Aikace-aikacen Android suna leƙo asirinka - kuma babu wata hanya mai sauƙi don dakatar da su.
Matsalolin tsaro na Android ba sa buƙatar gabatarwa, amma wata barazanar da ba ta sami kaso mai kyau na wayar da kan jama'a ba tana da alaƙa da kayan leƙen asiri da aikace-aikacen stalkerware. Ana iya shigar da waɗannan ƙa'idodin a asirce akan wayar wanda aka azabtar don saka idanu akan ayyukansu kuma ana iya amfani da su don musgunawa waɗanda rikicin cikin gida ya shafa da shiga cikin saƙon kan layi. Duk abin da wani ke buƙata shine shiga ta zahiri zuwa wayar wanda aka azabtar don shigar da waɗannan ƙa'idodin, wanda ba shi da wahala sosai a cikin lamuran tashin hankali na gida.
Kira shi sigar tallafin app na farauta AirTag , amma akan steroids, saboda waɗannan aikace-aikacen kayan leken asiri na iya satar komai ciki har da saƙonni, rajistan ayyukan kira, imel, hotuna, da bidiyo. Wasu kuma na iya kunna makirufo da kamara, kuma su aika da waɗannan rikodin a asirce zuwa uwar garken nesa inda mai cin zarafi zai iya shiga. Tunda manufofin Google Play ba sa ƙyale ƙa'idodin saɓo, waɗannan ƙa'idodin ana siyar da su ta gidajen yanar gizo na ɓangare na uku kuma kuna buƙatar ɗaukar su gefe.
Kamar yadda yake mai tsanani, lamarin ya kara yin muni saboda rashin hanyoyin kariya a wayoyin Android , musamman ga mutanen da ba su da fasaha na musamman. Ya yi kokarin bincike na Haɗin gwiwa na, wanda Alex Liu na Jami'ar California, San Diego, ya jagoranta, ya yi nazarin ƙa'idodin stalkerware guda 14 da ake samu daga gidajen yanar gizo na ɓangare na uku - kuma na same su cike da wasu yuwuwar rashin kwanciyar hankali.
Lalacewar da ba a taɓa ganin irin ta ba
Dangane da iyawarsu na asali, waɗannan ƙa'idodin suna da damar yin amfani da shigarwar kalanda, rajistan ayyukan kira, shigarwar allo, lambobin sadarwa, bayanan da aka ja daga wasu manhajojin da aka sanya akan wayar wanda aka azabtar, bayanan wurin, bayanan cibiyar sadarwa, bayanan waya, saƙonni, da fayilolin mai jarida.
Yawancin waɗannan manhajoji kuma sun sami damar shiga ciyarwar kamara a asirce da makirufo don ɗaukar multimedia, ɗaukar hotunan kariyar kwamfuta ta hanyar umarni mai nisa har ma da samun damar bayanai masu kariya. Amma wannan ba shine inda labarin tsoro ya ƙare ba.
Goma sha ɗaya daga cikin manhajojin da aka yi nazari sun yi ƙoƙarin ɓoye tsarin cirewa, yayin da kowanne daga cikin manhajojin leƙen asiri ya zo da tauri tare da aikin “hardcore” wanda ya ba su damar farawa kai tsaye bayan an sake yin reboot ko kuma bayan an share memory ta hanyar tsarin Android. Waɗannan ƙa'idodin an san su don kashe maɓallan Tsayawa Tsayawa da Cire maɓallan a wasu lokuta.
Mutum zai yi tunanin cewa duba da sauri ga na'urar ƙaddamar da app ɗin zai faɗakar da wanda aka azabtar game da duk wani aikace-aikacen da aka sanya a cikin wayoyin su. Amma wannan gata ba ta samuwa ga waɗanda ke fama da waɗannan ƙa'idodin kayan leken asiri, waɗanda za su iya kashe ko'ina daga $30 zuwa $100 tare da tsarin biyan kuɗi.
Boye, magudi da aiki na tsarin
Liu, shugaban marubucin jaridar, ya gaya wa Digital Trends a cikin wata hira cewa yawancin waɗannan apps suna ƙoƙarin ɓoye ko amfani da sunaye da gumaka "marasa laifi" don guje wa zato. Misali, 11 daga cikin manhajojin leken asiri guda 14 sun yi kokarin boyewa a bayyane a karkashin fakewar manhajoji masu suna kamar “Wi-Fi,” “Sabis na Intanet,” da “SyncServices,” cikakke tare da amintattun alamomin tsarin don taimakawa wajen guje wa duk wani zato.
