Ikhowudi evuzayo yeemveliso zeSamsung, iinkonzo kunye neendlela zokhuseleko

Iqela le-LAPSUS$, ebonakalise ukuba iqhekeze isiseko se-NVIDIA, Intengiso kutshanje i-hack efana ne-Samsung kwisitishi sayo seTelegram, apho i-Samsung iqinisekisile ukuba ifumene ukuphulwa kwedatha apho ulwazi olubucayi lubiwe, kuquka ikhowudi yomthombo wee-smartphones zayo zeGalaxy.

Ubusela benzeke ngasekupheleni kweveki ephelileyo kwaye yayiyiLapsus $, iqela elifanayo le-hacker elalisemva kobusela bedatha yeNvidia, njengoko bekuxeliwe nge-1 kaMatshi. ILapsus$ ibango i-190 gigabytes yedatha, kuquka ikhowudi yomthombo weTrust Applet, iialgorithms zebhayometriki yokuvula imisebenzi, ikhowudi yemvelaphi yesilayishi, kunye nekhowudi yomthombo weQualcomm eyimfihlo.

iqela ngokunjalo ubanga ukuba ubile ikhowudi yomthombo kwiseva yokuvula ye-Samsung, akhawunti Samsung kunye nekhowudi yomthombo kunye nezinye iinkcukacha ezahlukeneyo.

Uhlobo lohlaselo olubangele ukubiwa kwedatha alucaci. ILapsus $ yaziwa ngohlaselo lwayo lwe-ransomware, kodwa ayilohlobo lohlaselo lodwa iqela lemigulukudu elithabatha inxaxheba kulo. NjengoNvidia, i-Samsung hack inokuba bubusela bedatha obulula kunye nokuphanga kunokusebenzisa ngokuthe ngqo i-ransomware.

I-Samsung ibhekisela ngokusemthethweni kubusela "njengokophulwa kokhuseleko olunxulumene nedatha yenkampani yangaphakathi."

Ngokusekwe kuhlalutyo lwethu lokuqala, ukophulwa kubandakanya ikhowudi yomthombo ehambelana nokusebenza kwezixhobo zeGalaxy, kodwa ayibandakanyi iinkcukacha zobuqu zabathengi bethu okanye abasebenzi, utshilo uSamsung kwingxelo echazwe nguSammobile. “Okwangoku, asilindelanga nayiphi na impembelelo kwishishini lethu okanye kubathengi. Siphumeze amanyathelo okuthintela ezinye izehlo kwaye siza kuqhubeka nokusebenzela abathengi bethu ngaphandle kokuphazamiseka. "

Kuxelwe ukuba malunga ne-190 GB yedatha yavuza, kuquka ikhowudi yomthombo yeemveliso ezahlukeneyo ze-Samsung, i-bootloaders, ukuqinisekiswa kunye neendlela zokuchongwa, iiseva zokuvula, inkqubo yokhuseleko yesixhobo seselula se-Knox, iinkonzo ze-intanethi, ii-APIs, kunye namacandelo anikezelwe nguQualcomm, kuquka isibhengezo sokufumana ikhowudi yazo zonke ii-applets ze-TA. (I-Applet ethembekileyo) esebenza kwi-hardware enclave ekwanti esekwe kubuchwephesha beTrustZone (TEE), ikhowudi yolawulo engundoqo, iimodyuli ze-DRM kunye namacandelo ukunika ukuchongwa kwebhayometriki.

Idatha ikhutshelwe kwisizinda sikawonkewonke kwaye ngoku iyafumaneka kwi-torrent trackers. Ngokumalunga nesigqibo se-NVIDIA sangaphambili sokudlulisela abaqhubi kwilayisensi yasimahla, kuxelwe ukuba iziphumo ziya kubhengezwa kamva.

"Iinkqubo zeTrojan ezivuna abafowunelwa kunye neziqinisekiso kwezinye ii-apps, ezinje ngee-apps zebhanki, zixhaphakile kwi-Android, kodwa ukukwazi ukukrazula i-biometrics yefowuni okanye ukutshixa isikrini kunqunyelwe kubadlali bezoyikiso abaxhaswa ngemali kakhulu, kubandakanya nobuntlola obuxhaswe ngurhulumente. ” UCasey Bisson, intloko yemveliso kunye nobudlelwane bomphuhlisi kwikhowudi yokhuseleko yenkampani iBluBracket

"Ikhowudi yomthombo evuzayo inokwenza kube lula kakhulu kubadlali abancinci abafumana inkxaso-mali ukuba baqhube uhlaselo oluntsonkothileyo kwizinto ezikhuseleke ngakumbi zezixhobo ze-Samsung."

Kwaphawulwa ukuba ikhowudi ebiweyo inokwenza uhlaselo oluntsonkothileyo olunje ngokukrazula isikrini sokutshixa ifowuni, ukukhupha idatha egcinwe kwindawo ye-Samsung TrustZone, kunye nohlaselo lwe-zero-cofa olufaka iminyango eqhubekayo kwiifowuni zamaxhoba.

Kwakhona kubandakanyiwe kumlambo yinkcazo emfutshane yomxholo okhoyo kwifayile nganye kwezi zintathu:

  • Icandelo loku-1 liqulethe ikhowudi yokulahla ikhowudi yomthombo kunye nedatha ehambelanayo kuKhuseleko / uKhuselo / i-Knox / i-Bootloader / i-TrustedApps kunye nezinye izinto ezahlukeneyo.
  • Icandelo 2 liqulethe ikhowudi yokulahla ikhowudi yomthombo kunye nedatha enxulumene nokhuseleko lwesixhobo kunye noguqulelo oluntsonkothileyo.
  • Inxalenye 3 iqulethe ezahlukeneyo Samsung Github zokugcina: Mobile Defense Engineering, Samsung Account Backend, Samsung Pass Backend / Frontend, kunye SES (Bixby, Smartthings, Store)

Akukacaci ukuba iLapsus $ inxibelelane ne-Samsung ngentlawulelo, njengoko babebanga kwityala leNvidia.

Gqibela ukuba unomdla wokwazi ngakumbi kancinci ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.


Umxholo wenqaku uyabambelela kwimigaqo yethu imigaqo yokuziphatha yokuhlela. Ukuxela impazamo cofa apha.

Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa.

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.