WO2014043876A1 - 窃听行为侦测方法及终端设备 - Google Patents
窃听行为侦测方法及终端设备 Download PDFInfo
- Publication number
- WO2014043876A1 WO2014043876A1 PCT/CN2012/081670 CN2012081670W WO2014043876A1 WO 2014043876 A1 WO2014043876 A1 WO 2014043876A1 CN 2012081670 W CN2012081670 W CN 2012081670W WO 2014043876 A1 WO2014043876 A1 WO 2014043876A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- recording
- terminal device
- module
- application
- eavesdropping
- Prior art date
Links
- 238000000034 method Methods 0.000 title abstract description 32
- 230000006870 function Effects 0.000 claims description 157
- 238000004891 communication Methods 0.000 claims description 121
- 230000006399 behavior Effects 0.000 claims description 38
- 238000001514 detection method Methods 0.000 claims description 17
- 238000010586 diagram Methods 0.000 description 5
- 230000008569 process Effects 0.000 description 5
- 230000006855 networking Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000002452 interceptive effect Effects 0.000 description 2
- 239000008186 active pharmaceutical agent Substances 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G08—SIGNALLING
- G08B—SIGNALLING OR CALLING SYSTEMS; ORDER TELEGRAPHS; ALARM SYSTEMS
- G08B21/00—Alarms responsive to a single specified undesired or abnormal condition and not otherwise provided for
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/567—Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1475—Passive attacks, e.g. eavesdropping or listening without modification of the traffic monitored
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04M—TELEPHONIC COMMUNICATION
- H04M1/00—Substation equipment, e.g. for use by subscribers
- H04M1/68—Circuit arrangements for preventing eavesdropping
Definitions
- the present invention relates to communication technologies, and in particular, to a method for detecting eavesdropping behavior and a terminal device. Background technique
- the current intelligent terminal generally provides a powerful Application Programming Interface (API), which can obtain the call status information of the intelligent terminal, record the call content, and realize the complete networking function.
- API Application Programming Interface
- This also provides an opportunity for some malicious application (Application Programming, APP for short) developers to use these APIs to listen to the user's call content by developing some illegal applications, and also to listen to the call through the networking function of the smart terminal.
- Content is posted on the Internet, causing leakage of user privacy. It can be seen that the detection and prevention of eavesdropping behavior on smart terminals becomes very important.
- Embodiments of the present invention provide a method for detecting eavesdropping behavior and a terminal device for detecting eavesdropping behavior by means of recording.
- the first aspect provides a method for detecting eavesdropping behavior, including:
- the terminal device If the terminal device is in a call, determining whether an application is enabled to record on the terminal device;
- the eavesdropping alert prompt includes a first-level eavesdropping alert prompt and a second-level eavesdropping alert prompt; and the eavesdropping alert alert includes: determining the open recording function Whether the application is being networked; Sending the first level of eavesdropping alert prompt if the application for enabling the recording function is not being networked;
- the second level of eavesdropping alert is issued.
- the eavesdropping behavior detecting method further includes: receiving an application that terminates the opening recording function An instruction of the program terminates the application for enabling the recording function according to the instruction.
- the eavesdropping behavior detecting method further includes: recording an identifier of an application that enables the recording function and Terminating the operation behavior of the application for enabling the recording function, so as to directly detect that the application for enabling the recording function is running, directly terminating the application for enabling the recording function.
- the fourth possibility in the first aspect in the implementation manner, whether the terminal device is in a call includes:
- the communication status indication is reported by the communication module after entering a communication state, and determining that the terminal device is in a call according to the communication status indication.
- the determining, by the terminal device, whether an application starts the recording function includes:
- the receiving before the receiving the recording notification message that is reported by the recording service module, a second registration request, where the second registration request is used to cause the recording service module to report the recording notification message when entering the recording state.
- Determining whether the application for enabling the recording function is being networked includes:
- the second aspect provides a terminal device, including:
- a first determining module configured to determine whether the terminal device is in a call
- a second determining module configured to determine, when the determining result of the first determining module is YES, whether the application program starts the recording function on the terminal device;
- the alarm prompting module is configured to issue an eavesdropping alarm prompt when the judgment result of the second judging module is YES.
- the eavesdropping alarm prompt includes a first level eavesdropping alarm prompt and a second level eavesdropping alarm prompt;
- the terminal device further includes: a third judging module, configured to: When the determination result of the second judging module is YES, before the alarm prompting module issues the eavesdropping alarm prompt, determining whether the application for enabling the recording function is being networked;
- the alarm prompting module is specifically configured to: when the judgment result of the third determining module is negative, send The eavesdropping alarm prompt of the first level is sent, and when the judgment result of the third judging module is yes, the second level eavesdropping alarm prompt is issued.
- the terminal device further includes: a receiving module, configured to receive the termination of the recording function Instructions for the application;
- a terminating module configured to terminate the application for enabling the recording function according to the instruction.
