{"id":6808,"date":"2026-02-11T21:28:11","date_gmt":"2026-02-11T17:28:11","guid":{"rendered":"https:\/\/jsnet.biz\/?p=6808"},"modified":"2026-02-11T21:32:07","modified_gmt":"2026-02-11T17:32:07","slug":"avstriya-t%c9%99dqiqati-whatsapp-da-t%c9%99hluk%c9%99sizlik-z%c9%99ifliyinin-35-milyard-istifad%c9%99cinin-m%c9%99lumatlarinin-aciqlanmasina-s%c9%99b%c9%99b-oldugunu-gost%c9%99rdi","status":"publish","type":"post","link":"https:\/\/jsnet.biz\/az\/avstriya-t%c9%99dqiqati-whatsapp-da-t%c9%99hluk%c9%99sizlik-z%c9%99ifliyinin-35-milyard-istifad%c9%99cinin-m%c9%99lumatlarinin-aciqlanmasina-s%c9%99b%c9%99b-oldugunu-gost%c9%99rdi\/","title":{"rendered":"Avstriya t\u0259dqiqat\u0131 WhatsApp-da t\u0259hl\u00fck\u0259sizlik z\u0259ifliyinin 3,5 milyard istifad\u0259\u00e7inin m\u0259lumatlar\u0131n\u0131n a\u00e7\u0131qlanmas\u0131na s\u0259b\u0259b oldu\u011funu g\u00f6st\u0259rdi"},"content":{"rendered":"<p>WhatsApp sisteml\u0259rind\u0259 kritik z\u0259iflik qlobal istifad\u0259\u00e7i bazas\u0131n\u0131n \u2013 t\u0259xmini 3,5 milyard n\u0259f\u0259rin \u2013 profil m\u0259lumatlar\u0131n\u0131 v\u0259 telefon n\u00f6mr\u0259l\u0259rini a\u00e7\u0131qlama\u011fa imkan verib. Bu k\u0259\u015ff Vyanada (Avstriya) universitetinin ekspertl\u0259ri t\u0259r\u0259find\u0259n apar\u0131lm\u0131\u015f t\u0259dqiqatda \u0259trafl\u0131 t\u0259svir olunub. Aliml\u0259r pozuntunu a\u015fkar edib v\u0259 onun 245 \u00f6lk\u0259d\u0259 miqyas\u0131n\u0131 x\u0259rit\u0259l\u0259\u015fdiribl\u0259r.<\/p>\n\n\n\n<p>T\u0259dqiqat g\u00f6st\u0259rib ki, z\u0259iflikd\u0259n istifad\u0259 etm\u0259kl\u0259 t\u0259kc\u0259 hesablarla \u0259laq\u0259li telefon n\u00f6mr\u0259l\u0259rin\u0259 deyil, h\u0259m d\u0259 profil \u015f\u0259kill\u0259rin\u0259 v\u0259 a\u00e7\u0131q status m\u0259tnl\u0259rin\u0259 daxil olmaq m\u00fcmk\u00fcn olub. T\u0259tbiqin \u0259n b\u00f6y\u00fck bazarlar\u0131ndan biri olan Braziliya (t\u0259xmin\u0259n 206 milyon aktiv hesab) birba\u015fa t\u0259sirl\u0259n\u0259n \u00f6lk\u0259l\u0259rd\u0259n biri olub.<\/p>\n\n\n\n<p>Meta (WhatsApp-\u0131n ana \u015firk\u0259ti) problem bar\u0259d\u0259 m\u0259lumatland\u0131r\u0131l\u0131b v\u0259 2025-ci ilin sentyabr\u0131nda, t\u0259dqiqat\u00e7\u0131lar\u0131n s\u0131naq d\u00f6vr\u00fcnd\u0259n bir ne\u00e7\u0259 ay sonra son d\u00fcz\u0259li\u015fl\u0259ri t\u0259tbiq edib. Kiber cinay\u0259tkarlar t\u0259r\u0259find\u0259n geni\u015f \u015f\u0259kild\u0259 istifad\u0259 edildiyin\u0259 dair he\u00e7 bir s\u00fcbut olmasa da, t\u0259dqiqat kommunikasiya platformalar\u0131nda metadata idar\u0259etm\u0259si il\u0259 ba\u011fl\u0131 riskl\u0259r bar\u0259d\u0259 x\u0259b\u0259rdarl\u0131q edir.