{"id":129729,"date":"2026-03-16T05:00:11","date_gmt":"2026-03-16T05:00:11","guid":{"rendered":"https:\/\/www.europesays.com\/lt\/129729\/"},"modified":"2026-03-16T05:00:11","modified_gmt":"2026-03-16T05:00:11","slug":"ketvirtadalis-android-irenginiu-buvo-pazeidziami-mediatek-lustu-klaida-kele-gresme-piniginems","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/lt\/129729\/","title":{"rendered":"Ketvirtadalis \u201eAndroid&#8221; \u012frengini\u0173 buvo pa\u017eeid\u017eiami: \u201eMediaTek&#8221; lust\u0173 klaida k\u0117l\u0117 gr\u0117sm\u0119 pinigin\u0117ms"},"content":{"rendered":"<p>Mobili\u0173j\u0173 telefon\u0173 lust\u0173 gamintoja \u201eMediaTek\u201c saus\u012f i\u0161tais\u0117 pa\u017eeid\u017eiamum\u0105, kuris paveik\u0117 jos mikroschemas ir gal\u0117jo leisti u\u017epuolikui pavogti kriptovaliut\u0173 atk\u016brimo frazes (seed phrases) pa\u017eeistuose \u012frenginiuose. Tam, pasak tyr\u0117j\u0173, b\u016bt\u0173 pakak\u0119 USB laido ir tinkamos programin\u0117s \u012frangos.<\/p>\n<p>Sprag\u0105 aptiko \u201eLedger\u201c balt\u0173j\u0173 skryb\u0117li\u0173 saugumo komanda \u201eDonjon\u201c. Apie pa\u017eeid\u017eiamum\u0105 \u201eMediaTek\u201c buvo informuota dar iki pataisos i\u0161leidimo \u2013 ji buvo pateikta sausio 5 dien\u0105. \u201eLedger\u201c pabr\u0117\u017e\u0117, kad vartotojams, kurie dar ne\u012fsidieg\u0117 naujausi\u0173 saugumo atnaujinim\u0173, rekomenduojama tai padaryti kuo grei\u010diau.<\/p>\n<p>Bandomasis \u012frenginys pa\u017eeistas per 45 sekundes<\/p>\n<p>Anot \u201eLedger\u201c, spragos i\u0161takos buvo \u201eMediaTek\u201c saugaus paleidimo (secure boot) grandin\u0117je \u2013 tai mikroschemose \u012fdiegta apsaugos priemon\u0117, skirta u\u017etikrinti, kad telefonas b\u016bt\u0173 paleid\u017eiamas saugiai ir starto metu naudot\u0173 tik autorizuot\u0105 programin\u0119 \u012frang\u0105.<\/p>\n<p>\u201eLedger\u201c teigimu, \u0161is tr\u016bkumas rei\u0161k\u0117, kad u\u017epuolikas, turintis fizin\u0119 prieig\u0105 prie \u201eAndroid\u201c telefono, gal\u0117t\u0173 prijungti \u012frengin\u012f prie kompiuterio per USB, apeiti dal\u012f apsaug\u0173 ir potencialiai pasiekti jautrius duomenis, \u012fskaitant kriptovaliut\u0173 pinigini\u0173 atk\u016brimo frazes.<\/p>\n<p>Pa\u017eymima, kad ma\u017edaug 25% \u201eAndroid\u201c telefon\u0173 naudoja \u201eTrustonic\u201c patikimos vykdymo aplinkos (TEE) sprendim\u0105 ir \u201eMediaTek\u201c procesorius \u2013 b\u016btent tok\u012f derin\u012f i\u0161naudoja aptikta spraga.<\/p>\n<p>\u201eDonjon\u201c pademonstravo atak\u0105, prie ne\u0161iojamojo kompiuterio prijung\u0119 \u201eNothing\u201c gamintojo \u201eCMF Phone 1\u201c ir pa\u017eeid\u0119 \u012frenginio saugum\u0105 ma\u017edaug per 45 sekundes.\n                    <\/p>\n<p>\u201eNet nepaleidus \u201eAndroid\u201c, i\u0161naudojimo scenarijus automati\u0161kai atk\u016br\u0117 telefono PIN kod\u0105, i\u0161\u0161ifravo saugykl\u0105 ir i\u0161trauk\u0117 atk\u016brimo frazes i\u0161 populiariausi\u0173 programini\u0173 pinigini\u0173: \u201eTrust Wallet\u201c, \u201eBase\u201c, \u201eKraken Wallet\u201c, \u201eRabby\u201c, \u201eTangem\u201c mobiliosios pinigin\u0117s ir \u201ePhantom\u201c,\u201c \u2013 teig\u0117 \u201eLedger\u201c.<\/p>\n<p>Nors bendrov\u0117 ragino vartotojus atnaujinti \u012frenginius, \u201eLedger\u201c atstovas nurod\u0117, kad \u201enesitiki, jog tai bus ilgalaik\u0117 problema\u201c.