Joke Collection Website - Blessing messages - Stealing information, hijacking accounts and leaking files ... you can use these functions every day.

Stealing information, hijacking accounts and leaking files ... you can use these functions every day.

Nowadays, with the popularity of smart phones and the coverage of wireless networks, it is more and more common to use mobile phones to handle official business. Instant messaging social media represented by WeChat has won the favor of more and more users because of its practical function, simple operation and convenience, and has gradually become one of the channels and platforms for handling official business in the information society.

Among them, all kinds of small programs connected to large Internet platforms such as WeChat and Alipay are quickly integrated into production and life, public services, government management and other fields because of their advantages of no need to download and install, convenient operation and small memory occupation, and become common tools for everyone.

Various small collections of communication tools, media, social media, application platforms and other functions are integrated into one, with a huge user base, and such information disclosure violations are more complicated. In particular, its information resources are very convenient to enjoy. Once personal privacy is exposed, information often spreads geometrically.

# 1

Information security problems exposed by small programs

1. Become a "privacy pickpocket" and steal user information.

In August, 20021year, the Netan Corps of Shanghai Public Security Bureau found an important clue in the network inspection: an application appeared to have illegal behavior of "powder washing", but in fact it was "drainage". After receiving the clue, Minhang police dug up a criminal gang that illegally stole user data by using "powder scanning" software through more than two months of investigation.

The police analysis found that the criminal gang obtained the citizen information in the mobile phone "at the second level" without the user's knowledge, and no one reported the case to the public security organ until the incident. I don't know that these citizen information data have been transmitted to the server of criminal gangs.

After the trial, criminal gangs not only used procedures to illegally obtain citizen information, but also sold and illegally used these citizen information for profit. The gang made illegal profits of more than 8 million yuan.

2. Use security vulnerabilities to hijack user accounts.

In addition, the security vulnerabilities of social media applets can easily become tools and channels for cyber attacks. According to research, hackers can hijack users' accounts by taking advantage of loopholes in social media platforms and third-party applet authorization protocols. Third-party applets can also induce users to grant advanced permissions to malicious applications through forgery, spread phishing websites through user accounts, and conduct illegal activities such as swiping and illegal drainage through automated attacks on applets.

For example, we are familiar with the Taobao password of Alipay. If you open Alipay without copying the link, a red envelope pop-up window will appear. In fact, your clipboard was hijacked. The function of hijacking the user's clipboard is added to the applet, that is, as long as the user opens the applet, the applet will automatically copy a crack password, thus achieving the purpose of illegal drainage by criminals.

3. Character recognition causes confidential information to be out of control.

Frequent problems with small programs not only affect our daily life, but also bring new problems to the safety management at work. In recent years, the number of leaks caused by instant messaging social media such as WeChat has increased year by year, becoming a "high-risk place" for leaks.

In February, 2002 1, Zhang, a staff member of a research room in a certain city, received the secret materials of1and thought that it was "well written and could be used for reference for a long time". In order to facilitate future study and reference, we use the text recognition function of WeChat applet to take photos and identify the main contents of the materials, and then import the text into non-confidential computers for storage and processing through the local area network created by mobile phones, resulting in the loss of control of confidential information. After the case happened, Zhang was given disciplinary action.

#2

Ann said it was confidential.

The network information department suggests that when scanning code to use applets, we should pay attention to carefully identifying and selecting the two-dimensional code icon of applets in public places, and do not use applets with unknown sources and business entities at will; Read the applet privacy policy and user agreement in detail, and carefully grant application rights such as "Send SMS", "Read SMS", "View Address Book" and "Read Location Information". Avoid using password-free wireless networks in public places during the use of applets, and turn off the Bluetooth function in time.