Yesterday Shichao saw a news.
A woman suddenly received hundreds of verification codes in the middle of the night, all bound to "China Mobile and Package Service".
At this point, the smarter friends have already seen that this must be someone who wants to do something bad.
The lady wasn't stupid either, turning on airplane mode for safety and even turning off her phone later.
However, something went wrong.
The next day, she was awakened by a phone call from China UnionPay, and found that many of her bank cards had been bound to "China Mobile and Package Express Payment", and more than 8,000 pieces had been stolen.
This, obviously the verification code is on her mobile phone, how did others bind it?
And she has never clicked into any small website, and there should be no Trojan software on the mobile phone.
Later, the police found out that the criminals used a "new type of technology network theft" - a pseudo base station.
As we all know, mobile phones transmit and transmit signals through base stations (signal towers).
Criminals can build a fake base station, once connected to your mobile phone, with the sniffing tool, you can get the verification code you received, so as to log in to your various online banking accounts, to help you keep your private money.
For example, in this case, others used the victim's verification code to bind China Mobile's and package quick payments, and then began to steal.
Not only that, using pseudo base stations, criminals can also pretend to be operators and banks to send you messages.
If we easily click on the "link" they give and enter personal information, our data will be stolen.
Some poor friends may ask, how did the pseudo base station connect to our mobile phones?
In fact, this technology is not new, it has appeared as early as 10 years ago, and we have written related articles before.
Today, with this incident, let's dig a grave and briefly introduce it to you.
In fact, if you want to build a pseudo base station, the threshold is not high. Before being cracked down by the relevant departments, spend tens of thousands of dollars to buy a complete set online.
You are capable, a notebook, with an SSRP motherboard, power amplifier, RF circuit or whatever, at home can also rub out a set.
The equipment is set up, and then the engineering machine is used to copy a copy of the parameter information of the real base station, and finally a group text messaging software is installed, and a pseudo base station of the caizhong version is ready.
Remind everyone not to think about rubbing themselves, it is certainly not so simple, and it is also illegal to engage in pseudo base stations.
If you do a good job of fake base stations, criminals will go out to commit crimes.
They usually hide the pseudo base station in their school bags, and if it is too big, they will buy a car for it and stuff it into the trunk.
Well? So pay attention to safety, but also move to commit crimes?
In fact, the main reason for mobile crimes is that the pseudo base station needs to be close enough to connect to the victim's mobile phone.
We can think of the base station signal as the magnetic force of the magnet, which base station signal is stronger, the mobile phone will be sucked over. (In pseudo base station cases, the criminal is often near the victim).
So the question is, the mobile phone is connected to the pseudo base station, can not distinguish the real and false?
In fact, it is not that it is impossible to distinguish, but that there is no power to distinguish at all.
Because China Mobile and Unicom's 2G network uses the GSM system, it has a short board, that is, one-way authentication.
What does that mean?
When the mobile phone communicates with the base station, the base station can authenticate the identity of the mobile phone, but the mobile phone cannot authenticate the identity of the base station.
So even if it is fake, the mobile phone can not distinguish, directly default to it is true.
Then the criminals want to forge the number, want to read the text message, and it is easy.
Seeing that this may be a bad friend asked, since the pseudo base station is drilling the vulnerability of the 2G network, then we do not use 2G is not good, and now 4G is so popular.
Well, you're right.
But in many key places, the 2G network has not been dismantled, and when the black industry commits crimes, you can use technology to squeeze out your 4G signal and let the mobile phone turn to 2G.
And even if you're always 4G, there's already a way to crack 4G LTE.
Where there are really loopholes, there are black products.
But don't worry too much, pseudo base stations are now becoming more and more difficult to do.
For example, many mobile phone manufacturers have long begun to engage in anti-counterfeiting base stations, such as Huawei's Mate 8 chip with its own function of identifying pseudo base stations.
Because the pseudo base station has some parameters that are different from the real base station, through the comparison of parameters, let the mobile phone distinguish the true and false base station, and will not stay.
MiUI 8 also uses big data to analyze whether SMS messages come from fake base stations.
In addition, with the development of communication technology, 5G can not only judge the pseudo base station itself, but also find the location of the pseudo base station through some positioning technology, and cooperate with the relevant departments to crack down.
Not only that, with the development of payment platforms, as long as the account is logged in in an unfamiliar environment, or the bank card is bound, it is generally necessary to do personal face recognition, and it is very difficult for criminals to steal.
There are exceptions.
For example, in this case, China Mobile's "and package payment" binding bank cards, actually do not need face recognition and other personal verification methods, provide bank card numbers and mobile phone verification codes to complete the binding.
this.. No wonder criminals use your platform to steal brushes, risk control is not good.
Now we can only hope that the risk control of operators or those banking platforms can go further.
Here, Shichao recommends that you try to buy a large factory mobile phone equipped with pseudo base station recognition function, who knows which day the criminals will not target us.
Finally, Shi Chao reminded the black industry that don't think about making quick money, the wave of people who engaged in pseudo base stations in those years are now stepping on sewing machines fast.
Author: Hedgehog Editor: Polygon Line
Images, sources:
The surging news: After receiving 100 verification codes in her sleep, the bank card was stolen and swiped, and the woman was "sniffed" to steal the code
Dark Cloud Vulnerability Platform: Deep Revelation: The Legend of the Pseudo Base Station SMS Fraud Industry Begins and Ends
Zhihu Xiao zaojun: In-depth demystification: what is the pseudo base station?
Snack Public: What is the "anti-counterfeiting base station" function? Count the phones and the "pseudo base station" thing
Wikipedia, Baidu Encyclopedia: Pseudo base station