CN114021153A - Method and device for triggering safety warning by detecting terminal safety risk and terminal - Google Patents

Method and device for triggering safety warning by detecting terminal safety risk and terminal Download PDF

Info

Publication number
CN114021153A
CN114021153A CN202111386952.8A CN202111386952A CN114021153A CN 114021153 A CN114021153 A CN 114021153A CN 202111386952 A CN202111386952 A CN 202111386952A CN 114021153 A CN114021153 A CN 114021153A
Authority
CN
China
Prior art keywords
terminal
security
connection state
point
detecting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111386952.8A
Other languages
Chinese (zh)
Inventor
张子敬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Ontim Technology Co Ltd
Original Assignee
Beijing Ontim Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ontim Technology Co Ltd filed Critical Beijing Ontim Technology Co Ltd
Priority to CN202111386952.8A priority Critical patent/CN114021153A/en
Publication of CN114021153A publication Critical patent/CN114021153A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0639Performance analysis of employees; Performance analysis of enterprise or organisation operations
    • G06Q10/06393Score-carding, benchmarking or key performance indicator [KPI] analysis

Abstract

The invention relates to a method, a device and a terminal for triggering safety warning by detecting the safety risk of the terminal, wherein the method comprises the following steps: acquiring the connection state of a rear cover attaching device of the terminal; when the rear cover attaching device is in an unconnected state, acquiring the connection state of a hardware debugging point of the terminal; and if the hardware debugging point is in a connection state, recording the operation data of the hardware debugging point in the connection state. According to the invention, the safety risk state of the terminal is determined through the connection state of the rear cover attaching device and the connection state of the hardware debugging point, if the rear cover attaching device is in an unconnected state and the hardware debugging point is in a connection state, the terminal can be determined to be in the risk state, and the operation data of the hardware debugging point in the connection state is recorded. According to the scheme, the risk state of the terminal is monitored through the real-time monitoring hardware debugging point, the operation data in the risk state is recorded, and the safety risk warning function is added.

