阅读说明：本技术 终端防止攻击方法、装置及存储介质 (Method and device for preventing terminal from attacking and storage medium ) 是由 苗素超 于 2020-11-06 设计创作，主要内容包括：本公开是关于一种终端防止攻击方法、装置及存储介质。终端防止攻击方法包括：获取所述终端检测到热点的热点信息；基于所述热点信息,确定热点为符合伪热点条件的伪热点,抑制连接所述伪热点。通过本公开,在终端连接热点时,可根据检测到的伪热点结果,抑制连接该伪热点,进而达到防止终端被伪热点攻击,保护终端中存储数据安全的目的。(The disclosure relates to a method and a device for preventing terminal attack and a storage medium. The terminal attack prevention method comprises the following steps: acquiring hotspot information of a hotspot detected by the terminal; and determining the hot spot as a pseudo hot spot meeting the pseudo hot spot condition based on the hot spot information, and inhibiting connection of the pseudo hot spot. According to the method and the device, when the terminal is connected with the hot spot, the connection of the pseudo hot spot can be inhibited according to the detected pseudo hot spot result, and therefore the purposes that the terminal is prevented from being attacked by the pseudo hot spot and the safety of the data stored in the terminal is protected are achieved.)

1. A method for preventing a terminal from attacking is characterized by comprising the following steps:

acquiring hotspot information of a hotspot detected by the terminal;

and determining the hot spot as a pseudo hot spot meeting the pseudo hot spot condition based on the hot spot information, and inhibiting connection of the pseudo hot spot.

2. The method according to claim 1, wherein the hotspot information comprises any one or a combination of information of identification information of the hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot.

3. The method according to claim 2, wherein if the hotspot information includes any one of identification information of a hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot, determining the hotspot as a pseudo hotspot meeting a pseudo hotspot condition based on the hotspot information comprises:

and if the hotspot information meets the pseudo hotspot condition, taking the hotspot as a pseudo hotspot.

4. The method according to claim 2, wherein if the hotspot information includes a combination of multiple pieces of information among identification information of a hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot, the determining that the hotspot is a pseudo hotspot meeting a pseudo hotspot condition based on the hotspot information includes:

and if the hot spot information with the number exceeding the preset number in the combination of the plurality of information accords with the pseudo hot spot condition, taking the hot spot as the pseudo hot spot.

5. The method according to claim 3 or 4, wherein the identification information of the hotspot comprises a MAC address of the hotspot and/or a timestamp of the hotspot MAC address;

the hot spot information conforms to the pseudo hot spot condition, and comprises the following steps:

detecting that the MAC address of the pre-stored trusted hotspot does not contain the MAC address of the hotspot based on the MAC address of the pre-stored trusted hotspot in the terminal; and/or

Detecting that the MAC address of the hotspot changes in a first time period; and/or

Detecting the time stamps of the hot spot MAC addresses, detecting that the interval time of the time stamps of a plurality of continuous hot spot MAC addresses is inconsistent in a second time period, and determining that the hot spot is a pseudo hot spot; and/or

Detecting that the channel information of the terminal pre-stored trusted hotspot does not contain the channel information of the hotspot based on the channel information of the pre-stored trusted hotspot in the terminal; and/or

Detecting signal information of the hot spot, and detecting that a signal of the hot spot changes in a third time period; and/or

And detecting that the hot spot is the pre-stored trusted hot spot, and detecting that the encryption grade of the hot spot is inconsistent with the encryption grade of the pre-stored trusted hot spot.

6. The method for preventing the terminal from attacking according to any one of claims 1 to 4, wherein after the hotspot is determined to be a pseudo hotspot, the method further comprises:

and displaying the prompt message of the pseudo hotspot on the terminal.

7. The method according to claim 1, wherein said refraining from connecting to the pseudo hotspot comprises:

and closing the hotspot connection function of the terminal.

8. The method for preventing attack of a terminal according to claim 1, wherein the method further comprises:

determining to start a mode for preventing the pseudo-hotspot attack, wherein the mode for preventing the pseudo-hotspot attack has one or more of the following functions:

forbidding a first application to access hotspot information of the trusted hotspot stored in the terminal, wherein the first application is other applications except for a preset application in the terminal;

prohibiting the terminal from broadcasting the hotspot information of the connected hotspot;

prohibiting the terminal from automatically connecting with the hotspot;

keeping connected password-free hotspots is prohibited.

