Without any prompting, the unfamiliar app was automatically downloaded to the tester's phone CCTV screenshots
The "free WiFi" App hides traps, not only can not be connected at all, but also leads to privacy exposure; children's watches seem to have intimate functions, and there are invisible security vulnerabilities hidden behind the watch; browsing the web can leak consumers' mobile phone numbers, and behind the harassing phones is hidden in the black industry. Yesterday, CCTV 3.15 evening party, a number of exposure cases pointed directly to the security of consumers' personal information. In the era of the Internet of Everything, when all kinds of information are collected and used, it is urgent to weave a dense personal information security protection network.
The free WiFiApp hides a trap
One does not pay attention to privacy exposure
At the CCTV 3.15 party, the security laboratory link exposed the free WiFiApp trap. More than 20 applications under the banner of free WiFi were tested, and it was found that not only could not be clicked on free WiFi, but also that after the user was induced to click the confirmation button, it would be inexplicably automatically installed with advertisements, and more frighteningly, some free WiFi applications collected the location information of consumers' mobile phones up to 67899 times in a day. Free WiFiApp can not be casually clicked, if you do not pay attention to privacy will be exposed.
The testers first downloaded and installed the "WiFi Cracker" from the app market, and the large row of WiFi resources was clearly listed. However, the tester clicked "Free Connection", and the system displayed "Cracking WiFi to get the password", but it failed. After changing the WiFi resource, the words "Confirm" and "Connect" appear below, click Confirm, the result is still not connected. The tester clicked on all the listed WiFi resources, and none of them could connect.
WiFi resources were not connected, but two unfamiliar applications were silently downloaded from the phone, and the testers found that the strange application was hidden in the pop-up window with the words "confirm" or "open" that had just been clicked. This is actually a disguised advertising link, once the user is induced to click, without any prompt, the application in the advertising link will be automatically installed into the phone.
Engineers tested more than 20 applications under the banner of free WiFi, all of which have been consistently failed, and there is also the behavior of inducing users to download other applications. Further testing by engineers found that such free WiFi applications also collect a lot of user information in the background. An app called Radar WiFi collected the test phone's location 67,899 times in a single day. "It can string together your life trajectory and whereabouts, and it can fully grasp your life rules, know your preferences, and your profession." The engineer said.
After these inexplicable applications are added to the mobile phone, a large number of pop-up ads will appear, which will seriously affect the normal use of the mobile phone. A "self-start" function of "Yue Leopard WiFi Assistant" can be automatically started at any time at high frequency. This means that even if the user closes the app from the background, it can also run back in the background through the "auto-start" function, constantly collecting user information and pushing pop-up ads.
Children's smartwatches are hidden
Invisible security vulnerabilities
Children's smart watches, powerful hardware, intimate functions, real-time positioning, high-definition dual camera, face recognition, video calls. Children find it convenient and fun, and parents can always keep track of their children's whereabouts. CCTV reporters found that many low-end versions of children's smart watches are selling well on major e-commerce platforms. The 3.15 Information Security Laboratory conducted special tests on this.
The testers purchased a children's smartwatch marked with 100,000+ sales records and gave it to a child to wear. The tester disguised the download QR code of a malicious program as a lottery game and posted it on the door of the child's home. After the child is attracted to the scanning code experience, the malicious program is easily stationed in the child's smart watch. Engineers easily implemented remote control of the watch in the background. As long as the child draws every lottery, the malicious program will automatically package the important information in the watch, such as location, address book, call history, etc. to send out in real time. After playing the lottery game, the child goes downstairs to play, the engineer can still locate in real time, collect the child's movement trajectory uninterruptedly, and easily circle the child's range of activities. The tester deduced from the background that her home was actually very close to her school, about two or three hundred meters, and could be walked in 5 minutes by collecting the child's location information many times. Even after returning home, the child chatted with his grandmother, and by calling the microphone in the watch, the engineer in the other place knew the content of the conversation.
Why do children's smart watches that are loved by children and trusted by parents become voyeuristic eyes? Testers found that the root cause is that the low-end version of the children's smartwatch operating system is too old. The trial watch uses the Android 4.4 operating system without any permission management requirements, which is nearly 10 years old, and its latest version has been updated to Android 12. That is to say, as long as the App requests what kind of permissions, the Android 4.4 operating system will give the App what kind of permissions. After installing various apps, this low-version children's watch can take away a variety of sensitive permissions such as positioning, contacts, microphones, cameras, etc. without user authorization. This means that they can easily access private information such as children's location, face images, and recordings. These manufacturers choose low versions of the operating system for the sake of cost reduction, but it ignores the security of user use, bringing endless consequences to consumers.
Engineers said that at present, people attach great importance to mobile App supervision, from the technical principle, many of the standard requirements of the mobile phone terminal are fully applicable to smart terminals. However, the degree of attention is not enough, so that this type of intelligent terminal has become a hard-hit area in the protection of personal information.
Behind the harassing phone calls
Hidden "Black Industry"
Many consumers have experienced browsing certain websites only with their mobile phones and not leaving a phone, but they have received sales calls from related industries. Why are someone making harassing calls? How did they accurately capture consumer browsing behavior? Yesterday's CCTV 3.15 gala exposed this.
The reporter visited Rongying Communications Company, a company that specializes in building outbound call systems and providing outbound calls for some telemarketing companies. Manager Feng said that there are many telemarketing companies that make harassing calls through their systems, and their systems can hide the real calling number to prevent complaints. Moreover, the use of telephony to disguise evades the provisions of laws and regulations that you cannot make harassing calls to customers. So some consumers will hear "Hello, my side is a certain company after receiving a harassing phone call." Recently, I have contacted you about the communication of a certain product before. What are you going to do and think about now? Do you want to know a little more?" begins with a similar opening statement in the form of a return visit. Rongying Communications has such a circumvention technology, which will charge companies that make harassing calls about 0.1 yuan per minute. A large number of harassing calls have brought rich telephone fee income to Rongying Communications, with pure telephone bill income of nearly 100 million yuan and more than 20,000 customers.
With the deepening of the investigation, the reporter found that around the black industry of harassing calls, in addition to these companies that specialize in providing outbound call systems, there are also people providing big data support for harassing calls. In Hangzhou Yiyu Information Technology Co., Ltd., the reporter saw that the technician logged on to a decoration company, and through the background of the outbound call system opened by the Hangzhou Yiyu Institute, the recording of a decoration company making marketing calls to users was recorded.
General Manager Tang of the company introduced that these users have recently browsed some furniture and decoration websites with their mobile phones. Although the user does not leave a phone number, they can call the user directly through their system. The user who browses the website does not leave a mobile phone number, how can the system dial the user's phone? General Manager Tang introduced that everyone's mobile phone corresponds to a MAC number (mobile phone identification code), which can be matched to this mobile phone. As long as the user browses the website, the fishing company can call the corresponding sales call to the user through the system. Companies that make harassing calls use such data to charge fishing companies $3 per line. At present, accurate big data involving users' Online behavior has become a fragrant feast for the black industry of harassing phone calls. The reporter's investigation found that many companies are engaged in similar business.
The reporter also learned that in addition to using encrypted numbers to make harassing calls to users, some companies can also obtain the clear code mobile phone numbers of users who use mobile phones to access the Internet through technical means. The business manager of The Shift Information Technology Co., Ltd. told reporters that users who grab their advertising pages can see the customer number in the background. Zhengzhou Luqian Network Company claims to be able to obtain the clear code mobile phone numbers of almost all website users.
This is how big data, such as user behavior online, is misused and brings harassing phone calls that seriously affect consumers' lives.
Text/Reporter Wang Wei
Source: Beijing Youth Daily
![Peeking at "adult websites" no one knows? The following 4 problems occur with the phone, please stop re-contacting[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)