Description

Method and device for triggering safety warning by detecting terminal safety risk and terminal
Technical Field
The invention relates to the technical field of communication, in particular to a method, a device and a terminal for triggering safety warning by detecting the safety risk of the terminal.
Background
Mobile terminals have entered the 5G era, innovations to terminals are constantly being explored, and are also constantly being updated and iterated, and with the development of technologies, the requirements for service security of terminals are also becoming higher and higher, so people are constantly trying to explore service security in the aspects of service access, attack protection, data security, warning and reminding and the like.
In the development process of the terminal, a terminal PCB board usually has hardware debug points (URAT debug point, JTAG debug point, forced download point, etc.) for debugging, measuring, etc. functions of the terminal. Just the function debugging point of the hardware is often utilized by a malicious user to carry out malicious attack and analysis, and bugs of the software and the hardware of the terminal can be found, so that the security of the terminal is in danger. And when the terminal breaks down and is maintained, the rear cover can be detached, the debugging points are completely exposed, for example, the mobile phone is attacked or a malicious program is implanted, whether the mobile phone is attacked or not can not be known after the mobile phone returns to the hand of the user after maintenance, and when a malicious event occurs in a certain day, the user does not know when the mobile phone is in a safety risk.
The existing two-layer glass substrate with the electrochromic rear cover still used in the mobile phone terminal is characterized in that the electrochromic film is arranged in the middle of the glass substrate, the risk that the rear cover of the glass is broken when falling is increased, the possibility that the terminal is cracked and attacked exists when the terminal is sent to a maintenance point to be dismantled for maintenance, and the safety risk of the terminal is increased. The hardware debugging point of the terminal hardware PCB board can be covered and shielded in a mode of painting a paint coating before leaving a factory, but the debugging point is usually easy to identify, the debugging point can be connected to debug or attack by scraping the coating, and the security risk is extremely high.
Disclosure of Invention
Based on the method, the device and the terminal, the safety warning is triggered by detecting the safety risk of the terminal, and the safety state is monitored by detecting the hardware debugging point of the terminal. The method has the advantages that the service safety warning function is added, meanwhile, a powerful way is provided for protecting the safety of the mobile phone terminal by a terminal manufacturer, and the user experience is improved.
According to a first aspect of some embodiments of the present application, there is provided a method of detecting a terminal security risk to trigger a security alert, the method comprising the steps of:
acquiring the connection state of a rear cover attaching device of the terminal;
when the rear cover attaching device is in an unconnected state, acquiring the connection state of a hardware debugging point of the terminal;
and if the hardware debugging point is in a connection state, recording the operation data of the hardware debugging point in the connection state.
Further, if the hardware debug point is in a connected state, the method further includes:
and performing safety evaluation on the operation of the hardware debugging point in the connection state, acquiring the geographic position and time point information of the operation, and storing the operation data.
Further, after performing security evaluation on the operation of the hardware debugging point in the connection state, the method further includes the following steps: determining a safety warning grade according to a safety evaluation result; and when the rear cover attaching device is detected to be in a connection state, reminding the safety warning level.
Further, the terminal includes an electrochromic film, the alerting the safety alert level includes:
and controlling the electrochromic film to display the color corresponding to the safety warning grade.
Further, the method also comprises the following steps: and when the rear cover attaching device is detected to be in a connection state, sending the stored operation record to a cloud server for safety evaluation analysis and vulnerability remediation.
Further, the method also comprises the following steps: and after detecting that the cloud server evaluates the terminal security or remedies the leak, reevaluating the security level or eliminating the security level, and controlling the electrochromic film to change or eliminate the color corresponding to the security warning level.
Further, the back cover attachment device includes at least one of: NFC antenna, fingerprint module, electrochromic membrane.
Further, the hardware debug point comprises at least one of: URAT debug point, JTAG debug point, force download point.
According to a second aspect of some embodiments of the present application, there is provided an apparatus for detecting a terminal security risk to trigger a security alert, comprising:
the first connection state acquisition module is used for acquiring the connection state of a rear cover attaching device of the terminal;
the second connection state acquisition module is used for acquiring the connection state of the hardware debugging point of the terminal when the rear cover attaching device is in an unconnected state;
and the operation data recording module is used for recording the operation data of the hardware debugging point in the connection state if the hardware debugging point is in the connection state.
According to a third aspect of some embodiments of the present application, there is provided a terminal comprising: at least one memory and at least one processor;
the memory for storing one or more programs;
when executed by the at least one processor, cause the at least one processor to implement the steps of a method of detecting a security risk of a terminal to trigger a security alert as described in the first aspect of some embodiments of the present application.
According to the method, the device and the terminal for detecting the terminal safety risk to trigger the safety warning, firstly, the connection states of the rear cover attaching device and the hardware debugging point are respectively obtained, whether the terminal is in the risk state or not is determined according to the two connection states, if the rear cover attaching device is in the unconnected state and the hardware debugging point is in the connection state, the terminal can be determined to be in the risk state, and the operation data of the hardware debugging point in the connection state are recorded. According to the scheme, the risk state of the terminal is monitored through the real-time monitoring of the hardware debugging point, the operation data in the risk state are recorded, and a basis can be provided for further judgment of the risk.