9. An apparatus for preventing a terminal from attacking, the apparatus comprising:

the acquisition unit is configured to acquire hotspot information of a hotspot detected by the terminal;

and the processing unit is configured to determine the hot spot as a pseudo hot spot meeting a pseudo hot spot condition based on the hot spot information and inhibit connection of the pseudo hot spot.

10. The apparatus according to claim 9, wherein the hotspot information includes any one or a combination of information of identification information of a hotspot, channel information of a hotspot, signal information of a hotspot, and encryption level information of a hotspot.

11. The apparatus of claim 10, wherein if the hotspot information includes any one of identification information of the hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot,

the processing unit determines the hot spot to be a pseudo hot spot meeting the pseudo hot spot condition based on the hot spot information in the following way:

and if the hotspot information meets the pseudo hotspot condition, taking the hotspot as a pseudo hotspot.

12. The apparatus according to claim 10, wherein if the hotspot information includes a combination of multiple pieces of information in the identification information of the hotspot, the channel information of the hotspot, the signal information of the hotspot, and the encryption level information of the hotspot, the processing unit determines, based on the hotspot information, a pseudo hotspot meeting a pseudo hotspot condition in the following manner:

and if the hot spot information with the number exceeding the preset number in the combination of the plurality of information accords with the pseudo hot spot condition, taking the hot spot as the pseudo hot spot.

13. The apparatus according to claim 11 or 12, wherein the identification information of the hotspot comprises a MAC address of the hotspot and/or a timestamp of the hotspot MAC address;

the hot spot information of the hot spot meets the pseudo hot spot condition, and the method comprises the following steps:

detecting that the MAC address of the pre-stored trusted hotspot does not contain the MAC address of the hotspot based on the MAC address of the pre-stored trusted hotspot in the terminal; and/or

Detecting that the MAC address of the hotspot changes in a first time period; and/or

Detecting the time stamps of the hot spot MAC addresses, detecting that the interval time of the time stamps of a plurality of continuous hot spot MAC addresses is inconsistent in a second time period, and determining that the hot spot is a pseudo hot spot; and/or

Detecting that the channel information of the terminal pre-stored trusted hotspot does not contain the channel information of the hotspot based on the channel information of the pre-stored trusted hotspot in the terminal; and/or

Detecting signal information of the hot spot, and detecting that a signal of the hot spot changes in a third time period; and/or

And detecting that the hot spot is the pre-stored trusted hot spot, and detecting that the encryption grade of the hot spot is inconsistent with the encryption grade of the pre-stored trusted hot spot.

14. The device according to any one of claims 9 to 12, wherein after determining that the hotspot is a pseudo hotspot, the device further comprises a display unit;

the display unit is configured to display prompt information of the pseudo hot spot on the terminal.

15. The apparatus according to claim 9, wherein the processing unit suppresses connection of the pseudo hotspot as follows:

and closing the hotspot connection function of the terminal.

16. The terminal attack prevention apparatus according to claim 9, wherein the apparatus further comprises a determination unit;

the determining unit is configured to determine to turn on a mode for preventing pseudo-hotspot attacks, the mode for preventing pseudo-hotspot attacks having one or more of the following functions:

forbidding a first application to access hotspot information of the trusted hotspot stored in the terminal, wherein the first application is other applications except for a preset application in the terminal;

prohibiting the terminal from broadcasting the hotspot information of the connected hotspot;

prohibiting the terminal from automatically connecting with the hotspot;

keeping connected password-free hotspots is prohibited.

17. An attack prevention apparatus for a terminal, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor is configured to perform the terminal attack prevention method of any one of claims 1-8.

18. A non-transitory computer readable storage medium, instructions in which, when executed by a processor of a mobile terminal, enable the mobile terminal to perform the terminal attack prevention method of any one of claims 1-8.

Technical Field

The present disclosure relates to the field of terminal technologies, and in particular, to a method and an apparatus for preventing a terminal from being attacked, and a storage medium.

Background

At present, when a user uses a mobile terminal to surf the internet, the user often uses a Wireless-Fidelity (WIFI) mode to perform network connection. A considerable portion of the numerous WIFI hotspots are potential safety hazards. For example, a maliciously deployed hotspot can directly cause a public trusted WIFI hotspot through phishing routing counterfeiting, and after the terminal is actively connected to a WIFI hotspot counterfeited by a hacker, the hacker can collect personal privacy information stored in the terminal, monitor communication traffic and the like through the counterfeited WIFI hotspot, so that the personal information security of the user is seriously damaged.

Disclosure of Invention

To overcome the problems in the related art, the present disclosure provides a method, an apparatus, and a storage medium for preventing a terminal from being attacked.

