How mobile phones are attacked and leaked
- Illegal use (unauthorized access): A resource in a mobile phone is used by an unauthorized person or in an unauthorized manner.
- Eavesdropping: Stealing information resources and sensitive information in mobile phones by various possible legal or illegal means. For example, the signal transmitted in the communication line of the mobile phone is monitored, or the electromagnetic leakage generated by the communication device during the work is intercepted to intercept useful information.
- Business flow analysis: Through long-term monitoring of a mobile phone, statistical analysis methods are used to study parameters such as communication frequency, communication flow, and total communication changes, and valuable information and rules are found.
- Bypass Control: An attacker gains unauthorized rights or privileges by exploiting the security flaws or security vulnerabilities of the phone. For example, an attacker finds some system "features" that should be kept secret, but exposed, through various means of attack. With these "features", an attacker can bypass the defense guards and invade the inside of the system.
- Trojan horse: The software contains a harmful block that cannot be detected. When it is executed, it will destroy the user's safety. This application is called the Trojan Horse.
- Trap gate: An "organ" set in a system or a component that allows a security policy to be violated when a particular data is entered.
- Virus: A program that can realize infection and aggression during the operation of a mobile phone.
Then, in such a flood of mobile phone leakage environment, where should China's mobile phone information security protection go?
How to use the mobile phone network safely?
1. Download the mobile application software from the regular software release mall. For smartphones with Android or IOS Apple mobile phone system, the application function of the smartphone is expanded by installing some application software, but this also brings some security risks.
For Apple phones, it is recommended to download apps that have been verified by Apple in the App Store on your phone. Android smartphones, manufacturers usually pre-installed the application store on the mobile phone, and other well-known Internet companies have developed powerful mobile phone butler and other software, you can also download and use the Android application software in the software.
2. When using the mobile phone to access the Internet, do not open the link of unknown origin. Mobile malware or viruses are usually hidden behind some web links. The criminals will describe the link as something that people are interested in, such as "Long time no contact, old classmates, this is a photo of our youth", "Air crash" Crash video." After opening the link, the malicious program will run in the background of the mobile phone, which may cause the disclosure of personal information.
3. Do not disclose the prompt information such as the verification code sent by the bank to others. In online transactions, in order to confirm the authenticity of the customer's online shopping identity, the major banks will reserve a mobile phone to send a verification code and other confirmation SMS to the online banking account, and wait for the customer to feedback the verification code to complete the debit transaction. If you receive the verification code text message provided by the bank without online shopping, it means that the bank card number held by the bank is online trading elsewhere. At this time, please do not provide the verification code to others and check with the bank in time.
4. Buy a mobile phone from a regular business. Some unscrupulous merchants pre-load some information stealing software in the mobile phone, and then repackage the mobile phone in the form of a network or a physical store for sale. This type of software runs in the background, and even if it is factory reset, this type of pre-installed program will be automatically reinstalled on the phone. Therefore, it is recommended to buy a mobile phone at a regular business. In addition, it is recommended not to jailbreak or ROOT on the mobile phone, because such operation is equivalent to improving the application level of the mobile phone user, so that the mobile phone is always open to any function, and it is convenient for the criminals to invade the mobile phone system. Therefore, it is recommended not to perform such operations on mobile phones. At the same time, you need to install mobile anti-virus software for regular anti-virus.
5, do not casually take photos of family and address
Some people like to use their mobile phones to print information such as names, addresses, schools, family photos, etc. on the Internet. If you do this for a long time, the information you have exposed will become a complete set of information as long as it is analyzed and summarized by others. This will hide all kinds of unpredictable risks.
6, online test, be careful
"Test your three keywords", "Test your character", "Measure your New Year's fortune"... Participants often need to authorize WeChat login and enter their name, birthday, mobile number, and privacy. Will be tested by the developer into the background, through combing it is possible to piece together the complete personal information.
How should daily mobile phone network security be protected?
1. Practical strong password / biometric identification
Strong passwords plus biometrics, such as fingerprint authentication, make unauthorized access almost impossible. The password should be longer than 8 characters and contain alphanumeric characters. If your phone allows two-factor authentication, use it quickly. Believe me, you won't want to endure unforeseen attacks.
The complexity of the passwords in your other apps may entice you to use the "remember me" feature to put the password in the app as you would in a browser. But this feature should be avoided anyway, as it will only increase your chances of being scammed. Or, once your phone is lost, someone who gets/stolen can get full control of your phone.
Also, don't forget to change your password from time to time (at least every 3 months).
2. Make sure public or free WiFi is protected
Everyone loves free WiFi, especially when the traffic plan is not expensive. But cheap can also be costly in a very destructive way. This is because most free WiFi access points are not encrypted. These open networks allow malicious people to listen to network traffic and easily get your password, username and other sensitive information. Moreover, this threat will not disappear soon. eVoice Australi, a leading provider of virtual telecommunications solutions, said WiFi hacking will continue to grow in many places in 2017.
To prevent WiFi hacking, use an application that protects your network connection, or at least displays the status of your connected WiFi. WPA (WiFi Protected Access) is more secure than WEP (Wired Equivalent Privacy).
Careful consideration should be made to turn off the wireless connection (WiFi and Bluetooth) when not in use. This not only helps you avoid auto-connecting unencrypted networks, it also saves battery power.
3. Using VPN
If the security status of the connected network is uncertain, a VPN (Virtual Private Network) client must be used. VPN allows you to securely access the network. At the same time, any browsing activity you do in public WiFi will be blocked from the eyes of the peep.
VPNs are also very useful when accessing less secure websites. Non-HTTPS sites are unobstructed by anyone who is familiar with networking and vulnerability tools. These sites are easily used for man-in-the-middle attacks to remove obstacles for sniffing and password sniffing. In the fight against cybercrime, we really need a new way of thinking.
4. Encrypt your phone
Most phones have