Secondly, after the operation data are recorded, the operation data are subjected to safety evaluation and are correspondingly preset with a safety warning color and an electrochromic film, and the safety warning color corresponding to the safety evaluation result is displayed through the electrochromic film. Through the scheme, a user can be warned that the terminal has a safety risk, and the risk is indicated through different colors of the electrochromic film.
Finally, this application is still through uploading the data action when will debugging the point connection state of hardware to the high in the clouds server for the high in the clouds server assesses the risk at terminal, and remedy to the security leak that probably exists, carries out the security evaluation through aiming at this risk again after remedying, thereby controls the electrochromic membrane and adjusts or eliminates the colour of electrochromic membrane according to the latest evaluation result. The scheme can provide a powerful way for terminal manufacturers to protect the security of the mobile phone terminal while increasing the service security warning function, so that the terminal security risk judgment is more accurate.
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Drawings
Fig. 1 is a schematic diagram of an application scenario of a method for detecting a security risk of a terminal to trigger a security alert according to the present invention;
FIG. 2 is a schematic diagram illustrating steps of a method for detecting a security risk of a terminal to trigger a security alert according to the present invention;
fig. 3 is a schematic block diagram of a system for detecting a security risk of a terminal to trigger a security alert according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
It should be understood that the embodiments described are only some embodiments of the present application, and not all embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments in the present application without any creative effort belong to the protection scope of the embodiments in the present application.
The terminology used in the embodiments of the present application is for the purpose of describing particular embodiments only and is not intended to be limiting of the embodiments of the present application. As used in the examples of this application and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the application, as detailed in the appended claims. In the description of the present application, it is to be understood that the terms "first," "second," "third," and the like are used solely to distinguish one from another similar human body, and are not necessarily used to describe a particular order or sequence, nor are they to be construed as indicating or implying relative importance. The specific meaning of the above terms in the present application can be understood by those of ordinary skill in the art as appropriate.
Further, in the description of the present application, "a plurality" means two or more unless otherwise specified. "and/or" describes an associative relationship with a human body, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the context of the associated human is an "or" relationship.
To solve the technical problem in the background art, an embodiment of the present application provides a method for detecting a security risk of a terminal to trigger a security alert, where the method is applied to a terminal, as shown in fig. 1, in an example, the terminal 100 is a smart phone. The terminal 100 has a processor 101, a back cover attachment device 102 and a hardware debug point 103, and optionally an electrochromic film 104.
In other examples, the terminal may also be other mobile terminals (e.g., tablet computers), wearable devices (e.g., smart watches, sports bracelets, smart glasses), smart car-mounted devices, etc. having 4G or 5G communication capabilities.
The processor 101 serves as a central processing unit of the terminal 100 and is configured to be connected to the rear cover attaching device 102, the hardware debugging point 103 and the electrochromic film 104, and the processor 101 is configured to obtain connection signals of the rear cover attaching device 102 and the hardware debugging point 103 and apply different voltages to the electrochromic film 104. In other examples, the processor 101 may also be a processing chip specifically configured to perform the method steps of the embodiments of the present application.
The existing hardware debugging point of the mobile phone terminal hardware PCB board is covered and shielded by a paint coating painting mode before leaving a factory, but the debugging point is usually easy to identify, the debugging point can be connected to debug or attack by scraping the coating, and the security risk is extremely high.
To solve the above problems. Referring to fig. 2, in an embodiment, fig. 2 is a schematic diagram illustrating steps of a method for detecting a security risk of a terminal to trigger a security alert according to the present invention, where the method may be executed by the processor 102 in fig. 1.
In step S201, a connection state of a rear cover attachment device of the terminal is acquired.
The rear cover attaching device refers to a device attached to the rear cover of the terminal, and optionally, the rear cover attaching device includes at least one of the following components: NFC antenna, fingerprint module, electrochromic membrane etc.. The NFC antenna, namely the NFC technology, is a short-distance and high-frequency radio technology, can perform identification and data exchange with compatible equipment in a short distance, and is mainly integrated with NFC in the mobile terminal to realize corresponding functions; the fingerprint module is used for supporting fingerprint identification equipment to acquire a fingerprint image of a user through the fingerprint module; the electrochromic film is a material with electrochromic performance, generates a stable and reversible color change phenomenon under the action of an external electric field, shows reversible changes of color and transparency in appearance, is applied to a shell of a terminal, and can be specifically a rear cover of the terminal and the like, so that a user can directly observe the color change position.
The connection state of the rear cover attaching device is used for representing a processor of the terminal which is accessed or not accessed by the rear cover attaching device. For example, when the rear cover attachment device is an electrochromic film, when the processor has signal transmission with the electrochromic film, it indicates that the electrochromic film is in a connected state with the processor; when the processor and the electrochromic film have no signal transmission, the electrochromic film and the processor are in an unconnected state. If the rear cover attaching device is in a connection state, it indicates that the rear cover is not opened and the terminal is not in a safety risk state; if the rear cover attaching device is in an unconnected state, it indicates that the rear cover of the terminal is opened, and the hardware debugging point has an exposed risk. The attached device of lid is like the same reason behind NFC antenna, fingerprint module etc.