- the terminal device further includes: a recording module, configured to record an identifier of the application for enabling the recording function The ID and the operation behavior of the application for terminating the recording function are terminated, so as to detect that the application for enabling the recording function is stopped, the application for enabling the recording function is directly terminated.
- a recording module configured to record an identifier of the application for enabling the recording function The ID and the operation behavior of the application for terminating the recording function are terminated, so as to detect that the application for enabling the recording function is stopped, the application for enabling the recording function is directly terminated.
- the terminal device further includes: a communication module
- the first determining module is specifically configured to periodically query an operating state of the communication module, and if the communication module is in a communication state, determine that the terminal device is in a call; or
- the first determining module is specifically configured to receive a communication status indication reported by the communication module, where the communication status indication is reported by the communication module after entering a communication state, and determining, according to the communication status indication, that the terminal device is calling.
- the first determining module is further configured to: before receiving the communication status indication, to the communication module Sending a first registration request, where the first registration request is used to cause the communication module to report the communication status indication when entering a communication state.
- the terminal device further includes: a recording service module;
- the second determining module is specifically configured to periodically query the working state of the recording service module, and if the recording service module is in a recording state, determine that the terminal device has an application for enabling the recording function; or
- the second judging module is configured to receive the recording notification message reported by the recording service module, where the recording notification message is reported by the recording service module after entering the recording state, and determining the terminal according to the recording notification message. There is an application on the device that turns on recording.
- the second determining module is further configured to: before receiving the recording notification message, to the recording service The module sends a second registration request for causing the recording service module to "3" the recording notification message when entering the recording state.
- the terminal device further includes: a network layer interface;
- the third determining module is specifically configured to obtain an ID of the application for enabling the recording function, and periodically query the network layer interface according to the ID of the application that starts the recording function, if the application of the recording function is enabled.
- the program sends or receives network data through the network layer interface, and determines that the application for enabling the recording function is being networked.
- the third aspect provides a terminal device, including: at least one processor, and a memory, where the memory is used to store executable program code, where the processor determines whether the terminal device is in a call by reading the memory;
- the terminal device If the terminal device is in a call, determining whether an application is enabled to record on the terminal device;
- an eavesdropping alarm prompt is issued.
- the eavesdropping behavior detecting method and the terminal device provided by the embodiment of the present invention determine whether the terminal device is in a call, and if the terminal device is in a call, further determining whether an application has enabled the recording function on the terminal device, if the terminal device has The application that enables the recording function indicates that the application may be a malicious program that is eavesdropping by recording. Therefore, an eavesdropping alarm prompt is issued to detect the eavesdropping behavior by recording.
- FIG. 1 is a flowchart of a method for detecting eavesdropping behavior according to an embodiment of the present invention
- FIG. 2 is a flowchart of a method for detecting eavesdropping behavior according to another embodiment of the present invention.
- FIG. 3 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
- FIG. 4 is a schematic structural diagram of a terminal device according to another embodiment of the present disclosure.
- FIG. 5 is a schematic structural diagram of a terminal device according to another embodiment of the present invention.
- the technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention.
- the embodiments are a part of the embodiments of the invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
- FIG. 1 is a flowchart of a method for detecting eavesdropping behavior according to an embodiment of the present invention. As shown in FIG. 1, the method in this embodiment includes:
- Step 101 Determine whether the terminal device is in a call; if the judgment result is yes, that is, the terminal device is in a call, perform step 102; if the determination result is no, the optional detection operation may be ended.
- Step 102 Determine whether the application has the recording function enabled on the terminal device. If the determination result is yes, that is, the application device that has the recording function enabled on the terminal device, step 103 is performed. If the determination result is no, the optional end may be ended. Secondary detection operation.
- Step 103 Send an eavesdropping alarm prompt.
- the execution body of this embodiment may be a security module, and the security module may be implemented in the terminal device or may be connected to the terminal device independently of the terminal device.
- the execution entity is a security module, but is not limited to the module. Any module that can execute the process provided in this embodiment may be used.
- the terminal device in this embodiment may be various devices having a call function and supporting a recording function.
- the call state of the terminal device includes a call, an idle state, and a ring state.
- Eavesdropping by recording is usually performed by recording the contents of the call during the conversation of the terminal device.
- the security module first determines whether the terminal is in a call. If the terminal device is in a call, it further determines whether an application has enabled the recording function on the terminal device. If the terminal device has an application for enabling the recording function, the application is satisfied.
- the feature that the terminal device performs recording during the call, then the application that starts the recording function may be a malicious program that is eavesdropped by the recording method, so the user is prompted to eavesdrop.
- the security module issues different levels of eavesdropping alert prompts based on the likelihood that the application is a malicious program. As the eavesdropping alert level is higher, it is more likely that the application that turns on the recording function is a malicious program that is eavesdropping by recording. Based on this, the eavesdropping alert prompt of the embodiment may include a first level eavesdropping alert prompt and a second level of eavesdropping alert alert, wherein the second level of eavesdropping alert alert is higher than the first level of eavesdropping alert alert. .