According to a first aspect of the embodiments of the present disclosure, there is provided a method for preventing a terminal from attacking, where the method for preventing the terminal from attacking includes: acquiring hotspot information of a hotspot detected by the terminal; and determining the hot spot as a pseudo hot spot meeting the pseudo hot spot condition based on the hot spot information, and inhibiting the pseudo hot spot from being connected.

In an example, the hotspot information includes any one or a combination of hotspot identification information, hotspot channel information, hotspot signal information and hotspot encryption level information.

In an example, if the hotspot information includes any one of identification information of a hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot, determining, based on the hotspot information, that the hotspot is a pseudo hotspot meeting a pseudo hotspot condition includes: and if the hotspot information meets the pseudo hotspot condition, taking the hotspot as a pseudo hotspot.

In an example, if the hotspot information includes a combination of multiple information of identification information of a hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot, the determining, based on the hotspot information, that the hotspot is a pseudo hotspot meeting a pseudo hotspot condition includes: and if the hot spot information with the number exceeding the preset number in the combination of the plurality of information accords with the pseudo hot spot condition, taking the hot spot as the pseudo hot spot.

In an example, the identification information of the hotspot includes a MAC address of the hotspot and/or a timestamp of the hotspot MAC address; the hot spot information of the hot spot meets the pseudo hot spot condition, and the method comprises the following steps: detecting that the MAC address of the pre-stored trusted hotspot does not contain the MAC address of the hotspot based on the MAC address of the pre-stored trusted hotspot in the terminal; and/or detecting that the MAC address of the hotspot changes within a first time period; and/or detecting the timestamps of the hot spot MAC addresses, and determining that the hot spots are pseudo hot spots when the interval time of the timestamps of a plurality of continuous hot spot MAC addresses is inconsistent in a second time period; and/or detecting that the channel information of the terminal pre-stored trusted hotspot does not contain the channel information of the hotspot based on the channel information of the pre-stored trusted hotspot in the terminal; and/or detecting signal information of the hot spot, and detecting that the signal of the hot spot changes in a third time period; and/or detecting that the hot spot is the pre-stored trusted hot spot, and detecting that the encryption level of the hot spot is inconsistent with the encryption level of the pre-stored trusted hot spot.

In an example, after determining that the hotspot is a pseudo hotspot, the method further includes: and displaying the prompt message of the pseudo hotspot on the terminal.

In one example, refraining from connecting the pseudo-hotspot includes: and closing the hotspot connection function of the terminal.

In an example, the method further comprises: determining to start a mode for preventing the pseudo-hotspot attack, wherein the mode for preventing the pseudo-hotspot attack has one or more of the following functions: forbidding a first application to access hotspot information of the trusted hotspot stored in the terminal, wherein the first application is other applications except for a preset application in the terminal; prohibiting the terminal from broadcasting the hotspot information of the connected hotspot; prohibiting the terminal from automatically connecting with the hotspot; keeping connected password-free hotspots is prohibited.

According to a second aspect of the embodiments of the present disclosure, there is provided a terminal attack prevention apparatus, including: the acquisition unit is configured to acquire hotspot information of a hotspot detected by the terminal; and the processing unit is configured to determine the hot spot as a pseudo hot spot meeting a pseudo hot spot condition based on the hot spot information and inhibit connection of the pseudo hot spot.

In an example, the hotspot information includes any one or a combination of information of identification information of the hotspot, channel information of the hotspot, signal information of the hotspot and encryption level information of the hotspot.

In an example, if the hotspot information includes any one of identification information of a hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot, the processing unit determines that the hotspot is a pseudo hotspot meeting a pseudo hotspot condition based on the hotspot information in the following manner: and if the hotspot information meets the pseudo hotspot condition, taking the hotspot as a pseudo hotspot.

In an example, if the hotspot information includes a combination of multiple information in identification information of a hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot, the processing unit determines, based on the hotspot information, a pseudo hotspot meeting a pseudo hotspot condition in the following manner: and if the hot spot information with the number exceeding the preset number in the combination of the plurality of information accords with the pseudo hot spot condition, taking the hot spot as the pseudo hot spot.