The connection state of the rear cover attaching device is obtained through signal transmission of the rear cover attaching device and the terminal processor in real-time detection, so that whether the rear cover of the terminal is checked and whether a hardware debugging point is exposed is determined.
In step S202, when the rear cover attachment device is in an unconnected state, a connection state of the hardware debug point of the terminal is acquired.
The hardware debug point refers to a debug point exposed on the hardware PCB, and optionally, the hardware debug point includes at least one of the following: JTAG debug point, URAT debug point, force download point. The JTAG technique is an embedded debug technique, and is mainly used for internal test of a chip, in which a special test circuit TAP (test access port) is packaged inside the chip, and internal nodes are tested by arranging JTAG debug points on the surface of a PCB of a terminal. UART (Universal Asynchronous Receiver/Transmitter) is commonly called Universal Asynchronous Receiver/Transmitter (UART) and converts data to be transmitted between serial communication and parallel communication as a chip converting parallel input signals into serial output signals, and the UART debug point is a point where UART is integrated into a link of other communication interfaces. The forced downloading point is arranged on the PCB surface of the terminal and used for triggering the application processor to enter a forced downloading mode.
The connection status of the hardware debug point is used to indicate whether the terminal is accessed to the terminal data through the hardware debug point. For example, when the rear cover attaching device is in an unconnected state and the signal transmission between the forced download point of the terminal and the terminal processor is that external access is received, it indicates that the hardware debugging point is in a connected state; and when the rear cover attaching device is in an unconnected state and the forced downloading point does not receive external access, indicating that the hardware debugging point is in an unconnected state.
The connection state of the hardware debugging point is obtained by detecting the signal transmission between the hardware debugging point and the terminal processor in real time, so that whether the hardware debugging point is maliciously connected or attacked by other users is determined.
In step S203, if the hardware debug point is in a connected state, the operation data of the hardware debug point in the connected state is recorded.
And if the hardware debugging point is in a connected state, the terminal is considered to have security risks from malicious attack and analysis through the hardware debugging point.
The operation data indicates behavior data of connection, access, attack or download analysis and the like of other users to the terminal through the hardware debugging point. The operational data is obtained and stored in a terminal database.
This application is through obtaining the attached device of back lid and the connection status of hardware debugging point respectively to confirm whether the terminal is in the risk state according to above-mentioned two connection statuses, if the attached device of back lid is in not connected state, the hardware debugging point is in connection status, then can confirm that the terminal has the safety risk, and the record is in the operation data of the hardware debugging point of connection status. According to the scheme, the risk state of the terminal is monitored through the real-time monitoring hardware debugging point, the operation data in the safe risk state is recorded, and a basis can be provided for further judging the risk.
Optionally, if the hardware debug point is in a connected state, while recording the operation data of the hardware debug point in the connected state, the method further includes the following steps:
and performing safety evaluation on the operation of the hardware debugging point in the connection state, acquiring the geographic position and time point information of the operation, and storing the operation data.
Determining a safety warning grade according to a safety evaluation result; and when the rear cover attaching device is detected to be in a connection state, reminding the safety warning level.
The safety evaluation result can be determined according to factors such as the operation type of the data, the type of the operation data, the number of times of access, the access time and the like. The safety warning level is used for indicating the risk degree of the accessed content of the hardware debugging point of the terminal. Different safety evaluation results are preset with different safety warning levels.
When the rear cover attaching device is detected to be in a connection state, the user terminal can be reminded of being in a safety risk by setting a warning ring tone, warning vibration, warning message or warning color at the terminal, and the safety warning level for reminding the risk is displayed correspondingly.
In a preferred embodiment, in order to enable the user to quickly and clearly know the security risk of the terminal, the user may be reminded by a warning color, which specifically includes the following steps:
the terminal includes electrochromic membrane, remind safety warning grade includes: and controlling the electrochromic film to display the color corresponding to the safety warning grade.
And the terminal presets a corresponding voltage value according to the safety warning grade, and applies the corresponding voltage value to an electrochromic film electrode plate for controlling the electrochromic film, so that the electrochromic film presents a color corresponding to the safety warning grade. Different colors correspond to different safety warning levels, e.g., red for the most dangerous level, yellow for the next dangerous level, and green for the low dangerous level.
The storage resources of the terminal are limited, and the operation data are stored in the terminal equipment, so that the access of the data system has the problems of mutual interference and low access efficiency, and the data are directly stored in the equipment, so that the problems of low safety and low data access flexibility are caused.
Therefore, in order to improve the efficiency and security of the terminal for storing and reading data, in another embodiment, the method further comprises the following steps:
and when the rear cover attaching device is detected to be in a connection state, sending the stored operation record to a cloud server for safety evaluation analysis and vulnerability remediation.
