{"id":357,"date":"2023-12-02T05:02:45","date_gmt":"2023-12-02T02:02:45","guid":{"rendered":"https:\/\/sms-txt.net\/?p=357"},"modified":"2024-09-05T12:44:33","modified_gmt":"2024-09-05T09:44:33","slug":"ss7-saldirilari","status":"publish","type":"post","link":"https:\/\/sms-txt.net\/tr\/ss7-sms\/ss7-saldirilari\/","title":{"rendered":"SS7 Sald\u0131r\u0131lar\u0131"},"content":{"rendered":"<h1>SS7 Sald\u0131r\u0131lar\u0131<\/h1>\n<p>Bir\u00e7ok eski protokolde oldu\u011fu gibi, SS7 de \u00e7ok az g\u00fcvenlik d\u00fc\u015f\u00fcn\u00fclerek tasarlanm\u0131\u015ft\u0131r. Kimlik do\u011frulama ve yetkilendirme gibi kavramlar neredeyse hi\u00e7 mevcut de\u011fildi veya tart\u0131\u015f\u0131lm\u0131yordu. SS7 g\u00fcvenli\u011fi yaln\u0131zca g\u00fcvene dayal\u0131yd\u0131. \u00c7ekirdek a\u011f unsurlar\u0131, SS7 i\u015flevlerinin k\u00f6t\u00fcye kullan\u0131lmas\u0131na kar\u015f\u0131 \u00e7ok az savunma ile buna g\u00f6re in\u015fa edilmi\u015ftir. Kapal\u0131 bir a\u011f olarak kabul edildi\u011finden, SS7'nin g\u00fcvenli\u011fini de\u011ferlendirmek i\u00e7in \u00e7ok az g\u00fcvenlik ara\u015ft\u0131rmas\u0131 yap\u0131lm\u0131\u015ft\u0131r. G\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131n\u0131n SS7 a\u011flar\u0131na eri\u015fimi yoktu ve hizmet sa\u011flay\u0131c\u0131lar da bu konuya pek ilgi g\u00f6stermiyordu.<\/p>\n<p>Ancak SS7 a\u011f\u0131 art\u0131k kapal\u0131 de\u011fil. A\u011f sa\u011flay\u0131c\u0131lar\u0131, ticari tekliflerinin bir par\u00e7as\u0131 olarak SS7 a\u011flar\u0131n\u0131 \u00fc\u00e7\u00fcnc\u00fc taraflara a\u00e7maktad\u0131r. Femtocell'ler gibi a\u011f unsurlar\u0131 operat\u00f6rlerin kapal\u0131 s\u0131n\u0131rlar\u0131n\u0131 terk etmekte ve g\u00fcvenilmeyen yerlerde bulunmaktad\u0131r; bilgisayar korsanlar\u0131 mobil operat\u00f6rlerin a\u011flar\u0131na girmenin yollar\u0131n\u0131 bulabilirler ve baz\u0131 operat\u00f6rlerin bu t\u00fcr g\u00fcvensiz a\u011flar\u0131 k\u00f6t\u00fcye kullanmak i\u00e7in k\u00f6t\u00fc niyetli ulus devletlerin kontrol\u00fc alt\u0131nda olabilece\u011finden bahsetmek gerekir.<\/p>\n<p>SS7 g\u00fcvensizli\u011finin k\u00f6t\u00fcye kullan\u0131lmas\u0131n\u0131n ciddi etkileri olabilir; protokol\u00fcn do\u011fas\u0131 gere\u011fi kullan\u0131c\u0131 konumu ve arama\/SMS detaylar\u0131 gibi bilgilere eri\u015fim m\u00fcmk\u00fcnd\u00fcr. Finansal hizmetler ve kimlik do\u011frulama sistemleri, bu t\u00fcr protokoller taraf\u0131ndan sa\u011flanan hizmetlerin g\u00fcvenine dayal\u0131 olarak in\u015fa edilmi\u015ftir. Bu g\u00fcvensizlikleri k\u00f6t\u00fcye kullanan hizmet reddi sald\u0131r\u0131lar\u0131 uluslar\u0131n telekom\u00fcnikasyon altyap\u0131s\u0131 i\u00e7in y\u0131k\u0131c\u0131 olabilir.<\/p>\n<p>Sonraki b\u00f6l\u00fcmlerde, eksik kontrolleri analiz etmek ve nihayetinde bu sald\u0131r\u0131lar\u0131n etkisini s\u0131n\u0131rlayabilecek baz\u0131 kontroller \u00f6nermek umuduyla SS7'ye kar\u015f\u0131 duyurulan baz\u0131 sald\u0131r\u0131lar\u0131 inceleyece\u011fiz. Bu b\u00f6l\u00fcmler b\u00fcy\u00fck \u00f6l\u00e7\u00fcde g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 Tobias Engel ve Karsten Nohl taraf\u0131ndan arama ve SMS dinleme, konum izleme, doland\u0131r\u0131c\u0131l\u0131k ve hizmet reddi alanlar\u0131nda yap\u0131lan \u00e7al\u0131\u015fmalardan yararlanmaktad\u0131r.