In an example, the identification information of the hotspot includes a MAC address of the hotspot and/or a timestamp of the hotspot MAC address; the hot spot information of the hot spot meets the pseudo hot spot condition, and the method comprises the following steps: detecting that the MAC address of the pre-stored trusted hotspot does not contain the MAC address of the hotspot based on the MAC address of the pre-stored trusted hotspot in the terminal; and/or detecting that the MAC address of the hotspot changes within a first time period; and/or detecting the timestamps of the hot spot MAC addresses, and determining that the hot spots are pseudo hot spots when the interval time of the timestamps of a plurality of continuous hot spot MAC addresses is inconsistent in a second time period; and/or detecting that the channel information of the terminal pre-stored trusted hotspot does not contain the channel information of the hotspot based on the channel information of the pre-stored trusted hotspot in the terminal; and/or detecting signal information of the hot spot, and detecting that the signal of the hot spot changes in a third time period; and/or detecting that the hot spot is the pre-stored trusted hot spot, and detecting that the encryption level of the hot spot is inconsistent with the encryption level of the pre-stored trusted hot spot.

In an example, after determining that the hotspot is a pseudo hotspot, the apparatus further includes a display unit; the display unit is configured to display prompt information of the pseudo hot spot on the terminal.

In one example, the processing unit suppresses connecting the pseudo hotspot as follows: and closing the hotspot connection function of the terminal.

In an example, the apparatus further comprises a determining unit; the determining unit is configured to determine to turn on a mode for preventing pseudo-hotspot attacks, the mode for preventing pseudo-hotspot attacks having one or more of the following functions: forbidding a first application to access hotspot information of the trusted hotspot stored in the terminal, wherein the first application is other applications except for a preset application in the terminal; prohibiting the terminal from broadcasting the hotspot information of the connected hotspot; prohibiting the terminal from automatically connecting with the hotspot; keeping connected password-free hotspots is prohibited.

According to a third aspect of the present disclosure, there is provided a terminal attack prevention apparatus including: a memory configured to store instructions. And a processor configured to invoke instructions to execute the terminal attack prevention method in the foregoing first aspect or any example of the first aspect.

According to a fourth aspect of the present disclosure, there is provided a non-transitory computer-readable storage medium storing computer-executable instructions that, when executed by a processor, perform the method of the first aspect or the terminal anti-attack in any one of the examples of the first aspect.

The technical scheme provided by the embodiment of the disclosure can have the following beneficial effects: the method comprises the steps of acquiring hotspot information of a hotspot detected by a terminal before the terminal is connected with the hotspot, determining the hotspot to be a pseudo hotspot meeting a pseudo hotspot condition based on the hotspot information of the detected hotspot, and inhibiting the pseudo hotspot from being connected according to a detected pseudo hotspot result when the terminal is connected with the hotspot, so that the purposes of preventing the terminal from being attacked by the pseudo hotspot and protecting the safety of data stored in the terminal are achieved.

It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.

Drawings

The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure.

Fig. 1 is a flowchart illustrating a method for preventing an attack by a terminal according to an exemplary embodiment.

Fig. 2 is a flowchart illustrating a method for preventing an attack by a terminal according to an exemplary embodiment.

Fig. 3 is a flowchart illustrating a method for preventing an attack by a terminal according to an exemplary embodiment.

Fig. 4 is a block diagram illustrating a terminal attack prevention apparatus according to an exemplary embodiment.

Fig. 5 is a block diagram illustrating an apparatus for a terminal to prevent attacks according to an example embodiment.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the exemplary embodiments below are not intended to represent all implementations consistent with the present disclosure. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present disclosure, as detailed in the appended claims.

The technical scheme of the exemplary embodiment of the present disclosure can be applied to an application scenario in which a terminal connects to a wireless network. In the exemplary embodiments described below, a terminal is sometimes also referred to as an intelligent terminal device, where the terminal may be a Mobile terminal, and may also be referred to as a User Equipment (UE), a Mobile Station (MS), and the like. A terminal is a device that provides voice and/or data connection to a user, or a chip disposed in the device, such as a handheld device, a vehicle-mounted device, etc. having a wireless connection function. Examples of terminals may include, for example: the Mobile terminal comprises a Mobile phone, a tablet computer, a notebook computer, a palm computer, Mobile Internet Devices (MID), a wearable device, a Virtual Reality (VR) device, an Augmented Reality (AR) device, a wireless terminal in industrial control, a wireless terminal in unmanned driving, a wireless terminal in remote operation, a wireless terminal in a smart grid, a wireless terminal in transportation safety, a wireless terminal in a smart city, a wireless terminal in a smart home and the like.

With the popularization of wireless internet access, a large number of public WIFI hotspots exist around users for the users to connect. Such as hotel WIFI, restaurant WIFI, cafe WIFI, etc. These public WIFI are typically password-less WIFI or passwords are well known to the public. After the user connects public WIFI, the WIFI hotspots which were connected can be automatically stored, and the user equipment can be automatically connected again when the hotspots reappear in the same area next time.

