Studiuesit n\u00eb firm\u00ebn e siguris\u00eb kibernetike Eclypsium kan\u00eb zbuluar nj\u00eb mekaniz\u00ebm t\u00eb fsheht\u00eb firmware-i t\u00eb instaluar nga prodhuesi tajvanez i pajisjeve kompjuterike Gigabyte, mekaniz\u00ebm i cili mund t\u00eb sjell\u00eb goditje t\u00eb sistemeve nga hakerat.<\/p>\n\n\n\n
Gigabyte, nj\u00eb kompani e rend\u00ebsishme n\u00eb tregun e pajisjeve kompjuterike, e instalon k\u00ebt\u00eb firmware n\u00eb miliona pajisje, t\u00eb cilat shiten n\u00eb t\u00eb gjith\u00eb bot\u00ebn. Ky firmware, i krijuar p\u00ebr t\u00eb p\u00ebrdit\u00ebsuar n\u00eb m\u00ebnyr\u00eb rutinore software-t e motherboard-it, paraqet rrezik p\u00ebr shkak t\u00eb masave t\u00eb pap\u00ebrshtatshme t\u00eb siguris\u00eb, paralajm\u00ebruan studiuesit.<\/p>\n\n\n\n
Studiuesit argumentuar se \u00e7do her\u00eb q\u00eb nj\u00eb sistem ndizet, firmware-i i motherboard-it aktivizon n\u00eb m\u00ebnyr\u00eb rutin\u00eb nj\u00eb program p\u00ebrdit\u00ebsues. Ky software m\u00eb pas vazhdon t\u00eb shkarkoj\u00eb dhe ekzekutoj\u00eb nj\u00eb pjes\u00eb shtes\u00eb t\u00eb kodit. Edhe pse n\u00eb dukje \u00ebsht\u00eb projektuar si nj\u00eb mjet p\u00ebr mir\u00ebmbajtjen e firmware-it t\u00eb p\u00ebrdit\u00ebsuar, infrastruktura e dob\u00ebt e siguris\u00eb s\u00eb software mund t’i lejoj\u00eb hakerat t\u00eb marrin kontrollin, dhe ta p\u00ebrdorin at\u00eb p\u00ebr t\u00eb instaluar n\u00eb m\u00ebnyr\u00eb t\u00eb fsheht\u00eb malware.<\/p>\n\n\n\n
John Loucaides, i cili drejton strategjin\u00eb dhe k\u00ebrkimin n\u00eb Eclypsium, tha: “Ideja p\u00ebr t\u00eb anashkaluar n\u00eb m\u00ebnyr\u00eb rutin\u00eb p\u00ebrdoruesin p\u00ebrfundimtar, dhe p\u00ebr t\u00eb pasur kontroll mbi pajisjet e tyre nuk u p\u00eblqen p\u00ebrdorues\u00ebve.”<\/p>\n\n\n\n
Firmware-i i Gigabyte ngre shqet\u00ebsime, jo vet\u00ebm sepse instalon kodin n\u00eb heshtje, por sepse \u00ebsht\u00eb i preksh\u00ebm ndaj shfryt\u00ebzimit. Mekanizmi i p\u00ebrdit\u00ebsimit nuk e instalon si\u00e7 duhet kodin q\u00eb shkarkon, ndonj\u00ebher\u00eb edhe duke p\u00ebrdorur nj\u00eb lidhje t\u00eb pasigurt HTTP, n\u00eb vend t\u00eb HTTPS. Kjo siguri e dob\u00ebt mund ta b\u00ebj\u00eb sistemin vulnerab\u00ebl ndaj sulmeve kibernetike.<\/p>\n\n\n\n
P\u00ebr m\u00eb tep\u00ebr, Eclypsium zbuloi se firmware-i mund t\u00eb konfigurohet p\u00ebr t’u shkarkuar nga nj\u00eb pajisje tjet\u00ebr, e bashkangjitur me rrjetin lokal (NAS), e destinuar q\u00eb bizneset t\u00eb administrojn\u00eb p\u00ebrdit\u00ebsimet pa u mb\u00ebshtetur n\u00eb aksesin n\u00eb internet. Megjithat\u00eb, kjo ve\u00e7ori, nga ana tjet\u00ebr, mund t\u00eb shfryt\u00ebzohet nga nj\u00eb haker n\u00eb t\u00eb nj\u00ebjtin rrjet p\u00ebr t\u00eb instaluar fshehurazi malware.<\/p>\n\n\n\n
N\u00eb p\u00ebrgjigje t\u00eb gjetjeve t\u00eb Eclypsium, Gigabyte ka njoftuar planet p\u00ebr t\u00eb adresuar k\u00ebto dob\u00ebsi, megjith\u00ebse kompania nuk i \u00ebsht\u00eb p\u00ebrgjigjur publikisht k\u00ebrkesave p\u00ebr koment. Pavar\u00ebsisht nga ky premtim, Loucaides shprehu skepticiz\u00ebm, duke paralajm\u00ebruar se p\u00ebrdit\u00ebsimet e firmware-it shpesh d\u00ebshtojn\u00eb n\u00eb pajisjet e p\u00ebrdoruesve, p\u00ebr shkak t\u00eb kompleksitetit t\u00eb tyre, dhe ky problem mund t\u00eb vazhdoj\u00eb n\u00eb pajisjet Gigabyte p\u00ebr vite me rradh\u00eb.<\/p>\n\n\n\n
Rich Smith, Drejtori i Siguris\u00eb n\u00eb kompanin\u00eb e siguris\u00eb kibernetike Crash Override, e krahasoi situat\u00ebn me skandalin e Sony rootkit t\u00eb mesit t\u00eb viteve 2000. Sony kishte vendosur kodin e menaxhimit t\u00eb t\u00eb drejtave digjitale n\u00eb CD, t\u00eb cilat haker\u00ebt m\u00eb von\u00eb i shfryt\u00ebzuan p\u00ebr t\u00eb vendosur malware. “Historia e Sony-t ka shum\u00eb ngjashm\u00ebri me at\u00eb t\u00eb Gigabyte, p\u00ebr shkak t\u00eb problematikave me produktet finale\u201d, vuri n\u00eb dukje ai. Nd\u00ebrsa Gigabyte ka t\u00eb ngjar\u00eb t\u00eb mos ket\u00eb q\u00ebllime keqdash\u00ebse me instalimin e firmware-it, mungesa e masave t\u00eb rrepta t\u00eb siguris\u00eb minon besimin e p\u00ebrdoruesve n\u00eb pajisjet e tyre, p\u00ebrfundoi Smith.<\/p>\n","protected":false},"excerpt":{"rendered":"
Studiuesit n\u00eb firm\u00ebn e siguris\u00eb kibernetike Eclypsium kan\u00eb zbuluar nj\u00eb mekaniz\u00ebm t\u00eb fsheht\u00eb firmware-i t\u00eb instaluar nga prodhuesi tajvanez i pajisjeve kompjuterike Gigabyte, mekaniz\u00ebm i cili mund t\u00eb sjell\u00eb goditje t\u00eb sistemeve nga hakerat. Gigabyte, nj\u00eb kompani e rend\u00ebsishme n\u00eb tregun e pajisjeve kompjuterike, e instalon k\u00ebt\u00eb firmware n\u00eb miliona pajisje, t\u00eb cilat shiten n\u00eb<\/p>\n","protected":false},"author":4,"featured_media":13591,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[38],"tags":[40],"class_list":{"0":"post-13590","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tech","8":"tag-featured"},"yoast_head":"\n