Ikhowudi evuzayo yeemveliso zeSamsung, iinkonzo kunye neendlela zokhuseleko

Iqela le-LAPSUS$, ebonakalise ukuba iqhekeze isiseko se-NVIDIA, Intengiso kutshanje i-hack efana ne-Samsung kwitshaneli yeTelegram, apho i-Samsung iqinisekisile ukuba ifumene ukuphulwa kwedatha apho ulwazi olubucayi lubiwe, kuquka ikhowudi yomthombo yee-smartphones zayo zeGalaxy.

Ubusela benzeke ngasekupheleni kweveki ephelileyo kwaye yayiyiLapsus $, iqela elifanayo lokugqekeza elalisemva kobusela bedatha yeNvidia, njengoko bekuxeliwe nge-1 kaMatshi. ILapsus$ ibango i-190 gigabytes yedatha, kuquka ikhowudi yomthombo weTrust Applet, i-algorithms yebhayometriki yokuvula imisebenzi, ikhowudi yomthombo we-bootloader, kunye nekhowudi yomthombo oyimfihlo weQualcomm.

Iqela nalo ubanga ukuba ubile ikhowudi yemvelaphi yeseva ye-Samsung, akhawunti Samsung kunye nekhowudi yomthombo kunye nezinye iinkcukacha ezahlukeneyo.

Uhlobo lohlaselo olubangele ukubiwa kwedatha alucaci. ILapsus $ yaziwa ngohlaselo lwayo lwe-ransomware, kodwa ayilohlobo lohlaselo lodwa iqela lemigulukudu elithabatha inxaxheba kulo. NjengoNvidia, i-hack ye-Samsung inokuba bubusela bedatha elula kunye nokuphanga kunokusebenzisa ngokuthe ngqo i-ransomware.

Isamsung ngokusemthethweni ibhekisa kubusela “njengokophulwa kokhuseleko olunxulumene nedatha yenkampani yangaphakathi.”

"Ngokusekwe kuhlalutyo lwethu lokuqala, ukophulwa kubandakanya ikhowudi yomthombo enxulumene nokusebenza kwezixhobo zeGlass, kodwa ayibandakanyi iinkcukacha zobuqu zabathengi okanye abasebenzi bethu," utshilo uSamsung kwingxelo echazwe nguSammobile. “Okwangoku, asilindelanga nayiphi na impembelelo kwishishini lethu okanye kubathengi. "Siphumeze amanyathelo okuthintela ezinye izehlo ezilolu hlobo kwaye siza kuqhubeka nokusebenzela abathengi bethu ngaphandle kokuphazamiseka."

Malunga ne-190GB yedatha kuxelwe ukuba ivuziwe, kuquka ikhowudi yomthombo yeemveliso ezahlukeneyo ze-Samsung, i-bootloaders, ukuqinisekiswa kunye neendlela zokuchongwa, iiseva zokuvula, inkqubo yokhuseleko yefowuni ye-Knox, iinkonzo ze-intanethi, i-API, kunye namacandelo obunini anikezelwe yi-Qualcomm, kubandakanywa nesibhengezo sokufumana ikhowudi yazo zonke i-TA-applets ( I-Applet ethembekileyo) esebenza kwindawo ekwanti yehardware enclave esekwe kubuchwephesha beTrustZone (TEE), ikhowudi yolawulo olungundoqo, iimodyuli ze-DRM kunye namacandelo ukunika ukuchongwa kwebhayometriki.

Idatha yapapashwa kwi-domain yoluntu kwaye ngoku iyafumaneka kwi-torrent trackers. Ngokumalunga nesigqibo se-NVIDIA sangaphambili sokudlulisela abaqhubi kwilayisensi yasimahla, kuxelwe ukuba iziphumo ziya kubhengezwa kamva.

"Iinkqubo zeTrojan eziqokelela abafowunelwa kunye neziqinisekiso kwezinye ii-apps, ezinje ngee-apps zebhanki, zixhaphake kakhulu kwi-Android, kodwa ukukwazi ukukrazula idatha yebhayometriki yefowuni okanye ukutshixa isikrini kunqunyelwe kubadlali boyikiso abaxhaswa ngemali kakhulu, kubandakanya nobuntlola obuxhaswa ngurhulumente. ” UCasey Bisson, intloko yemveliso kunye nobudlelwane bomphuhlisi kwinkampani yokhuseleko lwekhowudi iBluBracket

"Ikhowudi yomthombo evuzayo inokwenza kube lula kakhulu kubadlali abagrogrisayo abanemali encinci ukwenza uhlaselo oluntsonkothileyo kwezona zinto zikhuselekileyo zezixhobo zeSamsung."

Kwaphawulwa ukuba ikhowudi ebiweyo inokwenza uhlaselo oluntsonkothileyo olunje ngokukrazula isikrini sokutshixa ifowuni, ukukhupha idatha egcinwe kwindawo ye-Samsung TrustZone, kunye nohlaselo lwe-zero-cofa olufaka ii-backdoors eziqhubekayo kwiifowuni zamaxhoba.

Umlambo ukwabandakanya inkcazo emfutshane yomxholo okhoyo kwifayile nganye kwezi zintathu:

  • Icandelo loku-1 liqulethe ikhowudi yokulahla ikhowudi yomthombo kunye nedatha ehambelanayo malunga noKhuseleko / uKhuselo / i-Knox / i-Bootloader / i-TrustedApps kunye nezinye izinto ezahlukeneyo
  • Icandelo 2 liqulethe indawo yokulahla ikhowudi yomthombo kunye nedatha enxulumene nokhuseleko lwesixhobo kunye noguqulelo oluntsonkothileyo.
  • Inxalenye ye-3 iqulethe iindawo ezahlukeneyo ze-Samsung Github: Ubunjineli boKhuselo lweselula, i-akhawunti ye-Samsung Backend, i-Samsung Pass Backend / Frontend, kunye ne-SES (i-Bixby, i-Smartthings, i-Store)

Akukacaci ukuba iLapsus $ inxibelelane ne-Samsung ngentlawulelo, njengoko babebanga kwityala leNvidia.

Gqibela ukuba unomdla wokwazi ngakumbi kancinci ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.


Yiba ngowokuqala ukuphawula

Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.