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">K\u0259\u015ffin metodologiyas\u0131<\/h3>\n\n\n\n<p>Aliml\u0259rin z\u0259ifliyin miqyas\u0131n\u0131 m\u00fc\u0259yy\u0259nl\u0259\u015fdirm\u0259k \u00fc\u00e7\u00fcn istifad\u0259 etdiyi metod brute-force (brutal q\u00fcvv\u0259) \u00fcsulu \u0259sas\u0131nda qurulub. Proses m\u00fcxt\u0259lif \u00f6lk\u0259l\u0259rd\u0259ki telefon n\u00f6mr\u0259l\u0259rinin standartlar\u0131na uy\u011fun r\u0259q\u0259msal ard\u0131c\u0131ll\u0131qlar\u0131n avtomatik yarad\u0131lmas\u0131ndan ibar\u0259t idi.<\/p>\n\n\n\n<p>M\u0259s\u0259l\u0259n, Braziliyada s\u0259kkiz v\u0259 doqquz r\u0259q\u0259mli kombinasiyalar s\u0131naqdan ke\u00e7irilib ki, b\u00fct\u00fcn aktiv mobil x\u0259tl\u0259ri \u0259hat\u0259 etsin. Bu yana\u015fma qlobal miqyasda on milyardlarla potensial n\u00f6mr\u0259nin ilkin siyah\u0131s\u0131n\u0131 yaratma\u011fa imkan verib.<\/p>\n\n\n\n<p>Siyah\u0131 yarad\u0131ld\u0131qdan sonra t\u0259dqiqat\u00e7\u0131lar WhatsApp serverl\u0259rin\u0259 birba\u015fa qo\u015fulmaq \u00fc\u00e7\u00fcn alternativ proqram t\u0259minat\u0131ndan istifad\u0259 edibl\u0259r. Bu proqram saniy\u0259d\u0259 7000-\u0259 q\u0259d\u0259r n\u00f6mr\u0259ni yoxlayaraq, hans\u0131 n\u00f6mr\u0259l\u0259rin aktiv hesaba ba\u011fl\u0131 oldu\u011funu m\u00fc\u0259yy\u0259nl\u0259\u015fdirib.<\/p>\n\n\n\n<p>Platformada ilkin olaraq s\u00fcr\u0259t m\u0259hdudiyy\u0259ti mexanizml\u0259rinin olmamas\u0131 bu q\u0259d\u0259r s\u00fcr\u0259tli v\u0259 tam m\u0259lumat toplama\u011fa imkan verib v\u0259 istifad\u0259\u00e7i infrastrukturunu ciddi texniki mane\u0259l\u0259r olmadan x\u0259rit\u0259l\u0259\u015fdirm\u0259y\u0259 k\u00f6m\u0259k edib.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Braziliyada m\u0259lumatlar\u0131n a\u00e7\u0131qlanmas\u0131n\u0131n miqyas\u0131<\/h3>\n\n\n\n<p>T\u0259dqiqat Braziliya bazar\u0131nda 206 milyon istifad\u0259\u00e7inin potensial risk alt\u0131nda oldu\u011funu g\u00f6st\u0259rib. Toplanm\u0131\u015f m\u0259lumatlar\u0131n t\u0259hlili \u00f6lk\u0259d\u0259 hesablar\u0131n 81,4%-nin Android, qalan 18,6%-nin is\u0259 iPhone cihazlar\u0131nda oldu\u011funu ortaya qoyub. Bu r\u0259q\u0259ml\u0259r \u00f6lk\u0259d\u0259 smartfon bazar\u0131n\u0131n paylanmas\u0131n\u0131 \u0259ks etdirir v\u0259 z\u0259ifliyin yaln\u0131z bir \u0259m\u0259liyyat sistemi il\u0259 m\u0259hdudla\u015fmad\u0131\u011f\u0131n\u0131, geni\u015f istifad\u0259\u00e7i bazas\u0131n\u0131 \u0259hat\u0259 etdiyini g\u00f6st\u0259rir.