{"id":93480,"date":"2026-01-24T05:12:06","date_gmt":"2026-01-24T05:12:06","guid":{"rendered":"https:\/\/ikimisli.tr\/?p=93480"},"modified":"2026-01-24T05:12:06","modified_gmt":"2026-01-24T05:12:06","slug":"gelen-smste-bu-harf-eksikse-sakin-tiklamayin","status":"publish","type":"post","link":"https:\/\/ikimisli.tr\/index.php\/2026\/01\/24\/gelen-smste-bu-harf-eksikse-sakin-tiklamayin\/","title":{"rendered":"Gelen SMS’te bu harf eksikse sak\u0131n t\u0131klamay\u0131n"},"content":{"rendered":"

Yeni yay\u0131mlanan ara\u015ft\u0131rma, sigorta tekliflerinden i\u015f ilanlar\u0131na, evcil hayvan bak\u0131c\u0131s\u0131 ve \u00f6zel ders platformlar\u0131na kadar pek \u00e7ok hizmette kullan\u0131lan SMS tabanl\u0131 giri\u015f usullerinin doland\u0131r\u0131c\u0131l\u0131k, kimlik h\u0131rs\u0131zl\u0131\u011f\u0131 ve yetkisiz hesap eri\u015fimlerine kap\u0131 aralad\u0131\u011f\u0131n\u0131 ortaya koydu. Ara\u015ft\u0131rmaya nazaran, 175\u2019ten fazla hizmet ismine SMS g\u00f6nderen 700\u2019\u00fcn \u00fczerinde sistem noktas\u0131 (endpoint), kullan\u0131c\u0131 g\u00fcvenli\u011fini zay\u0131flatan uygulamalar i\u00e7eriyor.<\/p>\n

En b\u00fcy\u00fck s\u0131k\u0131nt\u0131lardan biri, SMS ile g\u00f6nderilen temaslar\u0131n iddia edilebilir yahut kolayl\u0131kla \u00e7o\u011falt\u0131labilir olmas\u0131. G\u00fcvenlik belirte\u00e7leri basit\u00e7e de\u011fi\u015ftirildi\u011finde, sald\u0131rganlar di\u011ferlerinin hesaplar\u0131na eri\u015febiliyor, ferd\u00ee bilgileri g\u00f6r\u00fcnt\u00fcleyebiliyor ve birtak\u0131m durumlarda kullan\u0131c\u0131 \u00fczere s\u00fcre\u00e7 yapabiliyor.<\/p>\n

Ara\u015ft\u0131rmac\u0131lar, bu taarruzlar\u0131n temel-orta d\u00fczey web g\u00fcvenli\u011fi bilgisiyle ve t\u00fcketici seviyesi donan\u0131mla b\u00fcy\u00fck \u00f6l\u00e7ekte ger\u00e7ekle\u015ftirilebildi\u011fini vurguluyor. \u00dcstelik bir\u00e7ok link y\u0131llarca ge\u00e7erlili\u011fini koruyor, bu da yetkisiz eri\u015fim riskini art\u0131r\u0131yor.<\/p>\n

\u201cKOLAY VE S\u00dcRT\u00dcNMES\u0130Z\u201d LAK\u0130N G\u00dcVENS\u0130Z<\/b><\/p>\n

Sorunu a\u011f\u0131rla\u015ft\u0131ran bir ba\u015fka \u00f6ge, SMS\u2019in \u015fifreli olmamas\u0131. Ge\u00e7mi\u015fte milyonlarca k\u0131sa iletinin depoland\u0131\u011f\u0131 ve i\u00e7inde isimler, adresler, kullan\u0131c\u0131 isimleri, parolalar, finans m\u00fcracaatlar\u0131 \u00fczere hassas bilgilerin bulundu\u011fu a\u00e7\u0131k veritabanlar\u0131 tespit edilmi\u015fti. Buna kar\u015f\u0131n, \u201ckolay ve s\u00fcrt\u00fcnmesiz\u201d<\/strong> oldu\u011fu gerek\u00e7esiyle SMS tabanl\u0131 giri\u015f yayg\u0131nl\u0131\u011f\u0131n\u0131 s\u00fcrd\u00fcr\u00fcyor.<\/p>\n

Y\u00dcZ B\u0130NLERCE G\u0130R\u0130\u015e L\u0130NK\u0130 \u0130NCELEND\u0130<\/b><\/p>\n

Ara\u015ft\u0131rmac\u0131lar, 33 milyondan fazla iletiden elde ettikleri 322 binin \u00fczerinde e\u015fsiz giri\u015f linkini inceledi. Bunlar\u0131n 701 endpoint\u2019ten gelen ve 177 hizmeti kapsayan k\u0131sm\u0131n\u0131n, kimlik numaras\u0131, do\u011fum tarihi, banka hesap bilgileri ve kredi skoru \u00fczere kritik \u015fahs\u00ee datalar\u0131 a\u00e7\u0131\u011fa \u00e7\u0131karabildi\u011fi belirlendi. Hizmetlerin 125\u2019i, d\u00fc\u015f\u00fck g\u00fcvenlikli token\u2019lar nedeniyle toplu link varsay\u0131m\u0131na a\u00e7\u0131k bulundu.<\/p>\n

