Has my cell phone been probed?

Let’s review last night’s CCTV 3.15 Gala: a small box, a shopping mall, and over 100 million user data in a year.

This is the "probe": the MAC address of the mobile phone is broadcasted, and the user's mobile phone number is collected and compared with the database, and finally the user portrait is obtained by integrating the big data.

When a mobile phone turns on WLAN, it will actively broadcast its MAC address, thereby contacting and exchanging identities with the routers behind each SSID. However, the "probe" can collect these MAC addresses and obtain some additional data, such as the model of the mobile phone in some cases (more often leaked by Apps) and the approximate location from the collection device. Its main purpose is actually positioning.

After collecting the MAC addresses, the next step is to compare them. We purchased a corresponding database of mobile phone numbers, IMEIs, and MAC addresses from various App developers (the user gave it permission, and the first two can actually be replaced through many channels without authorization).

Then it knows your mobile phone number and compares it with the user database (in fact, for simple sales promotion, you can just let the machine make the call), and a rough portrait of the customer will emerge.

Is it scary?

CCTV has exaggerated this aspect, but it does not mean that the harm is less or that you can prevent it.

Is there any way to protect against this with mobile phones?

Of course there is.

Starting with Android O (P), Google added the option of "randomly selecting MAC address when connecting" in the developer options, which can avoid some dangers, but unfortunately, except for native and quasi-native UI, most manufacturers I have seen have castrated it. EMUI 8 and MIUI 9 in CCTV's live broadcast are examples of being affected.

Of course you still have to enable it (assuming you have this feature first)!

Starting from Android Q Beta, Google provides an option to select a random MAC when connecting in the separate settings of WLAN, which also needs to be enabled manually.

On the iOS side, the situation has not improved much, but it is not much better than it was five years ago.

Starting from iOS 8, Apple provided a random MAC address feature, but its triggering conditions were extremely harsh. You had to lock the screen, turn off location services, and turn off mobile data before you could use the random MAC feature. It also required the latest two generations of iPhones at the time to use this feature.

Fortunately, Apple made a small modification four years ago. Starting with iOS 9, this feature began to be gradually completed. First, it supported the full-time random MAC address when WLAN was idle, and then supported all iPhones and iPads after iPhone 5.

Starting with iOS 10, all devices have random MAC addresses all the time, regardless of whether they are connected or not. Subsequent iOS versions have made some improvements.

On this issue, we once again see Apple's foresight in user privacy. Apple also automatically generates random identification codes such as IMEI to prevent the use of IMEI for tracking.

Then the solution is simple:

• Use a machine with native Android system, and it must be O or Q Beta, and the developer settings need to have the option of random MAC address (Sony and Nokia do not have it)

• Or use iPhone 5 or above, iOS 10 or above to completely eliminate hidden dangers. Of course, higher iOS versions have more anti-tracking features, such as random IMEI and other identification codes, and the function of prohibiting web pages from reading almost all user data.

• Because iOS does not allow apps to read identification codes such as IMEI and phone numbers, it is even more difficult to obtain user privacy.

• Most domestic mobile phone users have to wait for updates. After looking around, I found that EMUI, Flyme and MIUI have all been castrated, and this is different from a fake base station!

• The only domestic UIs known to have the "randomly select MAC address when connecting" function are some beta versions of OnePlus H2OS, very few versions of vivo deployed with Android P, and very few development versions of MIUI 10 with Android P as the kernel.

• The late Windows 10 Mobile would have had a similar feature, but unfortunately it couldn't be enabled while connected.

Why did I still win when using an iPhone?

Because it is inevitable to leak personal privacy, no one can stop it. Next time, please read the privacy terms. Of course, if you have used an Android phone before and your data has been collected, you can only change your phone number.

Of course, it is most important to ensure that the Wi-Fi you are connected to is secure. Also, your home router is not a security risk! Don't be paranoid!

Source: Programmer's Life. If copyright is involved, please contact us to delete it.

Focus on industry hot spots and understand the latest frontiers

Please pay attention to EEWorld electronic headlines

https://www.eeworld.com.cn/mp/wap

Copy this link to your browser or long press the QR code below to browse

The following WeChat public accounts belong to

EEWorld (www.eeworld.com.cn)

Welcome to long press the QR code to follow us!

EEWorld Subscription Account: Electronic Engineering World

EEWorld Service Account: Electronic Engineering World Welfare Club