Today, CCTV's finance channel exposed some security chaos existing on mobile phones, especially targeting eavesdropping and positioning software. After expert identification, these "spy" type mobile phone applications are actually Trojan viruses that wildly collect and leak private information such as users' call records, posing a huge threat to people's information security.
Nowadays, family positioning and eavesdropping software can be found everywhere online, even openly sold. They often come with slogans like "find your loved ones in the first time", "suitable for use between families, couples, and boyfriends/girlfriends," attracting netizens to download and use them. Some are even clearly priced, and not cheap: 200 yuan for 5 days, 500 yuan for a month, 1500 yuan for half a year. Can it really be achieved?
CCTV reporters then conducted an experiment, installing parent-end and child-end programs on two mobile phones respectively. After connecting them, something surprising happened: the contact list, text messages, call records, and even real-time call recordings from the phone with the child-end installed were instantly sent to the phone with the parent-end installed. Not only that, even if the child-end phone does not make a call, the parent-end phone can initiate an instruction to secretly record and transmit the audio!
These so-called "family positioning" software are like hidden spies. The existence of such software undoubtedly poses a threat to users' personal information security.
After expert identification, these spy-eavesdropping software are essentially Trojan viruses. Professor Zhang Xuefeng from the Information Security Department of Xi'an University of Posts and Telecommunications College of Communication and Information stated that after netizens install these applications, they will run in the background, collecting users' related information, such as contact lists, call records, photos, and some sensitive account information. The personal privacy of the installer has already been leaked without their knowledge.
In August this year, Kingsoft Mobile Duba intercepted a data packet, and this data packet was leaked from a certain family positioning software server. The information included about 14,000 text messages and 9,900 telephone recordings from all infected users, with the data packet size reaching 3.4GB.
CCTV stated that both the National Security Law and the Criminal Law of our country stipulate that no individual or organization shall illegally hold or use dedicated espionage equipment such as eavesdropping and photography, but these software are still openly sold online, can be downloaded and used at will by people, which is worth investigating.
Attached CCTV report video link:
http://tv.cntv.cn/video/C10375/c3a1854a2627435398a9f8c97b21cfe6
http://cctv.cntv.cn/diyishijian2011/01/20131024.shtml
Attached CCTV report transcript:
Mobile Phone Security Chaos: Trojan Virus Turns Into "Spy" Software
Nowadays, having a mobile phone per person is no longer a novelty. According to the data released by the China Internet Center, by the end of 2012, the number of mobile internet users in China reached 420 million.
At the same time, mobile application software is also growing exponentially, adding fun and convenience to people's internet surfing. However, you might not have thought that they hide enormous risks.
Recently, a software called "Family Positioning" was exposed for stealing others' sensitive information. Once installed, the software can steal the contact list, call records, and even record audio from another person's phone. With just one piece of software, it can easily achieve eavesdropping and tracking on others.
It sounds like a plot from a movie. Is it true?
On the internet, the reporter easily found the release webpage of this software. The webpage provides detailed installation tutorials and purchasing methods.
Following the tutorial, the reporter conducted an experiment. On one phone, the parent-end was installed, and on another phone, the child-end was installed. The installation steps were very simple. After authorizing the account registered on the parent-end through the phone with the child-end installed, the two phones were officially connected. At this moment, something surprising happened.
In the phone with the child-end installed, the contact list, text messages, and call records were instantly sent to the phone with the parent-end installed. After the user on the child-end finished making a call, refreshing the phone with the parent-end software installed revealed that the software had uploaded sound files in the call recording section. Unexpectedly, the content of the other phone's calls was completely recorded by this phone.
In addition, the software installed on the other phone can also perform environmental recording. The reporter placed the phone with the child-end in one room, and the two participants in the experiment chatted casually in that room. In another room, the parent-end phone initiated an instruction to record the child-end phone, and after the recording ended, the software displayed a playable sound file. The conversation of the participants in the other room was completely and clearly recorded without their knowledge.
After installing the child-end, there will be no remaining icons. The name displayed in the software management bar is SMS. According to the usage tutorial, this name will change constantly, making it difficult for the phone user to discover and clean up. If the user on the child-end is not informed in advance, they would not realize that their phone has been monitored.
According to the software customer service response, the software's usage is not limited by distance. As long as there is a signal, whether domestically or internationally, it can easily monitor and track another phone.
Family positioning software is like a hidden spy. The existence of such software undoubtedly poses a threat to users' personal information security.
So, who developed this kind of software? Is the existence of such spy software an isolated case or widely present? Let's continue to see:
Besides family positioning software, there are many other paid listening and positioning software available online, even openly sold.
On some video websites, spy software is directly released through videos.
According to experts, this kind of software is essentially a Trojan virus. Professor Zhang Xuefeng from the Information Security Department of Xi'an University of Posts and Telecommunications College of Communication and Information accepted an interview with the reporter.
"In nature, this kind of software belongs to Trojan software. After being installed on the user's mobile phone, it will run in the background. Trojan software can collect some related information from the user, such as the user's contact list, some photos in the user's phone, and other account information."
Reporter: "From an operational perspective, does it require high technical content?"
Professor Zhang: "From a development standpoint, this software is relatively easy to develop. From the user's point of view, it is even easier to use."
Professor Zhang introduced that users may also get infected with Trojan viruses or Trojan software after downloading software or receiving text messages. Personal information is peeked at without the user's knowledge.
Professor Zhang: "Often, under the user's unawareness, through the use of some applications, such as some videos and games, when installing these software, this kind of Trojan may start running in the background, installing itself onto the user's mobile phone system. Afterwards, the contact list, personal communication records, and some sensitive information on the user's mobile phone may all be leaked."
Kingsoft Mobile Duba once intercepted a data packet in August this year, and this data packet was leaked from the server of family positioning software.
Reporter: What is inside this data?
Anti-virus Engineer Li Tiejun from Kingsoft Mobile Duba: There are two types. One is the text messages of all infected users, and besides text messages, there are also telephone recordings of the infected users.
According to the latest "2013 Third Quarter Android Mobile Phone Security Report" published by Kingsoft Mobile Duba, there are 30,000 new suspicious Android samples added daily, and only in the third quarter, 580,000 virus samples were confirmed, averaging approximately 15,000 Android mobile phones infected with viruses each day. Among these, spy software that steals user privacy accounts for a large proportion.
This kind of Trojan software, which is like a spy, is indeed chilling. Both the National Security Law and the Criminal Law of our country stipulate that no individual or organization shall illegally hold or use dedicated espionage equipment such as eavesdropping and photography. However, why can this kind of software still be openly sold online, allowing people to download and use it at will? This question is worth deep investigation.