- the security module determines whether the terminal device is in a call, and if the terminal device is in a call, further determining whether an application has enabled the recording function on the terminal device, if the recording device is enabled on the terminal device.
- the function of the application indicating that the application may be a malicious program for eavesdropping by means of recording, so that an eavesdropping alarm prompt is issued to detect the eavesdropping behavior by recording.
- FIG. 2 is a flowchart of a method for detecting eavesdropping behavior according to another embodiment of the present invention. As shown in FIG. 2, the method in this embodiment includes:
- Step 201 Determine whether the terminal device is in a call; if the judgment result is yes, that is, the terminal device is in a call, perform step 202; if the determination result is no, the optional detection operation may be ended.
- Step 202 Determine whether an application has enabled the recording function on the terminal device. If the determination result is yes, that is, the application device that has the recording function enabled on the terminal device, step 203 is performed. If the judgment result is no, the optional detection operation can be ended.
- Step 203 Determine whether the application for enabling the recording function is being networked. If the determination result is yes, that is, the application for enabling the recording function is being networked, step 205 is performed, and if the determination result is no, the application for enabling the recording function is not being If the network is connected, step 204 is performed.
- Step 204 Send a first level eavesdropping alert prompt.
- Step 205 Issue a second level eavesdropping alert prompt.
- the executor of this embodiment also takes a security module as an example.
- a description of the security module reference may be made to the description in the embodiment shown in FIG. Further, the description of the terminal device of the present embodiment can also be referred to the description in the embodiment shown in Fig. 1.
- the eavesdropping alert prompt includes a first level eavesdropping alert prompt and a second level eavesdropping alert alert.
- the security module first determines whether the terminal is in a call. If the terminal device is in a call, further determining whether an application has enabled the recording function on the terminal device, if the terminal device is enabled.
- the recording function application since the application satisfies the characteristics of recording during the terminal device call, the application for enabling the recording function may be a malicious program for eavesdropping by recording. It is further considered that the malicious program that is eavesdropping by recording usually uploads the sneaked call content to the Internet by using the networking function of the terminal device.
- the security module of this embodiment further determines whether the application for enabling the recording function is being networked (ie, is it If the application that is the recording function is being networked (that is, in a networked state), since the application satisfies the condition that the terminal device is in the call and the recording function is being connected, it is more likely A malicious program that eavesdrops by recording, so that a higher level of eavesdropping alert is issued to the user, that is, a second level eavesdropping alert.
- the application that determines that the recording function is turned on is not being connected to the Internet (that is, it is not in the networked state), it means that the application that starts the recording function but does not have the networked application is eavesdropping by the recording method may be small, so the user is A first level eavesdropping alert is issued.
- the security module sends an eavesdropping alert prompt (eg, the security module issues a first level eavesdropping alert prompt or issues a second level eavesdropping alert alert) that can use sound, light, vibration, and/or information. issue.
- the security module can use the voice to send eavesdropping alert prompts.
- Different levels of eavesdropping alert prompts are distinguished by sound size.
- the first level of eavesdropping alert prompts have less sound, while the second level of eavesdropping alert prompts sounds. Big.
- the security module can also send eavesdropping alert prompts in a vibrating manner. Different levels of eavesdropping alert prompts are distinguished by the magnitude of the vibration intensity.
- the first level of eavesdropping alert prompts have less vibration intensity, and the second level of eavesdropping alert prompts vibrates. Stronger.
- the security module may also send an eavesdropping alert prompt by means of information and a prompt tone.
- Different levels of eavesdropping alert prompts are distinguished by the size of the alert tone, for example, the first level of the eavesdropping alert prompt has a smaller sound, and the second level The eavesdropping alert prompts a louder voice; in addition, different levels of eavesdropping alert prompts can also be distinguished by information content, for example, the information content of the first level eavesdropping alert prompt is "50% is a malicious program", and the second level The content of the eavesdropping alert is "80% is a malicious program”. In addition to the above examples, there are many ways in which the security module can issue eavesdropping alert prompts.
- This embodiment facilitates the user to take different processing measures by distinguishing different levels of eavesdropping alarm prompts. For example, if the eavesdropping alert level is low, the user can ignore the non-processing; for the eavesdropping alert alert level, the user can process in time, for example, terminate the application to prevent privacy leakage.
- the user may choose to terminate the application after the security module issues an eavesdropping alert. Then, the user can issue an instruction to terminate the application to the security module through a menu or a button provided by the terminal device.
- the security module receives an instruction to terminate the application and terminates the application according to the received instruction.
- the operating system of the terminal device has an API for terminating the application, so the security module can terminate the application by calling an API corresponding to the application in the operating system.
- the user can select to terminate the application after the security module issues any level of eavesdropping alert prompt, so the security module receiving the instruction to terminate the application and terminating the application may be the first level of eavesdropping alert. After that, it may also be after the second level of eavesdropping alert is issued.