Tunda waɗannan ayyuka ne masu mahimmanci ga wayar, masu amfani da yawa ba za su so su yi hulɗa da su ba saboda tsoron cewa za ta karya tsarin da ke cikin wayoyin su. Amma akwai ƙarin abubuwan barazanar anan. "Mun kuma ga shari'o'in da suka ci gaba inda waɗannan ƙa'idodin ke iya ɓoyewa a kan allon app ko ƙaddamar da app," in ji Liu.
Wasu daga cikin waɗannan ƙa'idodin sun yi ƙoƙarin ɓoye alamar app bayan an shigar da su ta yadda wanda aka azabtar ba zai taɓa tunanin cewa software na saka idanu tana aiki a wayar su ba. Bugu da ƙari, yawancin waɗannan ƙa'idodin, duk da cewa suna gudana a bango da kuma cin zarafin tsarin izini na Android, ba sa nunawa a allon aikace-aikacen kwanan nan.
"Idan baka gani ba, ta yaya za ka san shi?"
Digital Trends ya tambayi Liu ko waɗannan ƙa'idodin kayan leken asiri waɗanda ke gudana a asirce a bango, tattara bayanan sirri, na iya nunawa a cikin abubuwan da ake kira masu tsabta waɗanda ke ba masu amfani shawarar cire kayan aikin da ba su yi amfani da su ba. Liu, wanda zai gabatar da sakamakon binciken a wani taro da za a yi a Zurich a wannan bazarar, ya ce tawagar ba ta binciki yiwuwar hakan ba.
Duk da haka, akwai ƙananan damar cewa waɗannan ƙa'idodin tsaftacewa na ajiya za su yi alama apps na kayan leken asiri a matsayin mai yawa saboda waɗannan ƙa'idodin koyaushe suna gudana a bango kuma ba za a yi musu alama a matsayin marasa aiki ba. Amma hazakar da wasu daga cikin waɗannan ƙa'idodin ke amfani da su shine kayan mafarkin sirri na sirri.
Sneaky, mai haɗari, kuma mai saurin zubewa
Lokacin da ka ƙaddamar da kyamara a kowace app, za ka ga samfoti na abin da ke gaban kyamarar. Wasu daga cikin waɗannan ƙa'idodin suna rage girman samfoti zuwa pixels 1 x 1 ko ma yin samfoti a sarari, yana sa ba zai yiwu a gano idan app ɗin yana yin rikodin bidiyo ko aika ra'ayi kai tsaye zuwa sabar mai nisa ba.
Wasu daga cikin waɗannan ba sa nuna samfoti, ɗaukar bidiyon kai tsaye kuma suna watsa shi a asirce. Ɗaya daga cikin irin wannan app, wanda ake kira Spy24, yana amfani da tsarin bincike na sirri don watsa cikakkun hotunan kyamara. Kiran waya da rikodin sauti kuma abu ne na gama gari tsakanin waɗannan ƙa'idodin.
An kuma gano ƙa'idodin stalkerware da aka yi nazari suna cin zarafin saitunan isa ga Android. Misali, masu amfani da nakasar gani ko ji suna tambayar wayar ta karanta abinda ke cikin allon. Rashin lahani yana ba wa waɗannan ƙa'idodin damar karanta abun ciki daga wasu ƙa'idodin da ke gudana akan allo, fitar da bayanai daga sanarwa, har ma da ketare abin faɗakar da karɓar karɓa.
Aikace-aikacen kayan leƙen asiri suna ƙara cin zarafin tsarin shiga maɓalli, wanda hanya ce ta gama gari don satar bayanai masu mahimmanci kamar shaidar shiga don walat da tsarin banki. Wasu daga cikin manhajojin da aka yi nazari sun dogara da tsarin SMS, wanda ya haɗa da mugun jarumin ya aika SMS don kunna wasu ayyuka.
Amma a wasu lokuta, ko da SMS kunnawa ba a buƙatar yin aikin. Ɗaya daga cikin app (wanda ake kira Spapp) yana iya goge duk bayanan da ke cikin wayar wanda aka azabtar ta amfani da SMS kawai. Mai hacker na iya yin wasiku tare da haɗakar lambobin wucewa daban-daban don yin hakan, koda ba tare da sanin maharin ba, wanda ke ƙara haɗarin haɗari.