<\/p>\n<h2>Arama ve SMS Dinleme<\/h2>\n<p>\u0130leti\u015fimin dinlenmesi her zaman casusluk operasyonlar\u0131 i\u00e7in nihai hedef olmu\u015ftur. Kablolu telefonlar\u0131n kullan\u0131ld\u0131\u011f\u0131 eski g\u00fcnlerde, sald\u0131rgan\u0131n devam eden bir g\u00f6r\u00fc\u015fmeyi dinleyebilmesi i\u00e7in fiziksel olarak kabloya girmesi gerekiyordu.<br \/>\nMobil ileti\u015fim \u00e7a\u011f\u0131nda, \u00e7a\u011fr\u0131, arayan taraflar ve mobil a\u011flar aras\u0131nda radyo \u00fczerinden iletilir. Normalde trafik hava aray\u00fcz\u00fc \u00fczerinden \u015fifrelenir. \u015eifreleme A5\/1 ya da A5\/3 protokolleri kullan\u0131larak yap\u0131l\u0131r. Son zamanlarda A5\/1 paketi k\u0131r\u0131lm\u0131\u015ft\u0131r ve ucuz radyo kesiciler ve g\u00f6kku\u015fa\u011f\u0131 tablolar\u0131 kullan\u0131larak hava aray\u00fcz\u00fc \u00fczerinden aktar\u0131lan \u00e7a\u011fr\u0131lar\u0131n \u015fifresini \u00e7\u00f6zmek m\u00fcmk\u00fcnd\u00fcr (Nohl, Munant, 2010). Olarak<br \/>\nSonu\u00e7 olarak, operat\u00f6rler bu t\u00fcr sald\u0131r\u0131larla m\u00fccadele etmek i\u00e7in daha g\u00fc\u00e7l\u00fc \u015fifreleme protokol\u00fc A5\/3'\u00fc uygulamaya ba\u015flad\u0131lar.<\/p>\n<p>Ancak k\u0131sa s\u00fcre \u00f6nce a\u00e7\u0131klanan SS7 g\u00fcvenlik a\u00e7\u0131klar\u0131, mobil a\u011f \u00fczerinden iletilen \u00e7a\u011fr\u0131lar\u0131n ve SMS'lerin dinlenmesini kolayla\u015ft\u0131ran \u00e7ok say\u0131da yol a\u00e7t\u0131.<\/p>","protected":false},"excerpt":{"rendered":"<p>SS7 Sald\u0131r\u0131lar\u0131 Bir\u00e7ok eski protokolde oldu\u011fu gibi, SS7 de \u00e7ok az g\u00fcvenlik d\u00fc\u015f\u00fcn\u00fclerek tasarlanm\u0131\u015ft\u0131r. Kimlik do\u011frulama ve yetkilendirme gibi kavramlar neredeyse hi\u00e7 mevcut de\u011fildi veya tart\u0131\u015f\u0131lm\u0131yordu. SS7 g\u00fcvenli\u011fi yaln\u0131zca g\u00fcvene dayal\u0131yd\u0131. \u00c7ekirdek a\u011f elemanlar\u0131, SS7 i\u015flevlerinin k\u00f6t\u00fcye kullan\u0131lmas\u0131na kar\u015f\u0131 \u00e7ok az savunma ile buna g\u00f6re in\u015fa edilmi\u015ftir. Kapal\u0131 bir sistem olarak g\u00f6r\u00fclmesi...<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-357","post","type-post","status-publish","format-standard","hentry","category-ss7-sms"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v26.7 (Yoast SEO v26.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SS7 Attacks<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/sms-txt.net\/tr\/ss7-sms\/ss7-saldirilari\/\" \/>\n<meta property=\"og:locale\" content=\"tr_TR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SS7 Attacks\" \/>\n<meta property=\"og:description\" content=\"SS7 Attacks As with many legacy protocols, SS7 was designed with little security in mind. Concepts such as authentication and authorization were hardly present or discussed. The SS7 security was solely based on trust. The core network elements were built accordingly with little if any defenses against abusing SS7 functionalities. Being regarded as a closed...