The safety warning grade standard of the cloud server can be the same as that of the terminal, the cloud server can specify rules and standards of the safety warning grade and send the rules and standards to the terminal, and the terminal is executed by adopting the same rules and standards. The operation records are transmitted to the cloud server for security analysis and vulnerability remediation, the security of the mobile phone terminal can be protected by a terminal manufacturer while the service security warning function is added, and user experience is improved.
In order to improve the accuracy and safety of data analysis, in a preferred embodiment, the method further comprises the following steps:
and after detecting that the cloud server evaluates the terminal security or remedies the leak, re-grading or eliminating the risk, and simultaneously controlling the electrochromic rear cover to change or eliminate the security warning grade color.
By carrying out safety evaluation again after remediation, the user can be more accurately reminded whether the terminal receives malicious attack. If the safety evaluation result shows that the safety risk still exists, controlling the electrochromic film to change to the color of the corresponding safety warning grade; and if the safety evaluation result shows that the safety risk is eliminated, controlling the electrochromic film to eliminate the safety warning grade color so as to prevent bringing wrong information to the user and reduce the user experience.
Corresponding to the above method for detecting a terminal security risk to trigger a security alert, an embodiment of the present invention further provides a device, as shown in fig. 3, fig. 3 is a schematic block diagram of the device for detecting a terminal security risk to trigger a security alert, where the device 300 includes:
a first connection state obtaining module 301, configured to obtain a connection state of a rear cover attaching device of the terminal.
A second connection state obtaining module 302, configured to obtain a connection state of the hardware debugging point of the terminal when the rear cover attaching device is in an unconnected state.
An operation data recording module 303, configured to record, if the hardware debug point is in a connected state, operation data of the hardware debug point in the connected state.
In an alternative embodiment, the apparatus 300 further comprises:
and the safety evaluating module is used for evaluating the safety of the operation of the hardware debugging point in the connection state if the hardware debugging point is in the connection state, acquiring the geographic position and time point information of the operation and storing the operation data.
In an alternative embodiment, the apparatus 300 further comprises:
the safety warning grade determining module is used for determining the safety warning grade according to the safety evaluation result after the safety evaluation is carried out on the operation of the hardware debugging point in the connection state;
and the reminding module is used for reminding the safety warning level when detecting that the rear cover attaching device is in a connection state.
In an alternative embodiment, the terminal includes an electrochromic film, and the reminder module includes:
and the reminding unit is used for controlling the electrochromic film to display the color corresponding to the safety warning grade.
In an alternative embodiment, the apparatus 300 further comprises:
and the vulnerability remediation module is used for sending the stored operation record to the cloud server for safety evaluation analysis and vulnerability remediation when the rear cover attaching device is detected to be in a connection state.
In an alternative embodiment, the apparatus 300 further comprises:
and the risk reevaluation module is used for reevaluating the security level or eliminating the security level after detecting that the cloud server carries out security evaluation or leak remediation on the terminal, and controlling the electrochromic film to change or eliminate the color corresponding to the security warning level.
In an alternative embodiment, the back cover attachment means comprises at least one of:
NFC antenna, fingerprint module, electrochromic membrane.
In an optional embodiment, the hardware debug point comprises at least one of:
URAT debug point, JTAG debug point, force download point.
Corresponding to the method for triggering the safety warning by detecting the safety risk of the terminal, an embodiment of the present application further provides a terminal, including:
at least one memory and at least one processor;
the memory for storing one or more programs;
when executed by the at least one processor, the one or more programs cause the at least one processor to implement the steps of a method for detecting a security risk of a terminal to trigger a security alert as described in any one of the embodiments above.
In particular, the terminal may be a mobile terminal (e.g., a tablet computer) having 4G or 5G communication capabilities, a wearable device (e.g., a smart watch, a sports bracelet, smart glasses), a smart car-mounted device, and the like.
According to the method for detecting the terminal safety risk to trigger the safety warning, the connection states of the rear cover attaching device and the hardware debugging point are obtained respectively, whether the terminal is in the risk state or not is determined according to the two connection states, the operation data of the hardware debugging point in the connection state are recorded, the hardware debugging point is monitored in real time to monitor the risk state of the terminal, the operation data in the risk state are recorded, and a basis can be provided for further judgment of the risk. This application is still through after recording operation data, and to this operation data safety evaluation and corresponding presetting have safety warning colour and electrochromic membrane, show the safety warning colour that the safety evaluation result corresponds through electrochromic membrane, can warn the user that this terminal has the safety risk to different colours through electrochromic membrane show the size of this risk. The data action that this application will be in the hardware debugging point of connection state uploads high in the clouds server, make the high in the clouds server assess the risk at terminal, and remedy to the security leak that probably exists, carry out the safety evaluation through aiming at this risk again after remedying, thereby control electrochromic membrane and adjust or eliminate the colour of electrochromic membrane according to the latest evaluation result, can be when increasing business safety alarm function, provide the powerful way for the protection of terminal manufacturer to cell-phone terminal security, make terminal security risk judge more accurately.
It is to be understood that the embodiments of the present application are not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the embodiments of the present application is limited only by the following claims. The above-mentioned embodiments only express a few embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for those skilled in the art, variations and modifications can be made without departing from the concept of the embodiments of the present application, and these embodiments are within the scope of the present application.