Yayin da aikace-aikacen kayan leƙen asiri da ke samuwa a shirye suke suna da haɗari da kansu, wani ɓangaren damuwa shine rashin tsaro na su idan ya zo ga adana bayanan sirri na sata. Ƙungiya mai lafiya na waɗannan ƙa'idodin sun watsa bayanai akan hanyoyin haɗin HTTP marasa rufaffen, ma'ana mugun ɗan wasan kwaikwayo zai iya saurara akan hanyar sadarwar Wi-Fi ɗin ku kuma ya sami damar shiga duka.
Shida daga cikin manhajojin sun adana duk kafofin watsa labarai da aka sace a cikin URLs na jama'a, tare da bazuwar lambobi da aka sanya su zuwa fakitin bayanai. Mai satar bayanai na iya yin wasa da waɗannan lambobin bazuwar don satar bayanan da ke da alaƙa da ba asusu ɗaya kawai ba, amma asusu da yawa da aka bazu a cikin na'urori daban-daban don leken asirin waɗanda abin ya shafa. A wasu lokuta, sabar aikace-aikacen spyware na ci gaba da tattara bayanai ko da bayan lasisin biyan kuɗi ya ƙare.
Me za ku iya yi?
Don haka, ta yaya mai amfani zai iya wayar salula Na al'ada don guje wa zama wanda aka azabtar da waɗannan aikace-aikacen kayan leken asiri na gaba? Liu ya ce hakan na bukatar daukar mataki domin Android ba ta da wani tsari mai sarrafa kansa da zai fadakar da kai game da manhajojin leken asiri. Liu ya jaddada cewa "babu wata tabbatacciyar hanya don sanin ko wani abu ya same ku."
Koyaya, zaku iya neman wasu alamu. "Waɗannan ƙa'idodin suna ci gaba da gudana a bango, don haka za ku ci karo da amfani da batir mai yawa," in ji Liu. "Haka ka san wani abu na iya faruwa ba daidai ba." Har ila yau Liu yana haskaka tsarin faɗakarwar firikwensin Android, wanda a yanzu yana nuna alamar a saman lokacin da na'urar ke amfani da kyamara ko makirufo.
Liu, wanda ke da Ph.D. Wani dalibi a sashen kimiyyar na’ura mai kwakwalwa ta jami’ar, ya ce idan amfani da bayanan wayar salula ya yi yawa kwatsam, hakan ma alama ce da ke nuna cewa wani abu ba daidai ba ne domin wadannan manhajoji na spyware kullum suna aikewa da manya-manyan fakitin bayanai da suka hada da fayilolin mai jarida, rajistan ayyukan imel da dai sauransu. . uwar garken nesa.
Wata hanyar da ba ta da hankali don nemo waɗannan ƙa'idodin da ake tuhuma, musamman waɗanda ke ɓoye daga ƙaddamar da app, ita ce bincika jerin duk apps ɗin da aka sanya akan wayarka daga cikin Settings app. Idan kun ga wasu ƙa'idodin da suka yi kama da tuhuma, yana da ma'ana don kawar da su. "Dole ne ku sake duba kowane aikace-aikacen kuma ku ga ko kun gane da shi. Wannan ita ce mafita ta ƙarshe saboda babu wani app da zai iya ɓoye a wurin, ”in ji Liu.
A ƙarshe, kuna kuma da dashboard ɗin sirri, wanda shine An gabatar da fasalin a cikin Android 12 , wanda ke ba ku damar ganin duk izinin da aka ba kowane app. Ga masu amfani da sanin sirri, an shawarce su da su soke izini waɗanda suke tunanin bai kamata wani app ɗin ya samu ba tun farko. Ƙungiyar saituna mai sauri, wanda za'a iya shiga ta hanyar zazzage ƙasa daga saman gefen, yana bawa masu amfani damar musaki makirufo da samun damar kyamara idan kowane app yana amfani da waɗannan izini a bango.
"A ƙarshen rana, kuna buƙatar ƙwarewar fasaha," in ji Liu. Wannan ba shine yadda yanayin ya kamata ya kasance ga ɗaruruwan miliyoyin masu amfani da wayar Android ba. Liu da sauran tawagar da ke bayan takarda suna da jerin jagorori da shawarwari don Google don tabbatar da hakanAndroidYana ba da babbar kariya ga masu amfani daga waɗannan aikace-aikacen kayan leken asiri.
