Careful thinking is terrifying! Orange picosecond, fingerprint locked, Alipay can pay? Nowadays, with the development of smart phones, many people like to put many important personal information in the mobile phone. But it is really terrible that orange peel can unlock the phone.
Mobile phone manufacturers adopt new technology, so they have to put user information security in a higher priority, but they can't seem to have powerful functions, and the security index can't keep up with them, which turns out to be a security black hole.
According to CCTV, recently, an online article and video about "a piece of orange peel can open your fingerprint lock and transfer payment in seconds" attracted widespread attention. It said that for mobile phones that need fingerprint verification, anyone's fingerprint can be unlocked, even an orange peel, by using some simple processing methods. It is understood that the Ministry of industry and information technology, AQSIQ and other relevant departments have been involved in the investigation.
The reason for this is that a mobile phone user in Anhui found that everyone can unlock their mobile phone by fingerprint. Technicians pointed out that the key reason was that after the phone fell, a new pattern was formed on the fingerprint touch key, which was mistakenly considered as part of the main fingerprint of the phone, so that anyone else could unlock it through the fingerprint.
In fact, any perfect mobile phone, as long as it can form a specific pattern on the key of the mobile phone, and let the mobile phone mistakenly regard the pattern as the fingerprint of the owner, then anything can achieve the purpose of unlocking the mobile phone.
This does not necessarily mean that all fingerprint identification is unreliable, but also involves the quality of fingerprint identification technology.
Like Apple's fingerprint, it's usually safer than Android's. Because Android phone manufacturers use the chip level security solution TrustZone in fingerprint protection. In the process of identification, the matching process of fingerprint image needs to be realized by software, which provides hackers with the access to crack. Apple uses the independently designed secure enclave module. When processing security information, the module will start the sequence code and software update mechanism, which is specially responsible for data protection and encryption. This greatly reduces the possibility of being stolen by hackers.
But it has to be said that 'orange peel second opens fingerprint lock', which should also trigger the focus and Thinking on user information security. For example, the mobile phones of the users involved in the news may also be related to the business level of the software system supplier: that is, the manufacturer adopts a lower level security scheme for cost considerations.
This is also the problem of many smart phones. At present, when some mobile phone manufacturers adopt a certain technology, they often pay less attention to the security, more considering the market acceptance and marketing methods.
Now there are many so-called smart devices in the market. It's very good to listen to the advertising words. But what's the security problem behind it? Many users don't understand it or it's very difficult to master it.
Take face recognition as an example. Before the introduction of faceid face recognition technology, many so-called face recognition on the market was actually just plane recognition. Simple, low cost, and enough imagination space for users in sales are the main reasons for manufacturers to use. But there's a big risk: a photo might unlock the phone.
In addition, the R & D and innovation of these security technologies need to consume huge human, financial and material resources, including the control ability of developers. This is also a lot of small business manufacturers do not have. Once a certain technology is welcomed by users and has to be done for the purpose of following the trend, the measures that can be taken are naturally low-cost but lack of security.
Based on cost considerations, it's OK, but in any case, to put user information security in a higher priority position, rather than using the so-called new technology, the security index can't keep up, and the result is a security black hole. Especially in the face of the fact that hacker technology emerges one after another and is constantly renovated, the security defense means of enterprises also need constant innovation. Only put the safety of technology and product first, can we win users and hearts.