In the early morning of July 30, a user from Shenzhen found that his mobile phone had inexplicably received more than 100 verification code text messages. Soon she found that her Alipay, Yu'ebao and related bank cards were all transferred away. , and the Jingdong account has also been opened with gold bars and white bars, borrowing more than 10,000.
Recently, it has been a common occurrence to steal account property by obtaining the user's mobile phone SMS verification code. In the face of fraudulent tricks of lawless elements, many mobile Internet users have caused panic. For this kind of technically stolen property, Let's first understand the technical principles behind it. The scammer mainly uses the two technologies of 'GSM hijacking' and 'SMS sniffing' in the whole process, which can get the mobile phone number, verification code and even ID card without the user completely operating. Core information such as information, thereby stealing the user's mobile account property.
At present, most of the short messages are transmitted through the GSM communication protocol of the 2G network, and this communication protocol is not secure. As long as a sniffing device (usually a modified mobile phone) can be monitored. Then, the scammer reuses Pseudo base station (usually a modified mobile phone or laptop) to collect information about the surrounding mobile phone card. In this way, the mobile phone number and SMS verification code are obtained at the same time. At this point, the scammer can already reverse the owner identity information of the number by querying the website. You can even get the ID number and bank card number. With the above information, the criminals will choose the situation of late-night user sleep, asset transfer, micro-loan and other operations, successfully stealing user property.
As a mobile phone manufacturer, how to protect user property, prevent it from happening? The reporter learned through Xiaomi MIUI Security Center engineers that the MIUI system is mainly from harassment interception, fraudulent number interception, pseudo base station SMS identification, refused to connect pseudo base station, SMS URL identification and Pay security scans to start with six aspects, fully guarantee the security of users using mobile phones.
For example, MIUI is the earliest mobile phone operating system that supports caller ID recognition and intercepts fraudulent numbers. Users can mark their own phone calls. Once more than 50 people are found to be scams on the same number, the system will automatically hang the user. In addition, when the Xiaomi mobile phone user receives the SMS sent by the bank and the operator, Xiaomi will conduct a security check on the SMS. Once the pseudo base station SMS is found, it will immediately remind him; some Xiaomi phones also support the anti-connection. The pseudo base station' function, after being turned on, will determine the pseudo base station from the chip level, and fundamentally eliminate the connection of the pseudo base station; for the SMS verification code, the MIUI system prohibits all third-party applications from reading the verification code short message by default, preventing the user from leaking the verification code message. When the user clicks on the URL in the text message, Xiaomi will perform security monitoring on the website. Once the dangerous website is found, the user will be prompted immediately to prevent the phishing website from being deceived. Finally, when the user makes a payment through Xiaomi mobile phone, MIUI will Scan the user's current system and network environment, once malware is found or false WiFi, prompt the user to stop the payment behavior.
Mobile Internet scams have always been a game between manufacturers and lawless elements. As the leader of the Android system, MIUI has never slackened its scams to prevent tricks. I hope that through its continuous improvement and improvement, users will be truly assured. The worry-free mobile Internet environment. The reporter also hopes to see more mobile phone manufacturers can increase investment in this area, purify the mobile Internet environment, and escort users for safe use of mobile phones.
In the early morning of July 30, a user from Shenzhen found that his mobile phone had inexplicably received more than 100 verification code text messages. Soon she found that her Alipay, Yu'ebao and related bank cards were all transferred away. , and the Jingdong account has also been opened with gold bars and white bars, borrowing more than 10,000.
Recently, it has been a common occurrence to steal account property by obtaining the user's mobile phone SMS verification code. In the face of fraudulent tricks of lawless elements, many mobile Internet users have caused panic. For this kind of technically stolen property, Let's first understand the technical principles behind it. The scammer mainly uses the two technologies of 'GSM hijacking' and 'sms sniffing' in the whole process, which can get the mobile phone number, verification code and even ID card without the user completely operating. Core information such as information, thereby stealing the user's mobile account property.
At present, most of the short messages are transmitted through the GSM communication protocol of the 2G network, and this communication protocol is not secure. As long as a sniffing device (usually a modified mobile phone) can be monitored. Then, the scammer reuses Pseudo base station (usually a modified mobile phone or laptop) to collect information about the surrounding mobile phone card. In this way, the mobile phone number and SMS verification code are obtained at the same time. At this point, the scammer can already reverse the owner identity information of the number by querying the website. You can even get the ID number and bank card number. With the above information, the criminals will choose the situation of late-night user sleep, asset transfer, micro-loan and other operations, successfully stealing user property.
As a mobile phone manufacturer, how to protect user property, prevent it from happening? The reporter learned through Xiaomi MIUI Security Center engineers that the MIUI system is mainly from harassment interception, fraudulent number interception, pseudo base station SMS identification, refused to connect pseudo base station, SMS URL identification and Pay security scans to start with six aspects, fully guarantee the security of users using mobile phones.
For example, MIUI is the earliest mobile phone operating system that supports caller ID recognition and intercepts fraudulent numbers. Users can mark their own phone calls. Once more than 50 people are found to be scams on the same number, the system will automatically hang the user. In addition, when the Xiaomi mobile phone user receives the SMS sent by the bank and the operator, Xiaomi will conduct a security check on the SMS. Once the pseudo base station SMS is found, it will immediately remind him; some Xiaomi phones also support the anti-connection. The pseudo base station' function, after being turned on, will determine the pseudo base station from the chip level, and fundamentally eliminate the connection of the pseudo base station; for the SMS verification code, the MIUI system prohibits all third-party applications from reading the verification code short message by default, preventing the user from leaking the verification code message. When the user clicks on the URL in the text message, Xiaomi will perform security monitoring on the website. Once the dangerous website is found, the user will be prompted immediately to prevent the phishing website from being deceived. Finally, when the user makes a payment through Xiaomi mobile phone, MIUI will Scan the user's current system and network environment, once malware is found or false WiFi, prompt the user to stop the payment behavior.
Mobile Internet scams have always been a game between manufacturers and lawless elements. As the leader of the Android system, MIUI has never slackened its scams to prevent tricks. I hope that through its continuous improvement and improvement, users will be truly assured. The worry-free mobile Internet environment. The reporter also hopes to see more mobile phone manufacturers can increase investment in this area, purify the mobile Internet environment, and escort users for safe use of mobile phones.