- the security module may obtain the ID of the application, for example, the ID of the application may be obtained by calling an API corresponding to the application, or the ID of the application may be provided by other modules in the terminal device.
- This embodiment provides the foregoing step 101 or step 201, that is, several embodiments for determining whether the terminal device is in the call.
- An embodiment includes: periodically querying an operating state of a communication module of the terminal device, and if the communication module is in a communication state, determining that the terminal device is in a call.
- the call state of the terminal device can be embodied by the working state of the communication module of the terminal device.
- the communication module of the terminal device may also be referred to as a telephone module, and is mainly used to implement a call between the terminal device and other terminal devices.
- the communication module is currently in communication state, that is, communicating with other terminal devices, it means that the terminal device where the communication module is located is in a call; if the communication module is currently in an idle state, it means that the terminal device where the communication module is located is in an idle state. If the communication module is currently in the ringing state, that is, ringing to request communication with other terminal devices or has not responded to communication requests of other terminal devices, it means that the terminal device where the communication module is located is in a ringing state.
- This embodiment belongs to a manner in which the security module actively polls the working state of the communication module to determine whether the terminal device is in a call.
- Another embodiment includes: receiving a communication status indication reported by the communication module of the terminal device, the communication status indication being reported by the communication module after entering the communication state; and then determining, according to the received communication status indication, that the terminal device is in a call.
- the communication module if the communication module enters the communication state, it will actively report the communication status indication to the security module to enter the communication state. Therefore, the security module can determine whether the terminal device is in the call according to whether the communication status indication is received, if receiving To the communication status indication reported by the communication module, it can be determined that the terminal device is in a call.
- the function of the communication module can be reported to the security module by extending the function of the communication module. In this way, once the communication module enters the communication state, the communication status indication is actively reported to the security module.
- the security module may send a first registration request to the communication module before receiving the communication status indication reported by the communication module, where the first registration request is used to enable The communication module reports the communication status indication when entering the communication state, so that the communication module can report only according to the requirements of the security module.
- This embodiment provides the foregoing step 102 or step 202, that is, several embodiments for determining whether there is an application on the terminal device to enable the recording function.
- An embodiment includes: periodically querying the working status of the recording service module of the terminal device, and if the recording service module is in the recording state, determining that the terminal device has an application for enabling the recording function.
- the recording service module on the terminal device is mainly used to record the sound source.
- the operating system of the terminal device also provides an API corresponding to the recording service module, and each application program can start the recording service module by calling the API of the recording service module to perform recording, and correspondingly, if the application successfully starts the recording service module , which means that the app has the recording function turned on.
- the recording service module can also know the ID, name and other information of the application. Based on this, the security module can determine whether an application has enabled the recording function by actively polling the working status of the recording service module. In addition, if the security module is required, the ID of the application that enables the recording function can be obtained through the recording service module. And other information.
- Another embodiment includes: receiving a recording notification message reported by the recording service module, the recording notification message being reported by the recording service module after entering the recording state; and then determining, according to the recording notification message, an application having a recording function enabled on the terminal device.
- the recording notification message of the recording state is actively reported to the security module. Therefore, the security module can determine whether the terminal device is determined according to whether the recording notification message reported by the recording service module is received. Whether there is an application that enables the recording function, if receiving the recording notification message reported by the recording service module, it can be determined that the application having the recording function enabled on the terminal device.
- the function of the recording service module can be extended by actively expanding the function of the recording service module. In this way, once the recording service module enters the recording state, the recording notification message is actively reported to the security module.
- the security module may send a second registration request to the recording service module before receiving the recording notification message reported by the recording service module, and the second registration request It is used to enable the recording service module to actively report the recording notification message when it enters the recording state, so that the recording service module can report only according to the requirements of the security module.
- the foregoing embodiments for determining whether there is an application to enable the recording function on the terminal device have the advantages of being simple and easy to implement, having small changes to the terminal device, and being accurate.
- the embodiment provides a step 203, that is, an implementation manner of determining whether an application for enabling the recording function is being networked, including: acquiring an ID of an application that enables the recording function, and periodically querying the terminal according to an ID of an application that enables the recording function.
- the network layer interface of the device If the application that enables the recording function sends or receives network data through the network layer interface, it is determined that the application that enables the recording function is being networked.
- the network layer interface of the terminal device is mainly used for transmitting and receiving network data between each application and the Internet, and the ID of the application program that interacts with the Internet and the interactive network data can be obtained through an interface provided by the operating system of the terminal device.
- the security module first obtains the ID of the application that starts the recording function, periodically queries the network layer interface, and determines whether the ID of the application that has acquired the recording function is recorded on the network layer interface.
- the application that has the recording function turned on is connected to the Internet. If there is no recording, the application that turns on the recording function is not being connected to the Internet.
- the security module can perform the function expansion on the network layer interface in addition to the active layer polling, so that the network layer interface can actively report the ID of the application being networked to the security module. In this way, the security module can determine whether the application for enabling the recording function is being networked according to the ID of the application that starts the recording function and the ID of the application reported by the network layer interface.