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/sms-txt.net\/tr\/ss7-sms\/ss7-saldirilari\/\" \/>\n<meta property=\"og:site_name\" content=\"SS7 Hacking\" \/>\n<meta property=\"article:published_time\" content=\"2023-12-02T02:02:45+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-05T09:44:33+00:00\" \/>\n<meta name=\"author\" content=\"ss7\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ss7\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/\"},\"author\":{\"name\":\"ss7\",\"@id\":\"https:\/\/sms-txt.net\/#\/schema\/person\/fa482bf9132db58e46bb9c9df2d73be0\"},\"headline\":\"SS7 Attacks\",\"datePublished\":\"2023-12-02T02:02:45+00:00\",\"dateModified\":\"2024-09-05T09:44:33+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/\"},\"wordCount\":447,\"publisher\":{\"@id\":\"https:\/\/sms-txt.net\/#organization\"},\"articleSection\":[\"SS7\"],\"inLanguage\":\"tr-TR\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/\",\"url\":\"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/\",\"name\":\"SS7 Attacks\",\"isPartOf\":{\"@id\":\"https:\/\/sms-txt.net\/#website\"},\"datePublished\":\"2023-12-02T02:02:45+00:00\",\"dateModified\":\"2024-09-05T09:44:33+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/#breadcrumb\"},\"inLanguage\":\"tr-TR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/sms-txt.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SS7 Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/sms-txt.net\/#website\",\"url\":\"https:\/\/sms-txt.net\/\",\"name\":\"SS7 Hacking\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/sms-txt.net\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/sms-txt.net\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"tr-TR\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/sms-txt.net\/#organization\",\"name\":\"SS7\",\"url\":\"https:\/\/sms-txt.net\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"tr-TR\",\"@id\":\"https:\/\/sms-txt.net\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/yellow-jaguar-454368.hostingersite.com\/wp-content\/uploads\/2020\/05\/logo.jpg\",\"contentUrl\":\"https:\/\/yellow-jaguar-454368.hostingersite.com\/wp-content\/uploads\/2020\/05\/logo.jpg\",\"width\":866,\"height\":680,\"caption\":\"SS7\"},\"image\":{\"@id\":\"https:\/\/sms-txt.net\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/sms-txt.net\/#\/schema\/person\/fa482bf9132db58e46bb9c9df2d73be0\",\"name\":\"ss7\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"SS7 Sald\u0131r\u0131lar\u0131","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/sms-txt.net\/tr\/ss7-sms\/ss7-saldirilari\/","og_locale":"tr_TR","og_type":"article","og_title":"SS7 Attacks","og_description":"SS7 Attacks As with many legacy protocols, SS7 was designed with little security in mind. Concepts such as authentication and authorization were hardly present or discussed. The SS7 security was solely based on trust. The core network elements were built accordingly with little if any defenses against abusing SS7 functionalities. Being regarded as a closed...","og_url":"https:\/\/sms-txt.net\/tr\/ss7-sms\/ss7-saldirilari\/","og_site_name":"SS7 