scanned the QR code and was fraudulently used for identity loans, hidden Trojan horses in charging treasures, and fingerprints leaked from scissors... The first domestic network security drama " Are you safe ?" "Hot movie, learn information security skills together.
wrote/reporter Zhao Tianyu Graphic editor/Chen Yongjie
▲ "Are you safe? "Poster (image source/Douban)
is an inconspicuous power bank that hides an ultra-small computer. As long as it is connected to a mobile phone, it can steal all information, including personal data, photos, videos and other information in the mobile phone... This It's the hit suspense drama "Are You Safe? "The plot, but it is also a bridge that actually happens in life: Taking Internet information security as the starting point, the first domestic work with network security as the theme "Are You Safe?" ” is currently in theaters, focusing on social hotspots and people’s livelihood topics such as marriage, education, pensions, and the workplace, popularizing network security knowledge and incorporating suspense and comedy elements, making people happy.
The Internet is closely related to users' lives, technology services are connected to user data, and personal data collection and application are more extensive. The "double-edged sword" brings more intelligent and convenient technological innovation, and also brings new propositions for user privacy protection. In terms of personal information protection, how can the general public "do something" and "do not do something"?
Beware of third-party software and timely system updates
In the Internet age, despite the increased risk of privacy and personal information leakage, good personal habits are always the first and last line of defense for security. However, many ordinary people's performance in this regard is not satisfactory, and even "low-level mistakes" have occurred, giving criminals an opportunity to take advantage.
China Internet Network Information Center "50th Statistical Report on Internet Development in China" shows that as of June 2022, 21.8% of netizens have experienced personal information leakage.
Many viruses and Trojan programs are hidden in third-party software and programs, and are induced to download through an attractive link or copy. After downloading, various information in the user's mobile phone can be easily read, which brings direct harm to the user such as monetary loss and mobile phone damage.
"Are you safe? "Aunt Ding, who received free eggs by scanning the code, leaked personal information, and was fraudulently used by bad guys for identity loans. Although the film and television works did not explain how the bad guys obtained the information, it is not difficult to speculate from the behavior of scanning the code, which is inseparable from the illegal app.
At present, most of the mobile phones produced by regular mobile phone manufacturers have been deeply optimized and customized for the native system, and the programs downloaded from the application store can be guaranteed to be safe. Avoiding downloading software from third-party platforms is the most effective way to prevent Trojan poisoning.
▲ "Are you safe? "Auntie Ding was deceived 200,000 yuan due to the leakage of personal information by scanning the eggs. (Photo source / Douban)
In the mobile Internet era, the mobile phone system or application store will be upgraded once every ten days to half a month. The purpose is It is to continuously optimize and check for gaps. The more loopholes mobile phones or smart devices have, the greater the possibility of being attacked. For the public, it is also necessary to develop the habit of regularly upgrading (mobile phone) software versions, and turn on the automatic update switch, which can basically be done at night.
Real Cases
According to the 3.15 party report, 315 Information Security Lab conducted a special test on a children's smartwatch with an astonishing sales record of 100,000+ on some shopping platforms. After the tester sends a malicious QR code pretending to be a lottery game to the watch, after the child scans the code through the watch, the malicious program can easily enter the watch and realize remote control of the watch. , collect location information, monitor call records, peep video and other operations.
Be wary of public equipment Stay away from phishing WiFi
With the advancement of technology, public equipment has become one of the new ways for criminals to commit information crimes: "Are you safe? "In the first episode, a handsome guy ran out of battery in a lively KTV, so he found a beautiful woman with a power bank beside him to charge it. Unexpectedly, chargingA chip is installed in the electric treasure, and all the information in the mobile phone is automatically copied and transmitted to the other end of the network through the wireless network. In the end, the criminal gang was caught by cybersecurity expert Qin Huai.
▲ "Are you safe? "In the first episode, personal information was stolen by criminals because of borrowing a stranger's power bank in KTV (Photo source / Douban.com)
Today, there are many good and bad power banks on the market, and specially modified power banks are replenishing the power of mobile phones. At the same time, it will also read and copy photos, videos and bank account information in the mobile phone without knowing it, and even monitor and locate. Public WiFi is also in danger. Most of these types of fishing WiFi appear in public places such as hotels and shopping malls. They will automatically install applications on mobile phones, collect a large amount of user information in the background, and even start running automatically, enter online banking, Alipay and other secret systems cause asset loss.
is vigilant against smart devices in public places, and not connecting to public WiFi other than homes and offices is an effective way to effectively prevent such risks.
Real Case
After Mr. Zhang, a citizen of Nanjing, Jiangsu, used WiFi in a public place, his computer was hacked. With the U shield, , and bank card in place, more than 60,000 yuan in his online banking was stolen within two days69 time, only 500 yuan left. Moreover, his mobile phone was manipulated by hackers, and the function of receiving consumption reminder text messages was also blocked, so he did not receive any text message reminders at all for the 69 transactions that occurred, and all the money was transferred without knowing it.
closes redundant permissions to eliminate bad websites
With the development of mobile apps, the software functions are increasingly enriched, and it has more and more powerful permissions to collect data. These permissions include, but are not limited to, use of the microphone, camera, location services, phone permissions, recording functions, etc.
But in real life, many applications are too "smart" and require many permissions beyond the scope of the software itself, which brings many unknown security risks. As the owner of the mobile phone and the user of the application program, reasonable allocation of software permissions and system settings are important means to protect the security of personal information.
For example, turning off the software's personalized recommendation, personalized advertising and user experience improvement plan can avoid data collection without knowing it; another example is turning off the software's microphone and camera permissions. If the user agrees, they can turn on the microphone and camera, collect recordings or images, and even illegally collect big data information such as personal preferences and shopping needs. .
In addition to mobile apps, browsers and bad web pages are also easily manipulated, such as "Are you safe?" "In the tenth episode, Ding Ding registered a phishing website and other people's videos. As a result, the money in his card was not only transferred, but even his mobile phone address book was taken away, and his own video was secretly filmed. .
▲ "Are you safe? "In the tenth episode, Ding Ding registered phishing websites and other people's videos, and personal information was leaked (picture source / Douban.com)
In bad and illegal websites, there are often pages with viruses, they will attack the browser, if it is a mobile phone browsing It is also easy to lead to mobile phone poisoning, causing the user's mobile phone to freeze, shut down, delete data, send spam, etc., and even steal personal information and property.
real case
A domestic enterprise and its affiliates listed on the new third board have put their self-written malicious programs on the operator's internal server since 2014. When the user's traffic passes through the operator's server, the program will Automatically collect key data such as user cookie (cookie is a user's information cache when browsing web pages. Generally used to save user account, password and other login information, including web browsing records), access records and other key data, and then export all data through malicious programs , stored on multiple servers at home and abroad, thusRealize the stealing of user privacy data from the operator.
Scan or click to participate in the answer
Improve personal information prevention skills
Expert opinions
Strictly control information abuse and strengthen technical supervision
With the popularization of information technologies such as the Internet and big data, personal information leakage and public privacy violations make public life more disturbing , personal information may have been leaked unknowingly, and is becoming a new "hotbed" for breeding crimes. How to protect citizens' personal information? Experts in the industry make such a suggestion: Li Changlong, director of the laboratory of
Beijing Zhonghaiyi Judicial Appraisal Institute and a mobile phone data expert, believes that installing firewall software, setting up proxy servers, regularly updating anti-virus components, and developing data backup habits are to prevent hackers The most basic way to attack and leak personal information online.
Professor of Beijing Normal University Law School, Director of Asia-Pacific Network Legal Research Center Liu Deliang analyzed that the introduction of " Civil Code " and " Personal Information Protection Law " has played a role in promoting personal information protection, but there are also The phenomenon that the subject of personal information is unclear and the data is anonymized is the focus of attention in the era of big data.
He called for a clear distinction between "information use" and "information abuse". The use of information for reasonable purposes can help reduce transaction costs and promote economic and social development. The real harm is information abuse. Starting from the basic principles of normative purpose and scope of application, carefully sorting out the relationship between these rights and their legal rules will help to better protect the security of personal information.
Yuan Deyu, a professor at the School of Police Information Engineering and Network Security at the Chinese People's Public Security University, believes that financial information has a relatively high value density, so this field has always been the hardest hit area for personal information leakage. Hackers use the financial loopholes of financial apps or the loopholes of website platforms to steal citizens' personal information, not only in banking, insurance and other financial industries, but also in the accounting industry, communities, motor vehicle registration and hotel check-in.
"We must cooperate to crack down and govern each other in terms of relevant laws and regulations, sales market transactions, technology, and business management." Yuan Deyu said.
Zuo Xiaodong, vice president of the China Information Security Research Institute, suggested that the security of personal information should be strengthened through technical means. For example, when establishing an information system or developing, utilizing and sharing data, a firewall mechanism should be embedded to assess the impact of personal information security, and to assess the impact of personal information on personal information. Carry out classified and hierarchical management, establish and standardize the limit and trace system of system inspection, encrypt and store personal sensitive information, and unify the management of electronic identity authentication terminals, etc.
Produced by: Popular Science Central Kitchen
Produced by: Beijing Science and Technology News | Beike Media
-
-
-
-
-
-
-
-
-
-