<\/p>\n\n\n\n<p>\u018fn m\u00fch\u00fcm m\u0259lumatlardan biri profil \u015f\u0259kill\u0259rinin y\u00fcks\u0259k g\u00f6r\u00fcnm\u0259 tezliyidir. Sor\u011fuya g\u00f6r\u0259, braziliyal\u0131 hesablar\u0131n 61%-d\u0259 profil \u015f\u0259kill\u0259ri n\u00f6mr\u0259ni g\u00f6r\u0259n h\u0259r k\u0259s\u0259 \u2013 h\u0259tta \u0259laq\u0259y\u0259 \u0259lav\u0259 etm\u0259s\u0259 bel\u0259 \u2013 g\u00f6r\u00fcn\u00fcrd\u00fc. \u015e\u0259kill\u0259rl\u0259 yana\u015f\u0131, m\u0259xfilik parametrl\u0259ri icaz\u0259 verdiyi hallarda status m\u0259tnl\u0259ri d\u0259 qeyd\u0259 al\u0131n\u0131b. Bu m\u0259lumatlar telefon n\u00f6mr\u0259si il\u0259 birl\u0259\u015fdirildikd\u0259 sosial m\u00fch\u0259ndislik h\u00fccumlar\u0131 v\u0259 ya h\u0259d\u0259fl\u0259nmi\u015f fi\u015finq kampaniyalar\u0131 \u00fc\u00e7\u00fcn istifad\u0259 oluna bil\u0259r.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Metan\u0131n reaksiyas\u0131 v\u0259 qar\u015f\u0131s\u0131n\u0131n al\u0131nmas\u0131 t\u0259dbirl\u0259ri<\/h3>\n\n\n\n<p>T\u0259dqiqat\u00e7\u0131larla Meta aras\u0131ndak\u0131 \u0259laq\u0259 2024-c\u00fc ilin sentyabr\u0131nda, ilk z\u0259iflik bildiri\u015fi g\u00f6nd\u0259rildikd\u0259 ba\u015flay\u0131b. Lakin ilkin yum\u015fald\u0131c\u0131 t\u0259dbirl\u0259r yaln\u0131z 2025-ci ilin avqustunda, avstriyal\u0131 komandan\u0131n v\u0259ziyy\u0259tin ciddiliyini bildirdikd\u0259n sonra h\u0259yata ke\u00e7irilib.<\/p>\n\n\n\n<p>\u015eirk\u0259t aliml\u0259rin Bug Bounty proqram\u0131 \u00e7\u0259r\u00e7iv\u0259sind\u0259 verdiyi t\u00f6hf\u0259ni tan\u0131y\u0131b v\u0259 t\u0259dqiqat zaman\u0131 toplanm\u0131\u015f b\u00fct\u00fcn m\u0259lumatlar\u0131n t\u0259hl\u00fck\u0259sizlik v\u0259 etika protokollar\u0131na uy\u011fun olaraq silindiyini t\u0259sdiql\u0259yib.<\/p>\n\n\n\n<p>Edil\u0259n d\u00fcz\u0259li\u015fl\u0259r t\u0259tbiqin g\u00fcnd\u0259lik istifad\u0259sin\u0259 m\u0259nfi t\u0259sir g\u00f6st\u0259rm\u0259d\u0259n k\u00fctl\u0259vi m\u0259lumat \u00e7\u0131xar\u0131lmas\u0131n\u0131n qar\u015f\u0131s\u0131n\u0131 alma\u011fa y\u00f6n\u0259lib. Meta vur\u011fulay\u0131b ki, s\u00f6hb\u0259tl\u0259rin m\u0259zmunu h\u0259mi\u015f\u0259 end-to-end \u015fifr\u0259l\u0259m\u0259 il\u0259 qorunub v\u0259 bu z\u0259iflikd\u0259n t\u0259sirl\u0259nm\u0259yib.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Z\u0259ifliyin v\u0259 d\u00fcz\u0259li\u015fl\u0259rin qrafiki<\/h3>\n\n\n\n<p>\u0130lk bildiri\u015fd\u0259n tam h\u0259ll\u0259 q\u0259d\u0259r t\u0259xmin\u0259n bir il ke\u00e7ib. Vyanada universiteti t\u0259r\u0259find\u0259n 2024-c\u00fc ilin sentyabr\u0131nda r\u0259smi x\u0259b\u0259rdarl\u0131q edilib v\u0259 mesajla\u015fma platformas\u0131n\u0131n sisteml\u0259rind\u0259 potensial pozuntu siqnal\u0131 verilib.<\/p>\n\n\n\n<p>2024-c\u00fc ilin dekabr\u0131ndan 2025-ci ilin aprelin\u0259 q\u0259d\u0259r t\u0259dqiqat\u00e7\u0131lar bir ne\u00e7\u0259 \u00f6lk\u0259d\u0259 say\u011fac testl\u0259ri apararaq u\u011fursuzluqlar\u0131n miqyas\u0131n\u0131 s\u00fcbut edib v\u0259 \u00f6l\u00e7\u00fcb.<\/p>\n\n\n\n<p>Meta k\u00fctl\u0259vi avtomatik axtar\u0131\u015flara qar\u015f\u0131 ilk m\u00fcdafi\u0259 mexanizml\u0259rini yaln\u0131z 2025-ci ilin avqustunda t\u0259tbiq etm\u0259y\u0259 ba\u015flay\u0131b \u2013 ilk \u0259laq\u0259d\u0259n t\u0259xmin\u0259n bir il sonra.<\/p>\n\n\n\n<p>N\u0259hay\u0259t, 2025-ci ilin sentyabr\u0131nda \u015firk\u0259t profil v\u0259 \u015f\u0259kill\u0259r\u0259 tan\u0131mayanlar\u0131n bax\u0131\u015f\u0131na daha s\u0259rt m\u0259hdudiyy\u0259tl\u0259r t\u0259tbiq ed\u0259r\u0259k m\u00fcdafi\u0259ni geni\u015fl\u0259ndirib. B\u00fct\u00fcn qlobal m\u0259lumatlarla tam t\u0259dqiqat noyabr 2025-ci ild\u0259 d\u0259rc olunub v\u0259 z\u0259iflik ictimaiyy\u0259t\u0259 m\u0259lum olub.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">\u0130stifad\u0259\u00e7il\u0259rin m\u0259xfilik n\u0259tic\u0259l\u0259ri<\/h3>\n\n\n\n<p>Mesajlar\u0131n \u015fifr\u0259l\u0259nm\u0259si pozulmasa da, telefon n\u00f6mr\u0259si, profil \u015f\u0259kli, status v\u0259 f\u0259aliyy\u0259t m\u0259lumatlar\u0131 kimi metadatalar\u0131n a\u00e7\u0131qlanmas\u0131 istifad\u0259\u00e7il\u0259rin m\u0259xfilik \u00fc\u00e7\u00fcn ciddi risk yarad\u0131r. \u00d6z-\u00f6z\u00fcn\u0259 z\u0259r\u0259rsiz g\u00f6r\u00fcn\u0259n bu m\u0259lumatlar birl\u0259\u015fdirildikd\u0259 insanlar\u0131n \u0259trafl\u0131 profill\u0259rini yaratmaq \u00fc\u00e7\u00fcn istifad\u0259 oluna bil\u0259r v\u0259 spam kampaniyalar\u0131, fi\u015finq h\u00fccumlar\u0131 v\u0259 dig\u0259r kiberh\u00fccumlar \u00fc\u00e7\u00fcn asan h\u0259d\u0259f\u0259 \u00e7evril\u0259 bil\u0259r.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Qlobal istifad\u0259\u00e7i say\u0131m\u0131 m\u0259lumatlar\u0131<\/h3>\n\n\n\n<p>T\u0259dqiqat zaman\u0131 WhatsApp istifad\u0259\u00e7il\u0259rinin bir ne\u00e7\u0259 \u00f6lk\u0259d\u0259 \u0259trafl\u0131 icmal\u0131 \u0259ld\u0259 edilib. Hindistan 749 milyon aktiv hesab il\u0259 \u0259n b\u00f6y\u00fck bazar kimi se\u00e7ilib, ard\u0131nca \u0130ndoneziya 235 milyonla g\u0259lir.<\/p>\n\n\n\n<p>Braziliyada x\u0259rit\u0259l\u0259\u015fdirm\u0259 co\u011frafi m\u0259hdudiyy\u0259tsiz apar\u0131l\u0131b v\u0259 \u00f6lk\u0259nin b\u00fct\u00fcn \u0259razisind\u0259 r\u0259q\u0259msal kombinasiyalar\u0131 \u0259hat\u0259 edib. Pik saatlarda server sor\u011fular\u0131n\u0131n h\u0259cmi saatda 100 milyon n\u00f6mr\u0259y\u0259 \u00e7at\u0131b.