- Whether the application on the terminal device is being networked can be implemented by querying whether the network data of the application interacts with the Internet on the network layer interface of the terminal device, but is not limited thereto, for example, by querying the attribute information of the application,
- the application's attribute information includes whether the application has networking capabilities and whether it is in a networked state.
- the embodiments provided above for determining whether the terminal device is being networked have the advantages of being simple and easy to implement, and having an accurate judgment.
- the embodiment determines whether the terminal device is in a call, and if the terminal device is in a call, further determining whether an application has enabled the recording function on the terminal device, if the terminal device has an application for enabling the recording function,
- the application may be a malicious program that is eavesdropping by recording. It is further determined whether the application that enables the recording function is being networked. If it is determined that the application for enabling the recording function is being networked at the same time, the application is eavesdropping by recording.
- the possibility of malicious programs is greater, and then different levels of eavesdropping alert prompts are issued according to the different judgment results described above, thereby realizing the detection of eavesdropping behavior by recording, which is beneficial to prevent leakage of user privacy.
- FIG. 3 is a schematic structural diagram of a terminal device according to an embodiment of the present invention.
- the terminal device of this embodiment may be various devices having a call function and supporting a recording function.
- the terminal device in this embodiment includes: a first determining module 31, a second determining module 32, and an alert prompting module 33.
- the first determining module 31 is configured to determine whether the terminal device in this embodiment is in a call.
- the second judging module 32 is connected to the first judging module 31, and is configured to determine whether an application has the recording function enabled on the terminal device of the embodiment when the determining result of the first judging module 31 is YES.
- the alarm prompting module 33 is connected to the second judging module 32, and is configured to issue an eavesdropping alarm prompt when the judgment result of the second judging module 32 is YES.
- the eavesdropping alert prompt includes a first level of eavesdropping alert alert and a second level of eavesdropping alert alert.
- the terminal device of this embodiment further includes: a third determining module 34.
- the third judging module 34 is connected to the second judging module 32 and the alarm prompting module 33.
- the second judging module is judged before the alarm prompting module 33 issues the eavesdropping alarm prompt. 32 Whether the application that determines the recording function is being networked.
- the alarm prompting module 33 is specifically configured to issue a first level eavesdropping alarm prompt when the determination result of the third judging module 34 is no, and issue a second level when the third judging module 34 determines that the result is yes. Eavesdropping alert.
- the terminal device of this embodiment further includes: a receiving module 35 and a terminating module 36.
- the receiving module 35 is configured to receive an instruction for terminating the application for enabling the recording function.
- the receiving module 35 is connected to the alarm prompting module 33, and is configured to: after the alarm prompting module 33 sends the first level of the eavesdropping alarm prompt or the second level of the eavesdropping alarm prompt, receive the instruction for terminating the application for enabling the recording function. .
- the termination module 36 is connected to the receiving module 35, and is configured to terminate the application for enabling the recording function according to the instruction received by the receiving module 35.
- the terminal device in this embodiment further includes: a recording module 37.
- a recording module 37 configured to record an ID of an application that opens the recording function and an operation behavior of an application that terminates the recording function, so as to detect the application of the recording function again When the sequence is running, the application that starts the recording function is directly terminated.
- the recording module 37 is connected to the receiving module 35, and configured to record the ID of the application for enabling the recording function and terminate the recording function after the receiving module 35 receives the instruction for terminating the application for enabling the recording function. The operational behavior of the application.
- the terminal device of this embodiment further includes: a communication module 38, which is mainly used to implement a call between the terminal device and other terminal devices in this embodiment.
- the first determining module 31 is specifically configured to periodically query the working state of the communication module 38. If the communication module 38 is in the communication state, it is determined that the terminal device of the embodiment is in a call.
- the first determining module 31 is specifically configured to receive the communication status indication reported by the communication module 38, where the communication status indication is reported by the communication module 38 after entering the communication state, and the terminal device of the embodiment is determined to be in the call according to the communication status indication.
- the first determining module 31 is further configured to send a first registration request to the communication module 38 before receiving the communication status indication reported by the communication module 38, where the first registration request is used to cause the communication module 38 to report the communication when entering the communication state. Status indication.
- the terminal device of this embodiment further includes: a recording service module 39, which is mainly used for recording a sound source.
- the second judging module 32 is specifically configured to periodically query the working state of the recording service module 39. If the recording service module 39 is in the recording state, it is determined that the terminal device of the embodiment has an application for enabling the recording function.
- the second determining module 32 is specifically configured to receive the recording notification message reported by the recording service module 39, and the recording notification message is reported by the recording service module 39 after entering the recording state, and is determined by the recording notification message on the terminal device of the embodiment. There is an application that enables recording.
- the second determining module 32 is further configured to send a second registration request to the recording service module 39 before receiving the recording notification message reported by the recording service module 39, where the second registration request is used to enable the recording service module 39 to enter the recording state.
