Some shared power banks are implanted with "Trojan horse" programs that leak mobile phone privacy data

Some shared power banks have been implanted with "Trojan horse" programs to leak privacy

Be wary of the "trap" of sharing information security of power banks

　　● Some shared power banks may not only have hidden quality problems, they may also be implanted by criminals with "Trojan horse" programs, which may result in the disclosure of private data such as phonebooks, text messages and even photos and videos in the phone

　　● Some black industries use “trojan horses” and other malicious programs to control users’ terminal devices to steal data, then sell data to obtain illegal benefits, or directly use these data to carry out illegal and criminal acts, and a black industry chain has been formed

　　● Companies related to shared power banks must ensure product compliance and safety, strictly abide by the terms of the "Privacy Policy", etc., prevent illegal collection of user information, set up suspicious power bank reporting departments, and set up offline reporting points to deal with the reported Power bank for testing

　　□ Our reporter Han Dandong

　　□ Intern Yang Jie

　　In life, when the mobile phone is out of power when going out, a rentable shared charging treasure can be described as "emergency rescue".

In the past two years, with the changes in consumption, the shared power bank that was once called "pseudo-demand" now seems to be "just-needed."

However, shared power banks have recently fallen into a whirlpool of leaking personal privacy.

　　Recently, the WeChat official account of the Internet Security Bureau of the Ministry of Public Security pushed an article entitled "Beware of the Trap of Shared Power Banks Around You".

According to the article, some shared power banks may not only have hidden quality problems, but they may also be implanted with "Trojan horse" programs by criminals, resulting in the leakage of private data such as contacts, text messages, and even photos and videos in mobile phones.

These power banks mainly come from three places: one is the rentable mobile power bank in the shopping mall; the second is the fully charged power bank hawked in the train station; the third is the power bank that is sent for free by scanning the code.

　　Wu Qijun, director of the Civil Professional Committee of the Chongqing Lawyers Association and founding partner of Chongqing Zhongshi Law Firm, said that with the advancement of science and technology, the leakage of personal information, especially privacy, has been increasing, and the provisions of laws and regulations for specific social life are often related to new technologies. There is a certain time difference between.

Therefore, the legislature, judicial organs, and administrative organs are required to pay attention to scientific and technological developments, and to handle related issues flexibly, refer to legal principles to deal with them, and constantly improve legislation and regulatory measures; secondly, they require consumers to strengthen the use of new things Take precautions and confirm the safety before use; again, the supplier should take care to protect the privacy of consumers from being leaked.

Data privacy issues are prominent

Related companies urgently speak

　　According to the "Special Research Report on the Development of China's Shared Power Bank Industry in the First Half of 2020" released by iiMedia Consulting, China's shared power bank users will reach 229 million in 2020.

Consumers use shared power banks to cause personal privacy data leakage from time to time.

　　In the article "Be wary of sharing power bank traps around you" posted on the WeChat official account of the Ministry of Public Security, the police reminded: Do not buy and scan power banks from unknown sources at will. If necessary, please choose a regular product or scan a regular company’s Mobile power can be rented.

When the phone is connected to the charging power source, please be more vigilant when it prompts whether to "trust".

　　At present, my country's shared power bank industry has formed a monopoly pattern of "three powers and one beast"-street power, incoming calls, small power, and monster charging.

　　When the shared power bank fell into the vortex of leaking personal privacy, on December 8, 2020, Liu Bin, the head of public relations of Xiaodian, responded in WeChat Moments: "A power bank was specially cut, and the small power bank has only positive and negative lines. , Does not involve data transmission lines, and there will be no risk of Trojan horses and data leakage."

　　Subsequently, Xiaodian issued an official statement stating that the design of Xiaodian Sharing Power Bank paid full attention to the protection of user privacy data.

At the hardware level, the internal circuit of the small power bank does not contain a data transmission line, only the power line provides the charging function.

At the software level, Xiaodian always strictly abides by the terms of the "Privacy Policy", and uses multiple data protection technologies and management measures to prevent illegal collection of user information.

　　The staff of Monster Charging also said, “Our data cable has no data transmission capability and can only be used for charging.” “Users’ charging orders will enjoy privacy protection”, and emphasized that its power bank cannot query the data on the user’s mobile phone. , Unable to read the user's data.

Enterprise self-discipline to ensure compliance

Industry norms are introduced in due course

　　In the era of big data, how to ensure network security and data security has always been a common problem faced by all walks of life.

　　According to Liu Deliang, a professor at the Law School of Beijing Normal University, some black industries use malicious programs such as "trojan horses" to control users' terminal devices to steal data, including some data information in mobile phones, and then sell data to obtain illegal benefits, or directly use these data. The implementation of illegal and criminal acts has formed a black industrial chain.

　　It is worth noting that Han Yingwei, senior partner of Beijing Yingke Law Firm, pointed out that there are still lags in the supervision of regulatory authorities, the personal quality of some participants and users needs to be improved, national laws and regulations are not perfect, entry thresholds, and lack of entry mechanisms. And other issues.

