personal information disclosure mobile application becomes a new "disaster area"

Posted by barello at 2020-04-03

On May 27, the national computer network emergency technology processing Coordination Center released the 2014 China Internet network security report in Wuhan.

According to the report, China's network security is generally stable, but there are still many vulnerability risks in the basic network. The frequency, intensity and complexity of network attacks on websites of government departments and important industry units from abroad are increasing; the leakage of website data and personal information is still serious, and mobile applications become the new subject of data leakage.

The risk of security loopholes is still high

In 2014, the national information security vulnerability sharing platform included and released 9163 security vulnerabilities, an increase of 16.7% over 2013; 2394 of them were high-risk vulnerabilities, accounting for 26.1%, and 3266 (that is, the manufacturer did not provide patches at the time of disclosure), accounting for 35.6%. Among the loopholes included in 2014, 9% involved in the telecommunication industry, 2.0% involved in the industrial control system and 1.9% involved in the e-government. The national Internet Emergency Center reported 9068 loopholes to government agencies and important information system departments throughout the year, three times higher than in 2013.

With the development of information technology, traditional radio and television, public management, social services and other fields are closely integrated with the Internet, and the vulnerability threat is also evolving. In 2014, the national Internet emergency center disposed of a number of incidents involving loopholes in the public service management system, involving LED information management in public places, highway video monitoring, regional vehicle GPS dispatching monitoring, etc. once these loopholes are exploited, they will directly affect the daily traffic management and public life.

Yan Hanbing, deputy director of the operation Department of the national Internet Emergency Center, said that in 2014, it had been found that some intelligent monitoring devices, intelligent routers, webcams, set-top boxes and other networked intelligent devices were controlled by hackers to launch network attacks. These networked intelligent devices generally had weak command, improper configuration and other security problems, and it was easy for attackers to install Trojans to become "chicken" long To control.

More than 11 million hosts infected with Trojan Botnet, 1763 government websites were tampered with

According to the monitoring, in 2014, there were more than 11088000 hosts infected with Trojan botnet in China, down 2.3% compared with 2013, and more than 61000 domestic Trojan botnet control servers, down 61.4% compared with 2013.

As China continues to strengthen the supervision and governance of the public Internet environment, a large number of Botnet control servers are migrating abroad. In 2014, the sampling monitoring found that 42000 overseas control servers controlled more than 10.81 million hosts in China, and the number of overseas control servers increased by 45.3% compared with 2013.

According to sampling monitoring, in 2014, there were about 187 denial of service attacks with a traffic scale of more than 1GB per second against China's domain name system, about three times that of 2013. The frequency, intensity and complexity of network attacks on websites of government departments and important industry units are increasing. In 2014, there were 1763 tampered government websites and 1529 government websites implanted in the back door, accounting for 4.8% and 3.8% of all tampered websites and websites implanted in the back door respectively.

At the same time, domain name parsing and tampering for important websites occur frequently. Among the 8.7 million domain names tested in October last year, about 1.07 million domain names were resolved to overseas IP addresses, of which 29000 domain names have web ports that can be accessed, some of which point to abnormal pages promoting games, pornography, gambling and other content, and some of which are planted with malicious code.

Mobile app becomes a new subject of data disclosure

In 2014, data information leakage was still in a high incidence trend, and data leakage occurred in many well-known e-commerce companies, express companies, recruitment websites, examination registration websites, etc. In the middle of May, the forum data of a well-known mobile phone manufacturer leaked, resulting in the leakage of 8 million users' information; in December, a well-known traffic ticket website in China was attacked by a database collision, resulting in more than 130000 user data, including user account, plaintext password, ID card number, mobile phone number and e-mail, spreading on the Internet.

It is worth mentioning that mobile applications become the new subject of data disclosure. In 2014, a variety of well-known mobile applications in China, such as ticket booking, social networking, comment, forum, browser and so on, suffered from user data leakage. Some mobile application developers are lack of experience, security awareness and level, and the access control mechanism of web server to mobile terminal is weak. Hackers use these interface vulnerabilities to attack the web server, which can easily obtain the address and interface information of the corresponding server and then lead to information disclosure.

In 2014, the national information security vulnerability sharing platform included 1710 vulnerabilities involving mobile internet terminal devices or software products, which may become a new entry for hackers to obtain user information.

"Li Gui", the website of financial and telecommunication institutions, has grown significantly

In 2014, the number of phishing incidents in the financial and telecom industries increased significantly, and a large number of phishing sites moved to the cloud platform, making it more difficult to deal with the incidents, affecting users' economic security and information consumption.

Sampling monitoring data shows that there are nearly 100000 fake pages (URL links) for websites in China, an increase of 2.3 times over 2013. 89.4% of these fishing sites are located abroad.

From the perspective of counterfeited objects, the proportion of counterfeited pages for third-party payment institutions, online banking and other financial institutions is more than 80%, mainly to lure users to submit bank card number, password, ID card number and other information; at the same time, a large number of counterfeited pages for telecom enterprises are found, mainly some false recharge pages, accounting for 12%. The combination of web page phishing and mobile applications is increasingly close. Many phishing pages can only be accessed through mobile intelligent terminals, and the phishing events of mobile applications such as mobile online banking and wechat are frequent.

In addition, due to the convenience of application and use of cloud services, low cost, lax security audit, and the traditional means of tracking and processing based on IP address are difficult to apply, cloud platform is increasingly becoming a hotbed for phishing websites. From the perspective of the bank phishing websites disposed in 2014, according to the number of phishing websites (by domain name), there are 4 top 10 IP addresses belonging to cloud service providers.