China steps up its mobile phone security

For software hackers, personal computers are passe. Mobile phones are the new destination for viruses, worms and other malware. Cybersecurity experts are not amused.

In fact, the China Internet Network Information Center has warned that the country needs to be constantly vigilant, given that the number of netizens rose by 1.1 percent from 2016 to 751 million at the end of June this year. Of them, 724 million, or 96.3 percent, are mobile phone users.

At a mobile safety summit forum in Beijing this year, Zhang Jian, deputy secretary-general of the Cybersecurity Association of China, said the massive number of users and the booming mobile internet mean smartphones present major cybersecurity issues.

Most smartphones double up as electronic wallets, thus becoming a leading target for hackers seeking payment transfer details, personal data and passwords, Zhang said.

China has already become a world leader in mobile payments. Transaction volumes for third-party payments rose nearly fivefold last year to 58.8 trillion yuan ($8.9 trillion; 7.6 trillion euros; ￡6.7 trillion), according to consultancy iResearch.

Shi Xiansheng, deputy secretary-general of the Internet Society of China, said payment traps are the top cybersecurity threat, affecting 88.3 percent of mobile internet users last year.

Next were privacy violations, at nearly 76 percent.

The third category included nuisance calls, unsolicited promotional or marketing calls and spam messages, with almost 63 percent.

Some users of net-banking facilities could lose money directly from their bank accounts if their mobile phones are compromised. Mining of information from smartphones and misuse of it is another threat.

A joint report released in July by Chinese internet giant Tencent Holdings and the Data Center of China Internet said that nearly 97 percent of Android apps had access to users' privacy. Around a quarter of them violate users' privacy, the report said.

And almost 70 percent of third-party iOS operating system apps have access to private information and personal features on iPhones.

Shi said download enthusiasts need to be wary of apps, particularly image-editing apps, as some may invade their e-privacy.

"Of course, people should also be wary of many other types of apps that seek more permissions than required, and go on to collect more information than they really need," Shi said.

Cyberattacks usually target open operating platforms such as Android, as smartphone manufacturers allow downloads and installation of third-party programs and apps.

A report published in May by the Internet Society of China and the National Computer Network Emergency Response Technical Team/Coordination Center of China said that more than 2 million malicious mobile internet programs were detected last year, 99.9 percent of which targeted Android devices.

Zhang, from the Cybersecurity Association of China, said: "Normal apps will be infected with viruses. And some apps themselves are developed as malware."

Gong Wei, chief security officer of Shanghai Lantern Network Technology, said that, compared with insecure Wi-Fi hotspots, bigger threats came from insecure knockoff apps.

"While hackers can easily obtain personal data over public Wi-Fi hot-spots, they can rarely access payment or money transfer details in the encrypted format over public Wi-Fi," Gong said.

"However, hackers can easily access all that data, including personal information and payment data, via insecure apps."

On June 27, China announced an emergency response plan for cybersecurity incidents to prevent and reduce the damage inflicted by them, protect public interest and safeguard national security.

The new plan divides cybersecurity incidents into six categories. Of these, three are key: pernicious procedural incidents, cyberattacks and information security incidents.

The plan also defines four levels of security warning and response systems, according to different threat conditions, from "general" to "extremely serious".

Zhang said that as mobile operating system vulnerabilities do exist and the critical ones will result in serious cyberattacks via remote access to the device, the government, enterprises and individual users should prepare better for potential security risks.

There is a need for a better mechanism to manage e-virus infections as well, he said.

Zhou Yiqing, chairwoman of handset maker Sunshine Group, said smartphone makers need to have a long-term plan to improve their devices to better defend users from potential risks.

Shi said, "When surfing the internet via smartphones, users should be careful to not leave too much personal information on online platforms.

"Users should also not download apps from insecure channels and should look through the user agreement to decide whether or not to give the permissions sought. Otherwise, hackers will be able to access personal data easily."

ouyangshijia@chinadaily.com.cn

(China Daily European Weekly 10/06/2017 page14)