　　Recently, the risk of privacy leakage exposed by the shared power bank industry has once again pushed the above problems to the forefront.

　　Han Yingwei suggested that companies related to shared power banks should ensure product compliance and safety, and always strictly abide by the terms of the "Privacy Policy", to prevent illegal collection of user information, set up suspicious power bank reporting departments, and set up offline reporting points. The reported power bank is tested.

Cultivate a corporate culture of absolute supremacy of user privacy within the company, and establish a regulatory compliance department to fully understand laws and regulations.

At the same time, the government should improve relevant systems, strengthen supervision and guidance of businesses, establish corresponding supervision departments, and strengthen the popularization and promotion of privacy protection.

　　Wu Qijun believes that from the perspective of technical protection, shared power bank companies can take more information security protection measures to protect users’ personal information. For example, the development of a shared power bank detection and maintenance mechanism may be unpacked/modified. Or the shared power bank implanted with malicious programs will be recycled and maintained in time.

From the perspective of corporate compliance operations, shared power bank operating companies should establish a personal information leakage relief plan mechanism.

If it is discovered that the stored user’s personal information is or may be leaked, damaged, or lost, remedial measures shall be taken immediately; if it causes or may cause serious consequences, it shall immediately report to the telecommunications management agency that grants the enterprise license or record, and actively cooperate with relevant The department conducts investigation and processing.

　　Wu Qijun suggested that, first, establish industry standards for shared power banks and set specific industry standards for shared power banks.

For example, setting a shared power bank should not have data transmission functions.

Secondly, the shared power bank industry can establish corresponding industry operation specifications.

For example, in the process of personal information collection/use, a complete user personal information protection mechanism is established, and the purpose, method and scope of the user’s personal information collection and use are clearly stated through user agreements or privacy protection policies, channels for inquiries and corrections, and rejections Consequences of providing information, etc., collect and use the user's personal information within the scope of authorization after the user's authorization is clearly obtained.

　　Wu Qijun also suggested that the government can establish the most basic conditions for business operations, including real-name registration and use, service contract content, use fees and deposit supervision, encourage users to purchase liability insurance and pay first in the event of accidents, clarify the content of operation and maintenance and practitioners Access requirements, restraint and handling of user violations of laws and regulations, complaint handling, user privacy protection, etc.

In addition, government departments can be coordinated to increase the enforcement of illegal use of power banks, promote the inclusion of illegal use, deliberate damage, destruction and unauthorized modification into the credit system, and promote the construction of a "soft" environment for the good use of power banks.

Users increase their awareness of prevention

Stop loss in case of infringement

　　Faced with the privacy leakage risks caused by some shared power banks, how should consumers identify and prevent them?

　　Han Yingwei gave three suggestions: First, pay attention to the false logos of the merchants, and do not use suspicious or fake or inferior products; second, check the safety signs of the power bank; third, when using the shared power bank, when you see "Do you trust this You need to be vigilant when you are prompted by the pop-up window of your computer or when you are prompted for trust.

Click "No" or "Reject", etc., and return the suspect power bank.

　　Wu Qijun also suggested: Before using shared power banks, consumers must carefully read the user agreement and privacy protection policy, and pay particular attention to the corresponding responsibilities and personal information collection and sharing terms to avoid subsequent disputes.

If users disagree with the terms of the user agreement or privacy policy of the corresponding company, they need to be careful to authorize personal information or use related products.

　　What if the privacy of consumers has been leaked?

　　In this regard, Wu Qijun mentioned that if consumers encounter a privacy leak when using a shared power bank, they should first clarify the possible ways of leakage. If it is determined that the personal information leaked while using the shared power bank, then effective measures should be taken in time to fix the evidence , Such as traces of mobile phone use, possible "trojan horses" and other programs, leaked personal privacy information, and leaked platforms.

Then immediately notify the relevant platform to request the deletion of personal information in order to reduce the adverse impact on individuals.

If loss of personal reputation, property, etc. is caused due to a privacy leak, the infringer may be required to pay compensation.

Finally, a lawsuit was filed in the People's Court in a timely manner, requesting the infringer to stop the infringement, apologize and compensate for the loss.

If the infringement is serious and constitutes a crime, it can also be reported to the public security organ.

　　Han Yingwei proposed that if consumers encounter privacy leaks when using shared power banks, they can defend their rights through the following channels: complaints and reports to the Internet management department, industry management department and related agencies; seek the help of the public security agency to reduce or recover the loss ; Make a claim against the illegal power bank company that violates privacy; protect your legal rights through legal means.

　　"In daily life, when consumers use shared power banks, if they are not aware of the related security issues, it is often difficult to find that their private data has been stolen when using certain shared power banks. Concealment, on the other hand, most consumers lack network security technology-related knowledge. Once their privacy is leaked, unless they encounter extortion, it is difficult to actively discover that their privacy has been leaked.” Liu Deliang said.

　　Therefore, Liu Deliang suggested that relevant government departments should come forward to conduct irregular safety inspections on companies that provide shared power banks. If problems are found, they should be held accountable immediately.