Zhou Hongyi unveils the phenomenon of “eavesdropping” on mobile phones

“It is an open secret of the industry that mobile applications will secretly open the recording function to steal user information. However, the interests involved are too wide to be discussed in detail.” A network security practitioner declined to be interviewed because of the relevance of interests. < p > < p > on August 15, Zhou Hongyi, chairman and CEO of 360 group, said in an interview program on the topic of personal privacy leakage that we should pay attention to whether the way Internet manufacturers collect and use user data is proper. Zhou Hongyi said that some mobile phone software will turn on the user’s camera or microphone to record secretly, looking for keywords to match users’ interests and hobbies tomorrow. He said he had been in a similar situation, but did not refer to his name. < p > < p > Zhou Hongyi thinks that the mobile phone software can actually record the user’s voice, but it needs to be informed in advance that the microphone should not be turned on quietly. He argued that mobile phone software should really let users have the right to know and choose when collecting user data. However, Zhou Hongyi also pointed out that it is difficult to clearly define personal data and personal privacy. Nowadays, it has become an objective fact that we want to exchange Internet services and give personal data to manufacturers. To meet the requirements of manufacturers – treat user data kindly. “If handled well, the privacy of users will be protected, and everyone will be happy. The data of ordinary people will be hosted on the servers of manufacturers, and people will also be able to get various free Internet services, and their data will not be disclosed.” Therefore, Zhou Hongyi suggested that in the process of using Internet services, the ownership of data provided by users to Internet companies should be clearly defined as belonging to users. The data is only temporarily entrusted to the manufacturer and stored in the manufacturer’s server and database. When consumers no longer use the service, the Internet manufacturer should delete the user data, and the manufacturer has no right to resell the data. “If manufacturers think that this data is collected by me, owned by me and what I want to do, it is very difficult to protect the rights and interests of consumers.” Wei Chao, President of AI Encryption Research Institute, told reporters from China first finance and economics that the act of secretly opening the recording for data collection is itself “eavesdropping” and illegal, but it needs evidence to prove it. In addition, it is illegal to use “eavesdropping” data or unauthorized data to conduct profit-making activities. < / P > < p > “just now I was chatting with my friends that I wanted to drink a certain brand of milk tea and turned to open a takeaway app. The first column of food recommendation is this brand, which is very strange.” A user surnamed sun shared a past “coincidence” case to the first financial reporter. According to Wei Chao, user protection relies on the privacy protection technology of mobile phone manufacturers, the privacy protection requirements of regulatory authorities, the online detection of APP download and circulation market channels, and the traceability after the event. In Wei Chao’s opinion, on one hand, the reason lies in the logical barrier in the qualitative nature of the theft behavior — app states that the business needs recording function, but it is difficult to determine whether the data collected by the recording function is only necessary for business. “Only through the occurrence of property loss events, retrospective accountability.” < / P > < p > fortunately, efforts to secure consumer mobile data have been ongoing. Prior to this, Ren Kui, President of the school of Cyberspace Security of Zhejiang University, led a team to study and discover “accelerometer eavesdropping”, which is a new “side channel” intelligent attack method based on deep learning of acceleration sensor signals. In short, the mobile phone application uses the built-in acceleration sensor to collect the vibration signal of the voice emitted by the mobile phone speaker, so as to realize the eavesdropping on the user’s voice. < p > < p > based on the findings of this study, Ren Kui suggested that mobile phone manufacturers should improve the authority level of accelerometer to avoid various applications collecting accelerometer data unnecessarily; limit the sampling frequency of accelerometer; or filter out the high-frequency part of acceleration sensor signal containing the most voice information in advance through the system built-in filter. < p > < p > in addition, in order to avoid similar loopholes in the future, Ren Kui suggests that mobile phone manufacturers reassess the security and sensitivity of each sensor, and modify the use rights of Android operating system for mobile app to call various sensor data. For example, independent and controllable operating systems such as Hongmeng OS can be considered from the system level to eliminate future side channel attack paths.