uye nyorazve Signal account yako kana wakurudzirwa neapp.
Kuti uchengetedze zvirinani account yako, tinokurudzira kuti iwe ugone kukiya kukiya muzvirongwa zveapp. Isu takagadzira chimiro ichi kuchengetedza vashandisi kubva mukutyisidzira senge Twilio kurwisa.
Pakati penguva yekubira nekuvhara account zvemushandi akavimbiswa yakashandiswa neTwilio sevhisi kurwiswa, chiitiko chakaonekwa pa nhamba dzese dzefoni 1900 izvo zvakabatana ne kunyoresa account kana kutumira kodhi yekusimbisa neSMS. Panguva imwecheteyo, vawana mukana weiyo Twilio sevhisi interface, vapambi vaifarira matatu chaiwo maSignal manhamba emushandisi, uye imwe yenharembozha yakakwanisa kusunga kune mudziyo wevanorwisa, vachitonga nekunyunyuta. muridzi weakaundi yakakanganiswa. Signal yakatumira zviziviso zveSMS nezve chiitiko kune vese vashandisi vangangokanganiswa nekurwiswa uye kudzima zvishandiso zvavo.
Zvakakosha, izvi hazvina kupa anorwisa kuwana chero nhoroondo yemeseji, ruzivo rweprofile, kana mazita ekufonera. Nhoroondo yemeseji inochengetwa chete pachishandiso chako uye Signal haichengete kopi yayo. Rondedzero dzako dzekuonana, ruzivo rweprofile, wawakavharira, uye nezvimwe zvinogona kutorwa chete neSiginari PIN yako iyo yanga isiri (uye isingagone) kuwanikwa sechikamu chechiitiko ichi. Nekudaro, kana munhu akarwisa akakwanisa kunyoresazve account, vanogona kutumira uye kugamuchira maSignal meseji kubva kunhamba yefoni iyoyo.
Twilio yakabiwa pachishandiswa hunyanzvi hwesocial engineering izvo zvakabvumira varwi kuti vakwezve mumwe wevashandi vekambani kune peji re phishing uye kuwana mukana weakaundi yake yekutsigira vatengi.
Kunyanya, vapambi vakatumira mameseji eSMS kuvashandi veTwilio vachivazivisa nezvekupera kweakaundi kana kurongeka shanduko, ine chinongedzo kune peji rekunyepedzera rakanyorerwa senge yekusaina-pane interface yeTwilio utility masevhisi. Maererano neTwilio, nekubatanidza kune iyo helpdesk interface, vapambi vakakwanisa kuwana data yakabatana nevashandisi ve125.
Finalmente kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kutarisa ruzivo Mune inotevera chinongedzo.