Uzmanlara nazaran sorumluluk b\u00fcy\u00fck \u00f6l\u00e7\u00fcde hizmet sa\u011flay\u0131c\u0131larda. Kullan\u0131c\u0131lara \u201chassas bilgi vermeyin\u201d demek k\u00e2fi de\u011fil; \u00e7\u00fcnk\u00fc listede milyonlarca kullan\u0131c\u0131s\u0131 olan, tan\u0131nm\u0131\u015f platformlar da var.<\/p>\n

\u201cKR\u0130PTOGRAF\u0130K VE G\u00dc\u00c7L\u00dc\u201d OLMALI<\/b><\/p>\n

\u00d6te yandan uzmanlar, \u201csihirli link\u201d<\/strong> (magic link) prosed\u00fcr\u00fcn\u00fcn ba\u015fl\u0131 ba\u015f\u0131na inan\u00e7s\u0131z olmad\u0131\u011f\u0131n\u0131; fakat k\u0131sa periyodik, birinci giri\u015fte ge\u00e7ersizle\u015fen ve kriptografik olarak g\u00fc\u00e7l\u00fc olmas\u0131 gerekti\u011fini vurguluyor. Birtak\u0131m sakl\u0131l\u0131k odakl\u0131 siteler e-posta ile bu metodu kullan\u0131yor; lakin bankalar ve b\u00fcy\u00fck data bar\u0131nd\u0131ran servisler i\u00e7in k\u00e2fi g\u00f6r\u00fclm\u00fcyor.<\/p>\n

G\u00fcvenli\u011fi art\u0131rmak i\u00e7in ikinci bir g\u00fc\u00e7l\u00fc do\u011frulama fakt\u00f6r\u00fc ve deneme say\u0131s\u0131 s\u0131n\u0131rlamas\u0131 da ko\u015ful.<\/p>\n

SAHTE SMS’LER NASIL ANLA\u015eILIR, NASIL KORUNMALIYIZ?<\/b><\/p>\n

Kayna\u011f\u0131 do\u011frulay\u0131n: <\/p>\n

Resmi kanallar\u0131 kullan\u0131n:<\/strong> Banka, sigorta yahut ba\u015fka hizmetlerin resmi uygulama ve web siteleri \u00fczerinden giri\u015f yap\u0131n.<\/p>\n

Ki\u015fisel bilgilerinizi payla\u015fmay\u0131n:<\/strong> SMS \u00fczerinden istenen kimlik, banka yahut kredi bilgilerini asla g\u00f6ndermeyin.<\/p>\n

\u0130ki fakt\u00f6rl\u00fc do\u011frulama kullan\u0131n:<\/strong> M\u00fcmk\u00fcnse SMS yerine uygulama tabanl\u0131 do\u011frulamay\u0131 tercih edin.<\/p>\n

Cihaz\u0131n\u0131z\u0131 koruyun: <\/strong>Telefonunuza akt\u00fcel antivir\u00fcs ve g\u00fcvenlik yaz\u0131l\u0131mlar\u0131 y\u00fckleyin.<\/p>\n","protected":false},"excerpt":{"rendered":"

SMS’lerle ilgili yap\u0131lan yeni bir ara\u015ft\u0131rma, SMS ile g\u00f6nderilen giri\u015f linkleri ve tek kullan\u0131ml\u0131k kodlar \u00fczerinden yap\u0131lan kullan\u0131c\u0131 do\u011frulamas\u0131n\u0131n milyonlarca ki\u015finin ferd\u00ee bilgilerini \u00f6nemli formda risk alt\u0131na soktu\u011funu ortaya koydu.<\/p>\n","protected":false},"author":1,"featured_media":93481,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[24],"tags":[644,1682,799,9962,6748],"class_list":["post-93480","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ekonomi","tag-bilgi","tag-giris","tag-hizmet","tag-link","tag-sms"],"_links":{"self":[{"href":"https:\/\/ikimisli.tr\/index.php\/wp-json\/wp\/v2\/posts\/93480","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ikimisli.tr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ikimisli.tr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ikimisli.tr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ikimisli.tr\/index.php\/wp-json\/wp\/v2\/comments?post=93480"}],"version-history":[{"count":1,"href":"https:\/\/ikimisli.tr\/index.php\/wp-json\/wp\/v2\/posts\/93480\/revisions"}],"predecessor-version":[{"id":93482,"href":"https:\/\/ikimisli.tr\/index.php\/wp-json\/wp\/v2\/posts\/93480\/revisions\/93482"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ikimisli.tr\/index.php\/wp-json\/wp\/v2\/media\/93481"}],"wp:attachment":[{"href":"https:\/\/ikimisli.tr\/index.php\/wp-json\/wp\/v2\/media?parent=93480"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ikimisli.tr\/index.php\/wp-json\/wp\/v2\/categories?post=93480"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ikimisli.tr\/index.php\/wp-json\/wp\/v2\/tags?post=93480"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}