{"title":"Research on privacy leakage of celebrity's ID card number based on real‐name authentication","authors":"H. Yue, Zebin Song, Mengli Zhao, Lijia Yang","doi":"10.1002/spy2.442","DOIUrl":null,"url":null,"abstract":"The Internet real‐name system is widely implemented among Chinese Internet users, and many commonly used apps in China exist the functions of real‐name authentication. However, our study found that many apps do not have effective restrictions on user's operations of real‐name authentication, resulting in users being able to frequently perform unsuccessful real‐name authentication attempts. This vulnerability can help an attacker crack celebrity's ID card number by enumeration attacks, and a feasible cracking method was proposed in this paper. First, the information of birth date, birth place, and life experiences of a celebrity is collected from the platforms that display celebrities' personal information (e.g., Wikipedia, Baidu Baike, etc.). In this process, an information extraction method is used to infer permanent residences from life experiences. Then, the possible ID card numbers of a celebrity can be constructed by using the information of birth date, birth place, and permanent residences. Finally, these possible ID card numbers will be verified by sending requests to platforms that have vulnerabilities in the function of user real‐name authentication, until the real ID card number of a celebrity being cracked. This paper conducted cracking experiments on two groups of celebrities. The first group of celebrities is collected from the news events of privacy leakage that were publicly available online, and the second group of celebrities is randomly selected from two encyclopedia platforms. The experimental results showed that the success rate of cracking the ID card numbers of celebrities is 53.9%, which verified the effectiveness of the proposed cracking method. Besides, this paper proposed some security precaution suggestions to solve this security problem, and the implementation, feasibility, potential impact, expected effectiveness of these measures were also analyzed. To our knowledge, our paper is the first to point out the issue of privacy leakage of celebrity's ID card number caused by apps' real‐name authentication functions in China. We believe that our research will attract widespread attention from society regarding celebrity's privacy information protection.","PeriodicalId":1,"journal":{"name":"Accounts of Chemical Research","volume":"121 38","pages":""},"PeriodicalIF":17.7000,"publicationDate":"2024-07-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Accounts of Chemical Research","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1002/spy2.442","RegionNum":1,"RegionCategory":"化学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"CHEMISTRY, MULTIDISCIPLINARY","Score":null,"Total":0}
引用次数: 0
Abstract
The Internet real‐name system is widely implemented among Chinese Internet users, and many commonly used apps in China exist the functions of real‐name authentication. However, our study found that many apps do not have effective restrictions on user's operations of real‐name authentication, resulting in users being able to frequently perform unsuccessful real‐name authentication attempts. This vulnerability can help an attacker crack celebrity's ID card number by enumeration attacks, and a feasible cracking method was proposed in this paper. First, the information of birth date, birth place, and life experiences of a celebrity is collected from the platforms that display celebrities' personal information (e.g., Wikipedia, Baidu Baike, etc.). In this process, an information extraction method is used to infer permanent residences from life experiences. Then, the possible ID card numbers of a celebrity can be constructed by using the information of birth date, birth place, and permanent residences. Finally, these possible ID card numbers will be verified by sending requests to platforms that have vulnerabilities in the function of user real‐name authentication, until the real ID card number of a celebrity being cracked. This paper conducted cracking experiments on two groups of celebrities. The first group of celebrities is collected from the news events of privacy leakage that were publicly available online, and the second group of celebrities is randomly selected from two encyclopedia platforms. The experimental results showed that the success rate of cracking the ID card numbers of celebrities is 53.9%, which verified the effectiveness of the proposed cracking method. Besides, this paper proposed some security precaution suggestions to solve this security problem, and the implementation, feasibility, potential impact, expected effectiveness of these measures were also analyzed. To our knowledge, our paper is the first to point out the issue of privacy leakage of celebrity's ID card number caused by apps' real‐name authentication functions in China. We believe that our research will attract widespread attention from society regarding celebrity's privacy information protection.
期刊介绍:
Accounts of Chemical Research presents short, concise and critical articles offering easy-to-read overviews of basic research and applications in all areas of chemistry and biochemistry. These short reviews focus on research from the author’s own laboratory and are designed to teach the reader about a research project. In addition, Accounts of Chemical Research publishes commentaries that give an informed opinion on a current research problem. Special Issues online are devoted to a single topic of unusual activity and significance.
Accounts of Chemical Research replaces the traditional article abstract with an article "Conspectus." These entries synopsize the research affording the reader a closer look at the content and significance of an article. Through this provision of a more detailed description of the article contents, the Conspectus enhances the article's discoverability by search engines and the exposure for the research.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