- the recording notification message is reported.
- the terminal device of this embodiment further includes: a network layer interface 40, which is mainly used for transmitting and receiving network data between each application and the Internet, and also recording an application for interacting with the Internet for network data. ID and interactive network data.
- the third determining module 34 is specifically configured to obtain an ID of an application that starts the recording function, and periodically query the network layer interface 40 according to the ID of the application that starts the recording function, and if the application that enables the recording function passes through the network layer interface 40 The network data is sent or received, and the application that determines the recording function is being networked.
- the alert prompting module 33 is specifically configured to issue an eavesdropping alert prompt in the form of sound, light, vibration, and/or information.
- the alert prompting module 33 can be specifically configured to issue a first level of eavesdropping alert prompts in the form of sound, light, vibration, and/or information; or, the alert prompting module 33 can be specifically used for sound, light, vibration, and/or information.
- the mode sends a second level of eavesdropping alert.
- the function modules of the terminal device provided in this embodiment can be used to perform the corresponding processes in the foregoing method embodiments.
- the specific working principles are not described here. For details, refer to the description of the method embodiments.
- the terminal device determines whether the terminal device is in a call by using each function module. If the terminal device is in a call, further determining whether an application program has enabled the recording function on the terminal device, if the terminal device has the recording function enabled.
- the application program indicates that the application may be a malicious program that is eavesdropped by recording. Therefore, an eavesdropping alarm prompt is issued to detect the eavesdropping behavior by recording.
- FIG. 5 is a schematic structural diagram of a terminal device according to another embodiment of the present invention.
- the terminal device of this embodiment includes: at least one processor 51, and a memory 52.
- the two are connected by a bus.
- the bus may be an Industry Standard Architecture (ISA) bus, a Peripheral Component (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus. Wait.
- ISA Industry Standard Architecture
- PCI Peripheral Component
- EISA Extended Industry Standard Architecture
- the bus can be divided into an address bus, a data bus, a control bus, and the like. For ease of representation, only one thick line is shown in Figure 5, but it does not mean that there is only one bus or one type of bus. among them:
- the memory 52 is for storing executable program code, wherein the processor 51 reads the memory by:
- the terminal device of the embodiment If the terminal device of the embodiment is in a call, it is determined whether the application program of the embodiment is enabled to enable the recording function;
- an eavesdropping alarm prompt is issued.
- the terminal device of this embodiment further includes: a communication interface 53. Communication interface 53 is also coupled to processor 51 and memory 52 via a bus.
- the end of this embodiment further includes: a power module, configured to supply power to other modules of the terminal device.
- the power module is not shown in Figure 5. The principle is not described again, as described in the description of the method embodiments.
- the terminal device determines whether the terminal device is in a call, and if the terminal device is in a call, further determining whether an application has enabled the recording function on the terminal device, if the terminal device has an application for enabling the recording function. , indicating that the application may be a malicious program for eavesdropping by recording, so that an eavesdropping alarm prompt is issued to detect the eavesdropping behavior by recording.