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Platforma t\u0259r\u0259find\u0259n h\u0259yata ke\u00e7iril\u0259n texniki d\u00fcz\u0259li\u015fl\u0259r<\/h3>\n\n\n\n<p>T\u0259hl\u00fck\u0259sizliyi art\u0131rmaq \u00fc\u00e7\u00fcn Meta \u015f\u00fcbh\u0259li giri\u015f modell\u0259rini daha effektiv a\u015fkarlamaq \u00fc\u00e7\u00fcn daxili alqoritml\u0259rini t\u0259nziml\u0259yib. Bu, f\u0259aliyy\u0259t zaman dam\u011falar\u0131n\u0131n monitorinqini v\u0259 \u015fifr\u0259l\u0259m\u0259 a\u00e7\u0131q a\u00e7arlar\u0131na giri\u015f \u00fcsulunu \u0259hat\u0259 edir ki, bu da g\u0259l\u0259c\u0259k k\u00fctl\u0259vi m\u0259lumat toplama c\u0259hdl\u0259rin\u0259 qar\u015f\u0131 \u0259lav\u0259 qoruma s\u0259viyy\u0259si \u0259lav\u0259 edir.<\/p>","protected":false},"excerpt":{"rendered":"<p>WhatsApp sisteml\u0259rind\u0259 kritik z\u0259iflik qlobal istifad\u0259\u00e7i bazas\u0131n\u0131n \u2013 t\u0259xmini 3,5 milyard n\u0259f\u0259rin \u2013 profil m\u0259lumatlar\u0131n\u0131 v\u0259 telefon n\u00f6mr\u0259l\u0259rini a\u00e7\u0131qlama\u011fa imkan verib. Bu k\u0259\u015ff Vyanada (Avstriya) universitetinin ekspertl\u0259ri t\u0259r\u0259find\u0259n apar\u0131lm\u0131\u015f t\u0259dqiqatda \u0259trafl\u0131 t\u0259svir olunub. Aliml\u0259r pozuntunu a\u015fkar edib v\u0259 onun 245 \u00f6lk\u0259d\u0259 miqyas\u0131n\u0131 x\u0259rit\u0259l\u0259\u015fdiribl\u0259r. T\u0259dqiqat g\u00f6st\u0259rib ki, z\u0259iflikd\u0259n istifad\u0259 etm\u0259kl\u0259 t\u0259kc\u0259 hesablarla \u0259laq\u0259li telefon n\u00f6mr\u0259l\u0259rin\u0259 deyil, [&hellip;]<\/p>","protected":false},"author":1,"featured_media":6813,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[179,144],"class_list":["post-6808","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-cybersecurity","tag-sbk-hucumu"],"_links":{"self":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/6808","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/comments?post=6808"}],"version-history":[{"count":1,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/6808\/revisions"}],"predecessor-version":[{"id":6810,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/posts\/6808\/revisions\/6810"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/media\/6813"}],"wp:attachment":[{"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/media?parent=6808"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/categories?post=6808"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jsnet.biz\/az\/wp-json\/wp\/v2\/tags?post=6808"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}