Claims (10)

1. A method for detecting terminal security risks to trigger security alerts is characterized by comprising the following steps:
acquiring the connection state of a rear cover attaching device of the terminal;
when the rear cover attaching device is in an unconnected state, acquiring the connection state of a hardware debugging point of the terminal;
and if the hardware debugging point is in a connection state, recording the operation data of the hardware debugging point in the connection state.
2. The method for detecting the security risk of the terminal to trigger the security alarm according to claim 1, wherein if the hardware debug point is in a connected state, the method further comprises:
and performing safety evaluation on the operation of the hardware debugging point in the connection state, acquiring the geographic position and time point information of the operation, and storing the operation data.
3. The method for detecting the security risk of the terminal to trigger the security alarm according to claim 2, wherein after the security evaluation of the operation of the hardware debugging point in the connection state, the method further comprises the following steps:
determining a safety warning grade according to a safety evaluation result;
and when the rear cover attaching device is detected to be in a connection state, reminding the safety warning level.
4. The method for detecting the security risk of the terminal to trigger the security alarm according to claim 3, wherein the terminal comprises an electrochromic film, and the reminding the security alarm level comprises:
and controlling the electrochromic film to display the color corresponding to the safety warning grade.
5. The method for detecting the security risk of the terminal to trigger the security alarm according to claim 4, further comprising the following steps:
and when the rear cover attaching device is detected to be in a connection state, sending the stored operation record to a cloud server for safety evaluation analysis and vulnerability remediation.
6. The method for detecting the security risk of the terminal to trigger the security alarm according to claim 5, further comprising the steps of:
and after detecting that the cloud server evaluates the terminal security or remedies the leak, reevaluating the security level or eliminating the security level, and controlling the electrochromic film to change or eliminate the color corresponding to the security warning level.
7. The method for detecting the security risk of the terminal to trigger the security alarm according to claim 1, wherein:
the rear cover attachment device includes at least one of:
NFC antenna, fingerprint module, electrochromic membrane.
8. The method for detecting the security risk of the terminal to trigger the security alarm according to claim 1, wherein:
the hardware debug point comprises at least one of:
URAT debug point, JTAG debug point, force download point.
9. An apparatus for detecting a terminal security risk to trigger a security alert, comprising:
the first connection state acquisition module is used for acquiring the connection state of a rear cover attaching device of the terminal;
the second connection state acquisition module is used for acquiring the connection state of the hardware debugging point of the terminal when the rear cover attaching device is in an unconnected state;
and the operation data recording module is used for recording the operation data of the hardware debugging point in the connection state if the hardware debugging point is in the connection state.
10. A terminal, comprising:
at least one memory and at least one processor;
the memory for storing one or more programs;
when executed by the at least one processor, the one or more programs cause the at least one processor to implement the steps of the method of detecting a terminal security risk to trigger a security alert as claimed in any one of claims 1 to 8.
CN202111386952.8A 2021-11-22 2021-11-22 Method and device for triggering safety warning by detecting terminal safety risk and terminal Pending CN114021153A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111386952.8A CN114021153A (en) 2021-11-22 2021-11-22 Method and device for triggering safety warning by detecting terminal safety risk and terminal