- the method includes the steps of the foregoing method embodiments; and the foregoing storage medium includes: a medium that can store program codes, such as a ROM, a RAM, a magnetic disk, or an optical disk.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Signal Processing (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Health & Medical Sciences (AREA)
- Business, Economics & Management (AREA)
- Emergency Management (AREA)
- Telephone Function (AREA)
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
Claims
Priority Applications (9)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP15189682.6A EP2988472B1 (en) | 2012-09-20 | 2012-09-20 | Method for detecting eavesdropping activity and terminal device |
JP2014536100A JP5899324B2 (ja) | 2012-09-20 | 2012-09-20 | 盗聴アクティビティを検出するための方法及び端末デバイス |
PCT/CN2012/081670 WO2014043876A1 (zh) | 2012-09-20 | 2012-09-20 | 窃听行为侦测方法及终端设备 |
ES15189682.6T ES2625339T3 (es) | 2012-09-20 | 2012-09-20 | Método para detectar una actividad de escucha de interceptación y dispositivo terminal |
ES12877084T ES2570502T3 (es) | 2012-09-20 | 2012-09-20 | Método para detectar un comportamiento de interceptación y un dispositivo terminal |
CN2012800028769A CN103416045A (zh) | 2012-09-20 | 2012-09-20 | 窃听行为侦测方法及终端设备 |
EP12877084.9A EP2728918B1 (en) | 2012-09-20 | 2012-09-20 | Method for detecting interception behaviour and terminal device |
KR1020137033037A KR20140059173A (ko) | 2012-09-20 | 2012-09-20 | 도청 활동을 검출하는 방법 및 단말 기기 |
US14/107,124 US9740861B2 (en) | 2012-09-20 | 2013-12-16 | Method for detecting eavesdropping activity and terminal device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2012/081670 WO2014043876A1 (zh) | 2012-09-20 | 2012-09-20 | 窃听行为侦测方法及终端设备 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/107,124 Continuation US9740861B2 (en) | 2012-09-20 | 2013-12-16 | Method for detecting eavesdropping activity and terminal device |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014043876A1 true WO2014043876A1 (zh) | 2014-03-27 |
Family
ID=49608194
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2012/081670 WO2014043876A1 (zh) | 2012-09-20 | 2012-09-20 | 窃听行为侦测方法及终端设备 |
Country Status (7)
Country | Link |
---|---|
US (1) | US9740861B2 (zh) |
EP (2) | EP2988472B1 (zh) |
JP (1) | JP5899324B2 (zh) |
KR (1) | KR20140059173A (zh) |
CN (1) | CN103416045A (zh) |
ES (2) | ES2570502T3 (zh) |
WO (1) | WO2014043876A1 (zh) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103379482A (zh) * | 2012-04-26 | 2013-10-30 | 腾讯科技(深圳)有限公司 | 一种在通话过程中防止录音的方法及装置 |
CN105049592B (zh) * | 2015-05-27 | 2020-02-14 | 中国科学院信息工程研究所 | 移动智能终端语音安全防护方法及系统 |
KR102370230B1 (ko) * | 2015-08-27 | 2022-03-04 | 엘지전자 주식회사 | 이동단말기 및 그것을 포함하는 이동 통신 시스템 |
CN105487857A (zh) * | 2015-11-24 | 2016-04-13 | 小米科技有限责任公司 | 一种提示图像拍摄部件开启的方法和装置 |
CN107277221A (zh) * | 2016-04-07 | 2017-10-20 | 沈阳晨讯希姆通科技有限公司 | 手机防窃听的方法及系统 |
CN106210285A (zh) * | 2016-06-29 | 2016-12-07 | 北京奇虎科技有限公司 | 一种录音安全控制方法、装置和设备 |
CN106571134B (zh) * | 2016-10-08 | 2021-02-12 | 深圳传音控股股份有限公司 | 一种防偷录方法及终端 |
CN106657552B (zh) * | 2016-11-30 | 2019-08-06 | Oppo广东移动通信有限公司 | 防止监听的方法、装置及终端 |
US10887292B2 (en) * | 2018-04-18 | 2021-01-05 | International Business Machines Corporation | Obfuscated haptic interfaces with natural interaction steganography |
CN108833698B (zh) * | 2018-06-08 | 2021-01-15 | 诺百爱(杭州)科技有限责任公司 | 一种移动设备文字通话方法 |
KR102142970B1 (ko) * | 2018-11-09 | 2020-08-10 | 한밭대학교 산학협력단 | 안드로이드 스마트폰용 도청 방지 방법 |
KR102425200B1 (ko) * | 2021-12-02 | 2022-07-25 | 이송대 | 통화 중에 레코딩 여부를 확인하는 방법 및 그를 이용한 서버 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008098870A1 (de) * | 2007-02-16 | 2008-08-21 | Blue Lion Mobile Gmbh | Verfahren zum abspielen einer sounddatei auf einem empfänger-mobiltelefon mittels eines sender-mobiltelefons sowie computerprogrammprodukt |
CN102045712A (zh) * | 2011-01-04 | 2011-05-04 | 奇智软件(北京)有限公司 | 一种用于移动终端的防监听方法及系统 |
CN102075610A (zh) * | 2009-11-23 | 2011-05-25 | 国基电子(上海)有限公司 | 可避免窃听的电话 |
CN102572123A (zh) * | 2011-12-21 | 2012-07-11 | 成都三零瑞通移动通信有限公司 | 一种监测x卧底窃听类软件通话录音上传的方法 |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6321098B1 (en) * | 1998-09-15 | 2001-11-20 | Qualcomm Incorporated | System and method for the recording and processing of information in a wireless communication device |
US7813481B1 (en) * | 2005-02-18 | 2010-10-12 | At&T Mobility Ii Llc | Conversation recording with real-time notification for users of communication terminals |
US20090165132A1 (en) * | 2007-12-21 | 2009-06-25 | Fiberlink Communications Corporation | System and method for security agent monitoring and protection |
US20090271522A1 (en) * | 2008-04-29 | 2009-10-29 | Embarq Holdings Company, Llc | System, Method and Apparatus For On-Demand Recording Of A Communication Session |
KR101813889B1 (ko) | 2010-11-11 | 2018-01-04 | 삼성전자 주식회사 | 휴대단말기의 경보 제어 장치 및 방법 |
US9733791B2 (en) * | 2011-09-12 | 2017-08-15 | Microsoft Technology Licensing, Llc | Access to contextually relevant system and application settings |
CN103379482A (zh) * | 2012-04-26 | 2013-10-30 | 腾讯科技(深圳)有限公司 | 一种在通话过程中防止录音的方法及装置 |
CN102843681A (zh) * | 2012-08-15 | 2012-12-26 | 腾讯科技(深圳)有限公司 | 信息交互方法和装置 |
-
2012
- 2012-09-20 CN CN2012800028769A patent/CN103416045A/zh active Pending
- 2012-09-20 ES ES12877084T patent/ES2570502T3/es active Active
- 2012-09-20 JP JP2014536100A patent/JP5899324B2/ja active Active
- 2012-09-20 ES ES15189682.6T patent/ES2625339T3/es active Active
- 2012-09-20 EP EP15189682.6A patent/EP2988472B1/en active Active
- 2012-09-20 KR KR1020137033037A patent/KR20140059173A/ko active Search and Examination
- 2012-09-20 WO PCT/CN2012/081670 patent/WO2014043876A1/zh active Application Filing
- 2012-09-20 EP EP12877084.9A patent/EP2728918B1/en active Active
-
2013
- 2013-12-16 US US14/107,124 patent/US9740861B2/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2008098870A1 (de) * | 2007-02-16 | 2008-08-21 | Blue Lion Mobile Gmbh | Verfahren zum abspielen einer sounddatei auf einem empfänger-mobiltelefon mittels eines sender-mobiltelefons sowie computerprogrammprodukt |
CN102075610A (zh) * | 2009-11-23 | 2011-05-25 | 国基电子(上海)有限公司 | 可避免窃听的电话 |
CN102045712A (zh) * | 2011-01-04 | 2011-05-04 | 奇智软件(北京)有限公司 | 一种用于移动终端的防监听方法及系统 |
CN102572123A (zh) * | 2011-12-21 | 2012-07-11 | 成都三零瑞通移动通信有限公司 | 一种监测x卧底窃听类软件通话录音上传的方法 |
Non-Patent Citations (1)
Title |
---|
See also references of EP2728918A4 * |
Also Published As
Publication number | Publication date |
---|---|
ES2625339T3 (es) | 2017-07-19 |
EP2728918A4 (en) | 2014-10-29 |
EP2988472A1 (en) | 2016-02-24 |
EP2988472B1 (en) | 2017-03-29 |
KR20140059173A (ko) | 2014-05-15 |
US20140109224A1 (en) | 2014-04-17 |
EP2728918B1 (en) | 2016-02-24 |
ES2570502T3 (es) | 2016-05-18 |
JP5899324B2 (ja) | 2016-04-06 |
EP2728918A1 (en) | 2014-05-07 |
US9740861B2 (en) | 2017-08-22 |
JP2014534712A (ja) | 2014-12-18 |
CN103416045A (zh) | 2013-11-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2014043876A1 (zh) | 窃听行为侦测方法及终端设备 | |
US11451657B2 (en) | Call method of mobile terminal, mobile terminal control method, and related device | |
WO2017000476A1 (zh) | 语音验证方法、装置以及系统 | |
WO2016000636A1 (zh) | 一种通信处理方法和系统 | |
JP2006285997A5 (zh) | ||
JP2015097107A (ja) | モバイルオペレーティング環境のための、イベント制御された連続的なロギングを提供すること | |
US20130157631A1 (en) | Systems and methods for handling incoming calls on a media device | |
KR20140034279A (ko) | 콘텍스트 인식 근접도 기반 무선 접속 설정 | |
WO2014029330A1 (zh) | 接听来电的方法、装置及终端 | |
US20220159453A1 (en) | Method for Using Remote SIM Module and Electronic Device | |
CN105120064A (zh) | 一种可穿戴设备对通信信息进行分类提醒的方法及装置 | |
KR20110071709A (ko) | 배터리 소진 공격에 대한 방어 방법 및 이 기능을 갖는 배터리 기반 무선 통신 기기와 기록 매체 | |
RU2015128657A (ru) | Способ и устройство для сообщения о запросе на вызов | |
WO2016201767A1 (zh) | 一种语音控制方法、装置及计算机存储介质 | |
CN104902077A (zh) | 一种移动终端信息通知的方法及其装置 | |
WO2018028239A1 (zh) | 一种控制终端的方法及装置、计算机存储介质 | |
CN109348048B (zh) | 通话留言方法、终端和具有存储功能的装置 | |
TWI241117B (en) | Method for managing a calling in on a cellular phone | |
WO2011150885A2 (zh) | 语音留言的管理方法和装置 | |
WO2015157948A1 (zh) | 一种管理黑名单的方法和设备 | |
CN104618987B (zh) | 接入网络的方法及装置 | |
CN106412481B (zh) | 基于VoLTE视频通话的提示方法、装置及终端 | |
CN110650249B (zh) | 通话接听方法、装置、计算机设备及存储介质 | |
WO2012163113A1 (zh) | 数据业务保护方法及装置 | |
WO2018027335A1 (zh) | 一种待机方法、解除终端锁定的方法、通信方法及系统 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: 2012877084 Country of ref document: EP |
|
ENP | Entry into the national phase |
Ref document number: 20137033037 Country of ref document: KR Kind code of ref document: A |
|
ENP | Entry into the national phase |
Ref document number: 2014536100 Country of ref document: JP Kind code of ref document: A |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12877084 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |