Telephone return visit hidden transactions, 315 party a number of exposure cases directly to personal information security

2022-07-16 0 By

In the absence of any prompt, unfamiliar apps were automatically downloaded to the tester’s phone. The trap of the “free WiFi” App was not only impossible to connect to, but also led to the exposure of privacy.Children’s watches seem to have intimate functions, with hidden security holes in the back;Browsing the web can reveal consumers’ mobile phone numbers, and there is a black industry behind the nuisance calls.Yesterday, CCTV 3·15 party, a number of exposure cases directly pointed to consumer personal information security.In the era of Internet of all things, the collection and use of all kinds of information at present, it is imperative to weave a personal information security protection network.CCTV 3·15 party, the security laboratory link exposed free WiFiApp trap.More than 20 apps were tested under the banner of “free WiFi” and found that not only could the free WiFi not be clicked on, but users were induced to click the “ok” button to be automatically installed with ads. Worse, some of the free WiFi apps collected location information from consumers’ phones 67,899 times in a single day.Free WiFiApp can not be casually, a careless privacy will be exposed.The testers first downloaded and installed the WiFi Cracking Wizard from the app store, where a list of WiFi resources was laid out.However, the tester clicked “Free connection” and the system said “cracking WiFi to get password”, but failed.After the WiFi resource is replaced, the words “Confirm” and “Connect” appear at the bottom. Click “Confirm”, but the connection still fails.The tester clicked on all the listed WiFi sources, but none of them worked.The WiFi was not connected, but two strange apps were quietly downloaded. The testers found that the strange apps were hidden in the pop-up window where the words “Confirm” or “open” had been clicked.It’s actually a disguised AD link, and once the user is induced to click on it without prompting, the app from the AD link is automatically installed on the phone.Engineers have tested more than 20 apps using the banner of free WiFi, but they have consistently failed to connect, as well as enticing users to download other apps.Further tests by engineers found that the free WiFi apps were also collecting massive amounts of user information in the background.An app called Radar WiFi collected location information from the test phone 67,899 times in a single day.”It can put your life track, whereabouts all together, can completely master your life rules, know your preferences, your occupation.””Said the engineer.After these puzzling apps are added to the phone, a large number of pop-up ads will appear, which seriously affects the normal use of the phone.A “Yue Bao WiFi assistant” “from the start” function, can be high frequency automatic start at any time.This means that even if a user closes the app in the background, it can be restarted in the background via a “self-launch” feature, constantly gathering user information and pushing pop-up ads.Kids’ smartwatches feature powerful hardware and intimate features such as real-time positioning, HIGH-DEFINITION dual-camera, face recognition and video calling.Children find it convenient and fun, and parents can keep track of their children’s whereabouts.CCTV reporters found that many children’s smartwatches with low edition are selling well on major e-commerce platforms.3·15 information security laboratory launched a special test.The tester bought a children’s smartwatch marked with a sales record of 100,000 + and gave it to a child to wear.A qr code for downloading a malicious program disguised as a lottery game was posted on a child’s doorstep.Kids are drawn to the backsweep experience, where malware can easily infiltrate their smartwatches.Engineers can easily control the watch remotely in the background.Every time a child draws a prize, the malware automatically packs up the table’s vital information, such as location, address book and call history, and sends it out in real time.After playing the lottery game, the child goes downstairs to play, and the engineer can still locate the child in real time, continuously collecting the child’s movement track, and easily delineate the child’s activity range.From the background, the tester could collect the location information of the child many times and infer that her home was actually very close to her school, about two or three hundred meters, which could be walked in five minutes.Even when they get home, the kids talk to their grandparents, and the engineers in different places know exactly what they’re talking about by calling the microphone in their watch.Why do children’s smartwatches, beloved and trusted by their parents, become voyeuristic eyes?The root cause, the testers found, was the aging operating system of the lower-rated children’s smartwatches.The test watch used Android 4.4, a nearly decade-old operating system with no permission management requirements, but the latest version has been updated to Android 12.In other words, The Android 4.4 operating system gives apps the same permissions as they apply for.The lower version of the children’s watch can be installed with various apps and take away sensitive permissions such as location, address book, microphone and camera without the user’s authorization.This means they can easily access private information such as a child’s location, face images and audio recordings.These manufacturers choose the low version of the operating system is to reduce the cost of consideration, but it ignores the user use of security, to consumers brought endless future problems.Engineers said that currently people attach great importance to mobile App supervision, from the technical principle, a lot of standards on mobile terminals are fully applicable to smart terminals.But attention is not enough, so that this kind of intelligent terminal in the protection of personal information has become a disaster area.Many consumers have experienced that they only browse certain websites on their mobile phones, leaving no phone number, but have received promotional calls from the relevant industry.Why are people making crank calls?How do they accurately capture consumer browsing behavior?The CCTV 3·15 party yesterday exposed this.The reporter visited rongying communication company, which is a company specializing in building a call system for some electric sales companies, to provide a call line company.Feng said many e-commerce companies are making harassing calls through their systems, which can hide the real calling number and prevent complaints.And the use of words to disguise, escape the laws and regulations can not call the customer harassment regulations.So some consumers will hear “Hello, I’m from xyz company.Recently, I contacted you about the previous product of xx.What are your thoughts and thoughts now?Do you want to know more about it?”With such circumvention technology, Rongying Telecom charges companies that make nuisance calls about 0.1 yuan per minute.A large number of harassing phone calls for Rongying communication has brought a rich call fee income, the pure call fee income is almost 100 million, about more than 20,000 customers.With the in-depth investigation, the reporter found that around the harassment phone this black industry, in addition to these specialized companies to provide external call system, there are people in the harassment phone to provide big data support.In Hangzhou with fishing information technology limited company, the reporter saw technician to log in to decorate a company, the outside call system background that opens through Hangzhou with fishing place, recorded above some decorate a company to dial the recording of marketing telephone to the user.Tang company general manager, these users are the recent use of mobile phone browsing some furniture, decoration website.Although the user does not leave a phone number, they can call the user directly through their system.How can the system call users who visit the site without leaving their mobile numbers?According to Tang, each mobile phone has a MAC number (mobile phone identification number), which can be matched to the phone.As long as the user browsed the website, the fishing company can through the system to the corresponding sales calls to the user.Companies that make nuisance calls use the data and charge fish companies 3 yuan per call.Now, the black industry of nuisance calls is heating up with accurate big data about users’ online behavior.Reporter investigation discovers, many companies are engaged in similar business.The reporter also learned that, in addition to the use of encrypted numbers to users dial harassing phone calls, some companies can also obtain through technical means with mobile Internet users clear code mobile phone numbers.The business manager of information technology Co., Ltd. told reporters that users who crawl their advertising pages can see customer numbers in the background.And zhengzhou green pull network company is said to be able to access almost all site users of the code mobile phone number.This is how big data, such as users’ online behavior, is abused and leads to nuisance calls that seriously affect consumers’ lives.Source: Beijing Youth Daily