Scared patients: mobile search diseases, private hospitals should seek-privacy, information security-IT information
On August 11, according to the newspaper reports, mobile phone search, there is a loophole, to disclose the user's private information. Sector exploited this vulnerability to make the promotion of private hospitals, patients in mobile browser when searching for disease information, personal information such as their phone numbers, weak signal will get by hospitals.
Reported after a patient in the hospital to see the doctor with his phone to check out the proceeds of their disease, only two hours after receiving the text messages and phone calls from a private hospital, the next day, but also from the private medical practitioners and patients in hospitals. And during querying diseases the patient has not left his cell phone on the Internet and micro-letters related to the faith, it was horrible.
According to security experts, the hospital gets patients phone information is from the "get the website user's phone number" gray technology. One possibility is that some models of security vulnerabilities, can get a phone number directly, but these are relatively old Android phones in the past; in addition is also possible using the operator's mobile query interface (vulnerabilities), to dynamically get the hand phone number.
For the latter vulnerability, since its services with the operator interface, you can say against them. As long as the business interface, vulnerability exists.
In response, safety experts remind:
First, only when the user traffic is taking the mobile phone network, which gets the number of ways to succeed. With WiFi or a PC, will not move. So when you search for this key information, those who fear phone number leaked, to deactivate the mobile phone network, use WiFi network, or use the PC-side query.
Second, this approach is not by viruses or Trojans to get the user's phone number, but because other sites into the query code to get more privacy. Private hospital (or other body with similar marketing needs), first doing promotion on search engines, statistics, coupled with the mobile phone service, you can get to browse their mobile phone number of the user of the page. Users search for health care, payment and other key information related to individuals, needs to be careful, clear promotional links with normal links, distinguish between normal hospital Web sites with bad reputation of private hospitals.
患者吓坏:
手机搜索疾病,民营医院竟能找上门 - 隐私,信息安全 - IT资讯
8月11日消息,据《第一财经日报》报道,目前手机搜索存在一种漏洞,能够泄露用户的隐私信息。有部门民营医院利用该漏洞做推广,患者在手机浏览器中搜索疾病信息时,其手机号、微信号等个人信息会被医院获取。
报道称,一名患者在医院看完医生后用自己的手机查阅了自己的所得的疾病,不料两个小时后收到了来自某民营医院的短信和电话,次日,更有来自该民营医院的医生主动加患者微信。而这名患者在查询疾病期间并未在网上留下自己的手机号和微信相关的信心,这令人感到恐怖。
据安全专家介绍,医院获取患者手机信息多是来自于“获取浏览网站用户手机号”的灰色技术。其一种可能是部分机型的安全漏洞,可以直接拿到手机号,不过以往这些都是比较老旧的安卓手机;此外还有一种可能是利用了运营商的一些手机查询接口(漏洞),来动态获取手户手机号的。
对于后一种漏洞,因为其与运营商的某些服务接口有关,可以说防不了。只要有这种业务接口,漏洞就存在。
对此,安全专家提醒:
第一,只有当用户的流量走的是手机网络时,这类获取号码的方式才会成功。用WiFi或PC,都不会中招。因此搜索此类关键信息时,若怕手机号泄漏,可停用手机网络,使用WiFi网络,或改用PC端查询。
第二,这种方式并不是通过病毒或木马来获取用户手机号,而是因为对方在网站植入了查询代码,以获取更多的隐私资料。民营医院(或其它有同类营销需求 的机构),先在搜索引擎上做推广,再配合这种手机号统计服务,可以获取到浏览了他们页面移动端用户的手机号。因此用户搜索医疗、支付等有关个人关键信息 时,需要小心谨慎,分清楚推广链接与普通链接,分清楚正规医院网站与口碑不好的民营医院。