According to the Guangzhou Daily News,The scammer automatically searches for nearby mobile phone numbers through special equipment, intercepts SMS messages sent by operators and banks, and hijacks objects mainly for 2G signals (GSM signals), stealing SMS messages and then logging in.website, from the collision machine owner identity information, called "collision library" (ie multipledatabaseCollision between the two, trying to match the identity information of the owner, including ID card, bank card number, mobile phone number, verification code and other information, and then open the account in some niche convenient payment platform and bind the bank card, pretending to be the victim Consumption or cash, stealing funds from the bank card.
It is reported that,Most of the gangs chose to commit crimes in the early morning, so they did not need to contact the victim directly. Therefore, most of the victims could not detect the stolen funds in time..
This type of attack mainly utilizes the security flaws of SMS authentication code in user authentication.This defect is caused by the GSM design, and the coverage of the GSM network is wide, so the repair is difficult and the cost is high, and it is basically unpreventable for ordinary users.
However, the Jiangning police also pointed out that everyone does not have to worry too much. The issue of the GSM protocol has long been concerned, and the current system upgrades in this area are also in progress. The verification code SMS is mainly caused by the high risk of leaking due to the fact that it is in plain text.
More importantly, at present, most payment classes, bank-like apps, in addition to SMS verification codes, often have multiple verification mechanisms such as image verification, voice verification, face verification, fingerprint verification, etc. If the verification code is leaked alone, the problem is It is not big.
The vast majority of users in the middle of the move because they also revealed other important identity information such as the ID number.Therefore, the overall crime success rate is not high. GSM hijacking can't prevent, other information leaks can still be prevented.
At the same time, it is called on all major operators and communication management departments to take effective technical measures as soon as possible to solve this problem as soon as possible. Some banking and financial apps with imperfect security mechanisms may consider other two-way authentication aids to improve security and efficiency.
Jiangning police also said thatSome media give a strategy to turn off the night or turn on the airplane mode, but in fact it doesn’t mean much.Because some mobile phones may be hijacked, they are no longer able to receive text messages. The more obvious attack features, in addition to accepting text messages, may also switch between 4g and 2g. And once you turn off your phone at night or turn on the flight mode, it may also lead to other fraud risks or friends and relatives can not contact you during important events. So the safer way is to turn off the mobile phone's mobile signal, only use Wi-Fi in your home or office, so that you can keep in touch with everyone's network, and can also slightly improve the difficulty of being sniffed.