G\u00fcvenlik uzmanlar\u0131, MediaTek i\u015flemcili Android telefonlarda cihaz kapal\u0131 olsa bile kullan\u0131c\u0131lar\u0131n hassas verilerinin ele ge\u00e7irilmesine imkan tan\u0131yan ciddi bir g\u00fcvenlik a\u00e7\u0131\u011f\u0131 tespit etti. Kripto donan\u0131m c\u00fczdan\u0131 firmas\u0131 Ledger\u2019in Donjon adl\u0131 donan\u0131m g\u00fcvenlik ekibi taraf\u0131ndan ke\u015ffedilen bu a\u00e7\u0131k, Trustonic\u2019in G\u00fcvenilir Y\u00fcr\u00fctme Ortam\u0131 (TEE) teknolojisini kullanan milyonlarca cihaz\u0131 etkileyebilir.<\/p>\n\n\n\n
CMF Phone 1, Saniyeler \u0130\u00e7inde Hacklendi: MediaTek A\u00e7\u0131\u011f\u0131 G\u00f6sterildi<\/strong><\/p>\n\n\n\n Ledger\u2019in CTO\u2019su Charles Guillemet, g\u00fcvenlik ekibinin bu a\u00e7\u0131\u011f\u0131 g\u00f6stermek i\u00e7in Nothing\u2019in CMF Phone 1 modelini kulland\u0131\u011f\u0131n\u0131 a\u00e7\u0131klad\u0131. Ekip, telefonun korumal\u0131 verilerine bir dakikadan k\u0131sa s\u00fcrede eri\u015fmeyi ba\u015fard\u0131. Cihaz\u0131 bir diz\u00fcst\u00fc bilgisayara ba\u011flayan ara\u015ft\u0131rmac\u0131lar, yaln\u0131zca 45 saniye i\u00e7inde telefonun temel g\u00fcvenlik \u00f6nlemlerini devre d\u0131\u015f\u0131 b\u0131rakt\u0131.<\/p>\n\n\n\n Ara\u015ft\u0131rmac\u0131lar, bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n Android i\u015fletim sistemi ba\u015flat\u0131lmadan da \u00e7al\u0131\u015fabildi\u011fini belirtiyor. Telefon bilgisayara ba\u011fland\u0131\u011f\u0131 anda sald\u0131r\u0131 otomatik olarak devreye giriyor. B\u00f6ylece cihaz\u0131n PIN kodu ele ge\u00e7irilebiliyor, depolama \u015fifresi k\u0131r\u0131labiliyor ve pop\u00fcler kripto c\u00fczdanlar\u0131n\u0131n \u015fifre kurtarma anahtarlar\u0131 (seed phrase) d\u0131\u015far\u0131 aktar\u0131labiliyor.<\/p>\n\n\n\n CVE-2026-20435 koduyla kaydedilen bu g\u00fcvenlik a\u00e7\u0131\u011f\u0131, kamuya a\u00e7\u0131klanmadan \u00f6nce MediaTek\u2019e iletildi. \u015eirket, 5 Ocak 2026 itibar\u0131yla cihaz \u00fcreticilerine gerekli yamalar\u0131 sa\u011flad\u0131\u011f\u0131n\u0131 ve bu g\u00fcncellemelerin telefon \u00fcreticileri taraf\u0131ndan yay\u0131nlanmaya ba\u015flad\u0131\u011f\u0131n\u0131 do\u011frulad\u0131. MediaTek\u2019in mart ay\u0131 g\u00fcvenlik b\u00fcltenine g\u00f6re, etkilenen i\u015flemciler OPPO, vivo, OnePlus ve Samsung gibi markalar\u0131n giri\u015f seviyesinden amiral gemisi modellerine kadar geni\u015f bir yelpazeyi kaps\u0131yor.<\/p>\n\n\n\n
\u00c7o\u011fu MediaTek cihaz\u0131, hassas verileri korumak i\u00e7in ana i\u015flemci i\u00e7inde yer alan G\u00fcvenilir Y\u00fcr\u00fctme Ortam\u0131 (TEE) teknolojisine g\u00fcveniyor. Buna kar\u015f\u0131l\u0131k, Pixel, iPhone ve bir\u00e7ok Snapdragon cihaz\u0131, verileri ana i\u015flemciden tamamen ay\u0131rmak i\u00e7in Titan M2, Secure Enclave veya Qualcomm G\u00fcvenli \u0130\u015flem Birimi gibi \u00f6zel donan\u0131m g\u00fcvenlik \u00e7ipleri kullan\u0131yor. Guillemet, genel ama\u00e7l\u0131 \u00e7iplerin kullan\u0131m kolayl\u0131\u011f\u0131 i\u00e7in tasarland\u0131\u011f\u0131n\u0131, \u00f6zel g\u00fcvenlik \u00e7iplerinin ise fiziksel sald\u0131r\u0131lara kar\u015f\u0131 ekstra koruma sa\u011flad\u0131\u011f\u0131n\u0131 belirtiyor.<\/p>\n\n\n\n
Donjon ekibi, ge\u00e7en y\u0131l MediaTek Dimensity 7300 yonga setinde benzer g\u00fcvenlik a\u00e7\u0131klar\u0131 tespit etmi\u015fti; ancak MediaTek, bu sald\u0131r\u0131lar\u0131n \u00e7ipin tasarlanan tehdit modelinin d\u0131\u015f\u0131nda oldu\u011funu \u00f6ne s\u00fcrm\u00fc\u015ft\u00fc. \u015eu an i\u00e7in, yeni g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n k\u00f6t\u00fc niyetli ki\u015filer taraf\u0131ndan kullan\u0131l\u0131p kullan\u0131lmad\u0131\u011f\u0131 hen\u00fcz bilinmiyor.<\/p>\n\n\n\n