Netizen "wheat grain":
Recent texting people heard impersonating 10086, fraudsters are even the 10086 can pretend? This is how to do it?
Recent news that mobile users receive "10086" sent to "redeem cash SMS" text message "mobile shop" Web site turned out to be malicious phishing sites, user's bank card number, passwords and other personal information will be stolen.
Fraudsters are fake 10086--pseudo-base station is the key.
Fake is a fake base station the base station equipment usually consists of simple host computer or laptop to install bulk SMS, SMS transmitter and other equipment can be assembled. The equipment can search within a certain radius of the SIM card information and masquerading as operators of the base station using the number forced to user mobile phone fraud, advertising and other messages.
What principle?
This is the GSM standard security flaw caused by a natural: under the GSM system, the base station will verify the phone, mobile phone and base station are not verified, who who walked a good signal. In other words, as long as you can launch and carrier base station acts like an infinite signal, and the signal is stronger than local carriers base station signals, close to hurling my body onto your phone will automatically. Once connected, you can mass text messages to them.
General process is as follows:
1. false base station over a dedicated channel (Beacon Channel) sends out signals, inform their phone around "this is here is the base station the base station, connect me! "
2. serious operator GSM mobile phone base station signal received the fake base station signals, after comparing the false base station signal is strong, a read from the SIM card IMSI number (equivalent to this ID) to pseudo-base station applications for connection. Leave the system woman in the Emergency Department
3. false base station receive the IMSI code to the phone after issuing a TMSI code, communication processes after the identification, authentication, connection
4. when the connection is complete, pseudo-base station through the own network will be able to use any phone number to send text messages to the user.
How to avoid?
It is regrettable that, in response to this situation has not been very practical solutions. As long as you are using a GSM-standard mobile phone, pseudo-base station would be difficult to avoid being attacked. To completely solve the GSM security issues, operators against the pseudo-base stations for GSM transmission and encryption is very difficult, time-consuming and laborious, encryption also does not break it.
Personally, as a pseudo-base station to avoid being attacked, the best solution is to abandon the use of GSM, use 3G or 4G. 3G and 4G systems are different from GSM one of which is that they are in mobile phones and base stations are two-way authentication, to avoid the "hurling my body onto as long as the signal is good" this from happening, 3G/4G users should also pay attention to avoid the traffic, instead of 2G, which also are vulnerable to attack.
In addition, the Android platform has a lot of mobile security App, able to intercept the false base station message, netizens can also be considered. (Zhang Ji)
No comments:
Post a Comment