Millet mobile phone plaintext transmission of privacy disclosure risk

Abstract: Recently, Taiwan media reported that some of the millet mobile phone without user consent to upload user data, there is the risk of revealing personal privacy. Millet official August 10 to this apology, and said that the upgrade package was released on August 10, to solve the problem. Reporter yesterday learned

Recently, Taiwan media reported that some of the millet mobile phone without user consent to upload user data, there is the risk of revealing personal privacy. Millet official August 10 to this apology, and said that the upgrade package was released on August 10, to solve the problem. Reporters yesterday learned that some mainland users also need to upgrade repair.

PlainText Delivery Privacy Disclosure risk

According to Taiwan media reported that the F test report that the Millet mobile phone number, IMSI (International Mobile User Identification Code), IMEI (International Mobile Device Identification code) and other user information returned to the Millet server. Test report pointed out that the user phone number and other information is not encrypted, but the use of plaintext transmission.

Forbes Chinese network reported that the hidden danger is that, because of the use of plaintext sent, generally with a considerable number of computer network management personnel, the use of network monitoring tools can be in the same network environment to obtain real phone numbers, do not need to be cracked.

Millet Company explained that the Taiwan media reported "personal privacy disclosure" incident, involving a "network message" service.

It is understood that millet mobile phone in the boot, will automatically activate the "Network SMS" (similar to imessage) services. When the user edits a text message or view a contact information, the hand opportunity through "the Network Short message" Server detects the contact person's online status, and return the mobile phone number, IMSI, IMEI, etc., is used to detect the mobile phone online status.

"The recipient's phone number is used only to identify the user's online status in order to determine how the message is sent." Personal data, such as any user's phone number and address book, are not stored in the SMS server. "Millet said.

Some mainland users need to upgrade and repair

Global vice President Hugo Barra on Google + said that in order to give users more freedom of choice, millet on August 10 to provide OTA system update, turn off the millet "network SMS" automatic activation function.

Millet related responsible to the Beijing News reporter said, "Some users in the mainland affected, millet has been sent OTA upgrade package, users can upgrade repair." ”

It is reported that, after the update, the default turn off the network SMS function, no longer upload data. Users want to use the need to open themselves. August 10 released the upgrade package, at the same time added to the implementation of "Network SMS" to identify the user's phone number encryption function, no longer plaintext upload.

Earlier, foreign media reported that the company's Red meter note mobile phone will be users of photos and text messages secretly sent to the server in Beijing. Millet officials denied the said. Millet in Facebook responded that the data were transmitted without the user's privacy, mainly through the provision of public data access to Internet services.