Wired
(Photo/freestocks)
Has your mobile phone’s built-in software passed the information security test? The NCC National Communication and Communication Committee announced today (6/8) that from the second half of 20110 to the first quarter of 2011, it will target 10 different manufacturers with high sales volume in the first and second quarters of 20110 in the telecommunications industry and have not obtained information security certification. Brand smartphones, plus 5 mainland Chinese brand mobile phones, conduct information security testing of built-in software in mobile phone systems. After completing the initial test, retest and improvement procedures, all 15 mobile phones passed the test.
The mobile phone brands in this sample test cover countries, including Taiwan, the United States, South Korea, Japan and China. Among the 15 mobile phones that passed the NCC test, only the Apple iPhone 12 passed the initial test, and the other 14 mobile phones passed the retest after the active cooperation of the mobile phone manufacturer, including: ASUS ZENFONE 7, HTC DESIRE 20+, Samsung GALAXY A42 , SONY XPERIA 5 II, OPPO A72, OPPO RENO 5, REALME X50, REALME C3, SUGAR T30 64/3G DUAL LTE, VIVO Y20, VIVO Y50, REDMI Note 9T, REDMI NOTE 9 PRO and Xiaomi MI 10 LITE 5G.
NCC said that in view of the increasing threat of mobile phone information security, this random test focuses more on the personal information protection and encryption mechanisms that application software and communication protocols should have.
From the “Information Security Testing Specification for Smartphone System Built-in Software” announced by the Taiwan Information Technology Industry Standards Association (TAICS) in 110 years, the selection of 10 testing items corresponding to information security includes: Accounts, passcodes or keys are stored in the protected area of the operating system or stored in encrypted form”, “The built-in software should avoid re-send attacks of the chat ID”, “The transmission with the payment function server should use secure encryption. Algorithms”, “Do not store sensitive data in system log files during execution”, “Users’ consent should be obtained before accessing sensitive data”, etc.
NCC emphasized that the information security testing of built-in software in mobile phones is handled in accordance with the resolution of the 26th meeting of the National Information Security Council of the Executive Yuan on June 24, 103. The above-mentioned mobile phones that have passed the information security testing represent the built-in software in their systems. The version meets the requirements of the test item at the moment of testing.
In particular, it should be reminded that considering that information security incidents are emerging in an endless stream and hacker attack methods are changing with each passing day, NCC said that the mobile phone that passes the test cannot guarantee the security of future mobile phones. When there is an updated version of the built-in software of the mobile phone, the mobile phone manufacturer should re-test and verify the updated part in order to maintain the passed information security level. Phone makers should still patch in time.
No need to draw, no need to grab, now use the APP to watch the news to ensure that you win the prize every day, I download the APP and press me to watch the event method