Hacking","article_published_time":"2023-12-02T02:02:45+00:00","article_modified_time":"2024-09-05T09:44:33+00:00","author":"ss7","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ss7","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/#article","isPartOf":{"@id":"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/"},"author":{"name":"ss7","@id":"https:\/\/sms-txt.net\/#\/schema\/person\/fa482bf9132db58e46bb9c9df2d73be0"},"headline":"SS7 Attacks","datePublished":"2023-12-02T02:02:45+00:00","dateModified":"2024-09-05T09:44:33+00:00","mainEntityOfPage":{"@id":"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/"},"wordCount":447,"publisher":{"@id":"https:\/\/sms-txt.net\/#organization"},"articleSection":["SS7"],"inLanguage":"tr-TR"},{"@type":"WebPage","@id":"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/","url":"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/","name":"SS7 Sald\u0131r\u0131lar\u0131","isPartOf":{"@id":"https:\/\/sms-txt.net\/#website"},"datePublished":"2023-12-02T02:02:45+00:00","dateModified":"2024-09-05T09:44:33+00:00","breadcrumb":{"@id":"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/#breadcrumb"},"inLanguage":"tr-TR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/sms-txt.net\/es\/ss7-sms\/ss7-ataques\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/sms-txt.net\/"},{"@type":"ListItem","position":2,"name":"SS7 Attacks"}]},{"@type":"WebSite","@id":"https:\/\/sms-txt.net\/#website","url":"https:\/\/sms-txt.net\/","name":"SS7 Hackleme","description":"","publisher":{"@id":"https:\/\/sms-txt.net\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/sms-txt.net\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"tr-TR"},{"@type":"Organization","@id":"https:\/\/sms-txt.net\/#organization","name":"SS7","url":"https:\/\/sms-txt.net\/","logo":{"@type":"ImageObject","inLanguage":"tr-TR","@id":"https:\/\/sms-txt.net\/#\/schema\/logo\/image\/","url":"https:\/\/yellow-jaguar-454368.hostingersite.com\/wp-content\/uploads\/2020\/05\/logo.jpg","contentUrl":"https:\/\/yellow-jaguar-454368.hostingersite.com\/wp-content\/uploads\/2020\/05\/logo.jpg","width":866,"height":680,"caption":"SS7"},"image":{"@id":"https:\/\/sms-txt.net\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/sms-txt.net\/#\/schema\/person\/fa482bf9132db58e46bb9c9df2d73be0","name":"ss7"}]}},"_links":{"self":[{"href":"https:\/\/sms-txt.net\/tr\/wp-json\/wp\/v2\/posts\/357","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sms-txt.net\/tr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sms-txt.net\/tr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sms-txt.net\/tr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sms-txt.net\/tr\/wp-json\/wp\/v2\/comments?post=357"}],"version-history":[{"count":0,"href":"https:\/\/sms-txt.net\/tr\/wp-json\/wp\/v2\/posts\/357\/revisions"}],"wp:attachment":[{"href":"https:\/\/sms-txt.net\/tr\/wp-json\/wp\/v2\/media?parent=357"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sms-txt.net\/tr\/wp-json\/wp\/v2\/categories?post=357"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sms-txt.net\/tr\/wp-json\/wp\/v2\/tags?post=357"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}