<\/p>\n<p>\u201eLedger\u201c: mobilieji telefonai niekada n\u0117ra visi\u0161kai saug\u016bs<\/p>\n<p>2025 m. prad\u017eioje beveik 36 mln. \u017emoni\u0173 skaitmenin\u012f turt\u0105 vald\u0117 telefonu, tod\u0117l net vienas pa\u017eeid\u017eiamumas gali sukelti reik\u0161ming\u0105 rizik\u0105 didelei pinigini\u0173 daliai.<\/p>\n<p>\u201eLedger\u201c taip pat primin\u0117, kad 2025 m. gruod\u012f testavo atak\u0105 prie\u0161 \u201eMediaTek\u201c \u201eDimensity 7300\u201c (MT6878) ir teig\u0117 apein\u0119 saugumo priemones taip, jog buvo \u012fgyta \u201evisi\u0161ka ir absoliuti i\u0161maniojo telefono kontrol\u0117, nelikus n\u0117 vieno veikian\u010dio saugumo barjero\u201c.<\/p>\n<p>\u201eLedger\u201c technologij\u0173 vadovas Charles\u2019as Guillemet dar 2020 m. bir\u017eel\u012f yra sak\u0119s, kad mobiliuosiuose telefonuose \u2013 nesvarbu, ar tai \u201eAndroid\u201c, ar \u201eiPhone\u201c \u2013 \u201elabai sud\u0117tinga tur\u0117ti saugias programas\u201c.\n                    <\/p>\n<p>\u201eI\u0161manieji telefonai n\u0117ra sukurti saugumui. Net i\u0161jungus \u012frengin\u012f, naudotojo duomenis \u2013 \u012fskaitant PIN kodus ir atk\u016brimo frazes \u2013 galima i\u0161traukti grei\u010diau nei per minut\u0119\u201c, \u2013 ra\u0161\u0117 Charles\u2019as Guillemet.<\/p>\n<p>Jis taip pat pabr\u0117\u017e\u0117 esmin\u012f architekt\u016brin\u012f skirtum\u0105: bendros paskirties lustai kuriami patogumui, o saugieji elementai (Secure Elements) \u2013 rakt\u0173 apsaugai. Pasak jo, dedikuotas saugusis elementas izoliuoja paslaptis nuo likusios sistemos ir apsaugo jas net fizin\u0117s atakos atveju.\n<\/p>\n<p>\n\t\t\t\tKaip vertinate \u0161\u012f \u012fra\u0161\u0105?\n\t\t\t<\/p>\n","protected":false},"excerpt":{"rendered":"Mobili\u0173j\u0173 telefon\u0173 lust\u0173 gamintoja \u201eMediaTek\u201c saus\u012f i\u0161tais\u0117 pa\u017eeid\u017eiamum\u0105, kuris paveik\u0117 jos mikroschemas ir gal\u0117jo leisti u\u017epuolikui pavogti kriptovaliut\u0173&hellip;\n","protected":false},"author":2,"featured_media":129730,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[15860,81,3177,1614,23314,37,39,36,38,40,23315,23316,22678,46],"class_list":{"0":"post-129729","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-verslas","8":"tag-bitcoin","9":"tag-business","10":"tag-kibernetinis-saugumas","11":"tag-kriptovaliutos","12":"tag-kriptovaliutu-pinigines","13":"tag-lietuva","14":"tag-lietuviu","15":"tag-lithuania","16":"tag-lithuanian","17":"tag-lt","18":"tag-mobiliuju-lustai","19":"tag-programiniai-pazeidziamumai","20":"tag-skaitmeninis-turtas","21":"tag-verslas"},"share_on_mastodon":{"url":"https:\/\/pubeurope.com\/@lt\/116237095564229992","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/lt\/wp-json\/wp\/v2\/posts\/129729","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/lt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/lt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/lt\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/lt\/wp-json\/wp\/v2\/comments?post=129729"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/lt\/wp-json\/wp\/v2\/posts\/129729\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/lt\/wp-json\/wp\/v2\/media\/129730"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/lt\/wp-json\/wp\/v2\/media?parent=129729"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/lt\/wp-json\/wp\/v2\/categories?post=129729"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/lt\/wp-json\/wp\/v2\/tags?post=129729"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}