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111386952.8A CN114021153A (en) 2021-11-22 2021-11-22 Method and device for triggering safety warning by detecting terminal safety risk and terminal

Publications (1)

Publication Number Publication Date
CN114021153A true CN114021153A (en) 2022-02-08

Family

ID=80065736

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111386952.8A Pending CN114021153A (en) 2021-11-22 2021-11-22 Method and device for triggering safety warning by detecting terminal safety risk and terminal

Country Status (1)

Country Link
CN (1) CN114021153A (en)

Similar Documents

Publication Publication Date Title
CN104023132B (en) Anti-lost method and device for mobile terminal
WO2015014075A1 (en) A method and apparatus for an alarm for a mobile device
CN108446211B (en) Browser exception collection method and device, mobile terminal and storage medium
CN108632460A (en) Right management method, device, mobile terminal and storage medium
KR20190088744A (en) electronic device and method for sensing condition of battery
CN107209829A (en) Data judging device, data judging method and program
CN111726341A (en) Data detection method and device, electronic equipment and storage medium
CN110881211A (en) Power saving method, device, storage medium and terminal
CN107193714A (en) One kind alarm methods of exhibiting and device
US20230022836A1 (en) Method and system of anti-circumvention monitoring in vehicle ignition interlock operation
CN109102144B (en) Method and device for determining operation risk possibility grade and storage medium
CN113364837B (en) Port security device for computing device and method of operating the same
CN111047309A (en) Security compliance detection method and device, computer equipment and storage medium
CN114021153A (en) Method and device for triggering safety warning by detecting terminal safety risk and terminal
CN108769366B (en) Authority management method, device, mobile terminal and storage medium
GB2527504A (en) Monitoring system for data communication / electrical signalling cables
CN109522741A (en) A kind of application program permission reminding method and its terminal device
CN109542511A (en) A kind of detection method of application installation package, device and mobile device
CN106844794B (en) Radio supervision device and method based on data multidimensional characteristics
US20150137993A1 (en) Engine and system monitoring telematic system
KR100600334B1 (en) Apparatus For Discriminating Smell Using The Mobile Communication Terminal
CN110221736A (en) Icon processing method, device, mobile terminal and storage medium
CN114022029A (en) Terminal security risk management method and device and terminal
JP2845268B2 (en) Detection system for portable information communication equipment
CN108763884B (en) Authority management method, device, mobile terminal and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination