Joke Collection Website - Blessing messages - Security hidden trouble of mobile phone binding
Security hidden trouble of mobile phone binding
Personal mobile phone binding is an account security protection service. After the mobile phone is bound to the account, it can freely and conveniently carry out password retrieval, password modification and other services, claiming to be able to protect the account intimately and strictly. I don't know how to unbind and rebind a series of apps when changing the number, which is very troublesome; Especially when the old mobile phone number is no longer used and the application forgets the password, it will be more troublesome to go through a series of complaints. Moreover, binding the mobile phone is not only a security protection, but also a security risk. Let's take WeChat as an example to talk about the security risks of mobile phone binding.
User A registered the micro-signal X and bound the mobile phone number M. When the user stopped using the mobile phone number M, the mobile phone number M was not unbound ... China Mobile's number can be re-listed one month, two months and six months after cancellation. A few months later, user B applied for the mobile phone number M. When the user wanted to bind his micro signal Y with the mobile phone number M, he found that the mobile phone number M had been occupied. So user B logs in to WeChat with mobile phone number M to retrieve the password, and the verification code SMS is sent to mobile phone number M.. User b changes the password and sets a new password. These simple operations successfully log in to user A's micro-signal X and see all the information of micro-signal X.
I think the root cause of the problem is to register the mobile phone number, log in to WeChat, and then retrieve and modify the password through the mobile phone number. All the ways are through the mobile phone number, which is a closed loop. With the mobile phone number, everything is easy to handle, so "after the mobile phone is bound to the account, it can retrieve the password and modify the password freely and conveniently"; On the contrary, if you don't have a mobile phone number, you are in trouble.
Now wechat is registered with a mobile phone number. If user A simply registered WeChat X with the mobile phone number M, and did not bind the micro signal to QQ or email (I think there should be many similar users). After the mobile phone number M is deactivated, if he forgets the password, he will not be able to retrieve the WeChat password himself (of course, he should be able to retrieve it through WeChat customer service). On the contrary, users with mobile phone numbers can easily reset their passwords. Moreover, WeChat does not provide the function of canceling WeChat account, especially in the case of registering users with mobile phone numbers, it is recommended to provide the functions of canceling accounts and erasing data.
This paper only points out the problems of WeChat, and many other applications can simply retrieve passwords through SMS verification. Moreover, this paper only assumes that another user has registered a new mobile phone number M, but now illegal acts such as intercepting other people's mobile phone messages also exist. Therefore, it is a double-edged sword to bind the mobile phone number and register through it. While gaining security and convenience, we are actually losing some sense of security. Therefore, it is suggested that readers should improve their security awareness and unbind the original mobile phone application when changing their mobile phone numbers. Take a variety of security mechanisms to protect, of course, it is also convenient to retrieve the password, such as registering through the mailbox and binding the mailbox.
Finally, mention a small detail of Taobao security. Taobao client settings-> Equipment management->; You can erase the data of other devices, similar to the function of iCloud to erase devices. This kind of detail service is quite intimate. Now everyone has installed many applications on their mobile phones, which contain a lot of personal information. It is necessary to remotely erase the information on the original mobile phone in case the mobile phone is lost.
Convenience and security have always been the main goals of mobile applications. They are either complementary or conflicting, as can be seen from the mobile phone binding service. I don't have any in-depth research on mobile phone security. This article is just a few superficial views from the perspective of an ordinary end user.
Welcome to my blog: www.dzwanli.com.cn.
- Related articles
- A thank-you letter from the groom to the best man.
- Taobao Telecom's recharge prompt is successful, but what should I do if my mobile phone doesn't receive the SMS?
- What are the parameters of Glory 50pro?
- What short message content can be used to exchange mobile phone traffic for others?
- Are there any mice to report in the supermarket?
- How to backup Android SMS to computer?
- 163 What if I can't get twitter in my mailbox?
- Why does Unicom call every day to charge the phone bill?
- How to check the call record of your mobile phone?
- What are the advantages of using electronic contract in logistics industry compared with traditional signing mode?