In addition, in order to increase the connection speed, the ue broadcasts the ESSID (Extended Service SetIdentifier) that the ue has connected to all WIFI hotspots. For example, a user device has connected WIFI hotspots of hotel a, and the user device actively broadcasts the connected WIFI hotspots to the outside. After the hacker catches the data, the WIFI hotspot of the hotel A can be forged by the phishing route directly, and the user equipment can be actively connected to the WIFI hotspot of the hotel A forged by the hacker.

After the user equipment is actively connected with the pseudo-WIFI, a hacker can collect personal privacy information stored in the terminal through the pseudo-WIFI, monitor communication flow and the like, and seriously infringes the personal information security of the user.

The embodiment of the disclosure provides a method for preventing a terminal from attacking. According to the terminal attack prevention method, before the terminal is connected with the hot spot, hot spot information of the hot spot located in the terminal specified distance range is detected, the hot spot located in the terminal specified distance range is determined based on the hot spot information of the hot spot located in the terminal specified distance range, the pseudo hot spot meeting the pseudo hot spot condition exists, when the terminal is connected with the hot spot, the pseudo hot spot can be restrained from being connected according to the detected pseudo hot spot result, and therefore the purposes that the terminal is prevented from being attacked by the pseudo hot spot, and the safety of data stored in the terminal is protected are achieved.

Fig. 1 is a flowchart illustrating a method for preventing a terminal from attacking according to an exemplary embodiment, where the method for preventing a terminal from attacking is used in the terminal, as shown in fig. 1, and includes the following steps.

In step S11, hotspot information of the hotspot detected by the terminal is obtained.

At present, based on the 802.11 protocol of the wireless network standard, a hotspot may continuously and periodically send Beacon frames to announce its existence, and inform surrounding terminals of the existence of the hotspot. The terminal continuously sends out a Probe Response frame for checking whether the previously connected hotspot is around the current terminal, if the visited hotspot exists in the distance, the corresponding hotspot responds with the Probe Response frame, and the connection between the terminal and the hotspot is realized.

However, any device can transmit beacon frames and probe-response frames to any network. Based on this, an attacker can build a portable pseudo access point, which can not only respond to the probe-request frame of the probe-response frame sent by any terminal, but they can also send beacon frames to any target terminal.

Therefore, when the terminal connects to the public network, if the attacker knows the previously connected WIFI password or that the attacker attacks an open network, the terminal will connect to the pseudo hotspot without hesitation, and the attacker can acquire all network traffic of the attacker (similar to man-in-the-middle attack). In addition to this, an attacker can even let the user's browser present malicious pages and launch a phishing attack.

Therefore, in order to prevent the terminal from connecting a pseudo hotspot, hotspot information of hotspots around the terminal is detected in real time before the terminal is connected with a wireless network. The distance range around the terminal can represent the distance range in which the terminal can receive the hotspot information sent by the hotspot. The detected hotspot information is information sent by the hotspot without interruption.

In one embodiment, the hotspot information may include any one of identification information of the hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot, for example.

And in order to prevent erroneous prediction, when acquiring and detecting hotspot information of a hotspot, the hotspot information may include a combination of a plurality of information in identification information of the hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot. Based on the hotspot information combination comprising a plurality of hotspot information, the hotspot can be detected in multiple directions and multiple angles, and the detection accuracy is ensured.

In step S12, based on the hotspot information, it is determined that the hotspot is a pseudo hotspot meeting the pseudo hotspot condition, and connection of the pseudo hotspot is suppressed.

In one embodiment, for each hotspot detected around the terminal, based on hotspot information of each hotspot, whether the hotspot information meets a pseudo hotspot condition is determined, the hotspot of which the hotspot information meets the pseudo hotspot condition is determined as a pseudo hotspot, and connection to the pseudo hotspot is suppressed.

For example, the hotspot information includes one of identification information of the hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot, and if the acquired hotspot information meets a pseudo hotspot condition, the hotspot is taken as the pseudo hotspot.

For another example, the hotspot information includes identification information of the hotspot, channel information of the hotspot, signal information of the hotspot, and a combination of multiple pieces of information in encryption level information of the hotspot, and if there is hotspot information exceeding a preset number in the obtained combination of multiple pieces of hotspot information and meeting a pseudo hotspot condition, the hotspot is determined as a pseudo hotspot, and connection to the pseudo hotspot is suppressed.

For example, the pseudo hotspot connection can be suppressed by closing the hotspot connection function of the terminal.

In the exemplary embodiment of the disclosure, before the terminal is connected with the hotspot, hotspot information of the hotspot detected by the terminal is acquired, and the hotspot is determined to be a pseudo hotspot meeting a pseudo hotspot condition based on the hotspot information of the detected hotspot.

Fig. 2 is a flowchart illustrating a method for preventing a terminal from attacking according to an exemplary embodiment, where the method for preventing a terminal from attacking is used in the terminal, as shown in fig. 2, and includes the following steps.

In step S21, hotspot information of the hotspot detected by the terminal is obtained, where the hotspot information includes a combination of multiple information in the identification information of the hotspot, the channel information of the hotspot, the signal information of the hotspot, and the encryption level information of the hotspot.

In step S22, a pseudo hotspot condition is determined according to a combination of a plurality of pieces of information included in the hotspot information.

In order to prevent erroneous prediction, when detecting hotspot information of a hotspot, hotspot information may be combined based on a plurality of information in identification information of the hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot. The identification information of the hot spot comprises a MAC address of the hot spot and/or a time stamp of the MAC address of the hot spot.

In one embodiment, the pseudo-hotspot condition may be determined according to a plurality of information combinations included in the hotspot information, for example, based on the following:

and detecting that the MAC address of the pre-stored trusted hotspot does not contain the MAC address of the hotspot based on the MAC address of the pre-stored trusted hotspot in the terminal. And/or detecting a change in the MAC address of the hotspot during the first time period. And/or detecting the timestamps of the hot spot MAC addresses, and determining that the hot spots are pseudo hot spots when the interval time of the timestamps of the plurality of continuous hot spot MAC addresses is inconsistent in a second time period.

Since each hotspot has its own MAC address, the present disclosure may pre-store the MAC address of the connected, trusted hotspot in the terminal in advance, and before connecting the hotspot, the MAC addresses of the hotspots around the terminal may be compared with the stored MAC address of the trusted hotspot, and when it is detected that the MAC address of the hotspot is not included in the pre-stored MAC address of the trusted hotspot, it may be determined that the detected hotspot meets the pseudo hotspot condition.

In addition, in general, when transmitting data, a hotspot continuously transmits time stamp information corresponding to the data, and generally, the time stamp information is transmitted once in milliseconds, about 25 microseconds. Most of the pseudo hot spots often have data packet loss when sending data, so that adjacent time stamps cannot keep time intervals consistent.

In addition, since the pseudo hot spot is frequently forged and each terminal is attempted to be connected, the MAC address of the pseudo hot spot may be changed within a preset time period, for example, 200 ms.

And if the hotspot information comprises hotspot channel information, determining that the pseudo hotspot condition comprises channel information of a pre-stored trusted hotspot in the terminal, and detecting that the channel information of the pre-stored trusted hotspot in the terminal does not comprise the channel information of the hotspot.

Generally, each hot spot has a fixed transmission channel when transmitting data. The method can pre-store the channel information of the connected and trusted hot spots in the terminal in advance, compares the channel information of the hot spot with the stored channel information of the trusted hot spot after detecting that the connected trusted hot spot exists around the terminal before connecting the hot spot, and can determine that the detected hot spot meets the pseudo hot spot condition when detecting that the pre-stored channel information of the trusted hot spot does not contain the channel information of the hot spot.

And if the hotspot information comprises hotspot signal information, determining that the pseudo hotspot condition comprises detection of the hotspot signal information, and detecting that the hotspot signal changes in a third time period.

Since a hacker will frequently forge different hot spots of the same route and frequently connect each terminal, at this time, within a preset time period, for example, within 100 milliseconds, the signal information of the fake hot spot will be neglected, which is particularly unstable.

And if the hotspot information comprises hotspot encryption grade information, determining the pseudo hotspot condition comprises detecting that the hotspot is a pre-stored trusted hotspot and detecting that the hotspot encryption grade is inconsistent with the pre-stored trusted hotspot encryption grade.

The method can pre-store the encryption information of the connected and trusted hot spot in the terminal in advance, before the hot spot is connected, the encryption grade detection is carried out on the hot spot after the situation that the trusted hot spot connected once exists around the terminal is detected, and when the situation that the encryption grade of the hot spot is not consistent with the pre-stored encryption grade is detected, the detected hot spot can be determined to accord with the pseudo hot spot condition. For example, if the encryption level of the pre-stored hotspot is a password-required hotspot and the newly accessed hotspot becomes a password-unnecessary hotspot, it can be determined that the detected hotspot meets the pseudo hotspot condition.

In order to prevent the terminal from being connected with the pseudo hotspot by mistake, in one embodiment, after the pseudo hotspot is detected to exist around the terminal, prompt information of the pseudo hotspot can be displayed on the terminal.

In step S23, based on the hotspot information, it is determined that the hotspot is a pseudo hotspot meeting the pseudo hotspot condition, and connection of the pseudo hotspot is suppressed.

In the exemplary embodiment of the present disclosure, in order to prevent detection errors, when detecting hotspot information of a hotspot, the hotspot may be detected in multiple directions and multiple angles by using a pseudo hotspot condition determined based on hotspot identification information, a pseudo hotspot condition determined based on hotspot channel information, a pseudo hotspot condition determined based on hotspot signal information, and a hotspot information combination determined based on hotspot encryption level information, so as to ensure accurate detection.

In the following, the method for preventing the terminal from being attacked will be described by taking the terminal as an android mobile phone as an example.

Fig. 3 is a flowchart illustrating a method for preventing a terminal from attacking according to an exemplary embodiment, where the method for preventing a terminal from attacking is used in the terminal, as shown in fig. 3, and includes the following steps.

In step S31, it is determined to turn on a mode for preventing a pseudo-hotspot attack.

In the disclosure, in order to protect the terminal from being attacked by the pseudo hotspot, a mode of combining advance prevention and real-time detection is adopted to ensure that the terminal is prevented from being attacked by the pseudo hotspot. Furthermore, in order to prevent the hot spot information stored in the terminal from being leaked, the mode for preventing the pseudo hot spot attack can be started in the terminal setting item.

And the switch is used for indicating whether the mode for preventing the pseudo-hotspot attack is started or not.

In one embodiment, the mode for preventing the pseudo-hotspot attack has at least one of the following functions:

and forbidding the first application to access the hotspot information of the trusted hotspot stored in the terminal, wherein the first application is other applications except the preset application in the terminal. The preset application may be, for example, an application pre-installed by a terminal manufacturer before the terminal leaves a factory. For convenience of description, the application other than the application pre-installed by the terminal manufacturer before the terminal leaves the factory is referred to as a first application.

For example, in a file of/data/misc/WIFI/wpa _ supplicant.conf included in an android phone, since all WIFI information, Service Set Identifier (SSID), WIFI passwords, WIFI encryption modes, and MAC addresses of WIFI that the android terminal has connected to once are included in the file. And under the attack prevention mode, all non-system applications are prohibited from accessing the description file of the WIFI connection information, so that the important information is prevented from being uploaded.

And prohibiting the terminal from broadcasting the hotspot information of the connected hotspot. And prohibiting the terminal from automatically connecting with the hotspot. Keeping connected password-free hotspots is prohibited.

In step S32, hotspot information of the hotspot detected by the terminal is obtained, where the hotspot information includes a combination of multiple information in the identification information of the hotspot, the channel information of the hotspot, the signal information of the hotspot, and the encryption level information of the hotspot.

In step S33, based on the hotspot information, it is determined that the hotspot is a pseudo hotspot meeting the pseudo hotspot condition, and connection of the pseudo hotspot is suppressed.

In the exemplary embodiment of the disclosure, by starting the mode for preventing the pseudo hotspot attack and the mode for detecting the combination of the pseudo hotspots in real time, the terminal can be prevented from being attacked by the pseudo hotspots. And moreover, a switch for starting a pseudo-hotspot attack prevention mode is set in the terminal setting item, so that a user can flexibly control a hotspot connection mode of the terminal according to the environment, and the user experience is improved.

Based on the same conception, the embodiment of the disclosure also provides a device for preventing the terminal from attacking.

It can be understood that, in order to implement the above functions, the terminal attack prevention apparatus provided by the embodiments of the present disclosure includes a hardware structure and/or a software module corresponding to the execution of each function. The disclosed embodiments can be implemented in hardware or a combination of hardware and computer software, in combination with the exemplary elements and algorithm steps disclosed in the disclosed embodiments. Whether a function is performed as hardware or computer software drives hardware depends upon the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.

Fig. 4 is a block diagram illustrating a terminal attack prevention apparatus according to an exemplary embodiment. Referring to fig. 4, the terminal attack prevention apparatus 400 includes an acquisition unit 401 and a processing unit 402.

Wherein: an obtaining unit 401 configured to obtain hotspot information of a hotspot detected by the terminal; the processing unit 402 is configured to determine, based on the hotspot information, that the hotspot is a pseudo hotspot meeting a pseudo hotspot condition, and suppress connection to the pseudo hotspot.

In an embodiment, the hotspot information includes any one or a combination of information of identification information of the hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot.

In an embodiment, if the hotspot information includes any one of identification information of a hotspot, channel information of the hotspot, signal information of the hotspot, and encryption level information of the hotspot, the processing unit 402 determines that the hotspot is a pseudo hotspot meeting a pseudo hotspot condition based on the hotspot information in the following manner: and if the hotspot information meets the pseudo hotspot condition, taking the hotspot as a pseudo hotspot.

In an embodiment, if the hotspot information includes a combination of multiple information in the identification information of the hotspot, the channel information of the hotspot, the signal information of the hotspot, and the encryption level information of the hotspot, the processing unit 402 determines, based on the hotspot information, a pseudo hotspot meeting a pseudo hotspot condition in the following manner: and if the hot spot information with the number exceeding the preset number in the combination of the plurality of information accords with the pseudo hot spot condition, taking the hot spot as the pseudo hot spot.

In an embodiment, the identification information of the hotspot includes a MAC address of the hotspot and/or a timestamp of the hotspot MAC address; the hot spot information of the hot spot meets the pseudo hot spot condition, and the method comprises the following steps: detecting that the MAC address of the pre-stored trusted hotspot does not contain the MAC address of the hotspot based on the MAC address of the pre-stored trusted hotspot in the terminal; and/or detecting that the MAC address of the hotspot changes within a first time period; and/or detecting the timestamps of the hot spot MAC addresses, and determining that the hot spots are pseudo hot spots when the interval time of the timestamps of a plurality of continuous hot spot MAC addresses is inconsistent in a second time period; and/or detecting that the channel information of the terminal pre-stored trusted hotspot does not contain the channel information of the hotspot based on the channel information of the pre-stored trusted hotspot in the terminal; and/or detecting signal information of the hot spot, and detecting that the signal of the hot spot changes in a third time period; and/or detecting that the hot spot is the pre-stored trusted hot spot, and detecting that the encryption level of the hot spot is inconsistent with the encryption level of the pre-stored trusted hot spot.

In an embodiment, after determining that the hotspot is a pseudo hotspot, the apparatus further includes a display unit 403; the display unit is configured to display prompt information of the pseudo hot spot on the terminal.

In an embodiment, the processing unit 402 suppresses connecting the pseudo hot spot as follows: and closing the hotspot connection function of the terminal.

In an embodiment, the apparatus further comprises a determining unit 404; the determining unit 404 is configured to determine to turn on a mode for preventing a pseudo-hotspot attack, where the mode for preventing a pseudo-hotspot attack has one or more of the following functions: forbidding a first application to access hotspot information of the trusted hotspot stored in the terminal, wherein the first application is other applications except for a preset application in the terminal; prohibiting the terminal from broadcasting the hotspot information of the connected hotspot; prohibiting the terminal from automatically connecting with the hotspot; keeping connected password-free hotspots is prohibited.

With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.

Fig. 5 is a block diagram illustrating an apparatus 500 for a terminal to prevent attacks according to an example embodiment. For example, the apparatus 500 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.

Referring to fig. 5, the apparatus 500 may include one or more of the following components: a processing component 502, a memory 504, a power component 506, a multimedia component 508, an audio component 510, an input/output (I/O) interface 512, a sensor component 514, and a communication component 516.

The processing component 502 generally controls overall operation of the device 500, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing components 502 may include one or more processors 520 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 502 can include one or more modules that facilitate interaction between the processing component 502 and other components. For example, the processing component 502 can include a multimedia module to facilitate interaction between the multimedia component 508 and the processing component 502.

The memory 504 is configured to store various types of data to support operations at the apparatus 500. Examples of such data include instructions for any application or method operating on device 500, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 504 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.

Power component 506 provides power to the various components of device 500. The power components 506 may include a power management system, one or more power sources, and other components associated with generating, managing, and distributing power for the apparatus 500.

The multimedia component 508 includes a screen that provides an output interface between the device 500 and the user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 508 includes a front facing camera and/or a rear facing camera. The front camera and/or the rear camera may receive external multimedia data when the device 500 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.

The audio component 510 is configured to output and/or input audio signals. For example, audio component 510 includes a Microphone (MIC) configured to receive external audio signals when apparatus 500 is in an operating mode, such as a call mode, a recording mode, and a voice recognition mode. The received audio signals may further be stored in the memory 504 or transmitted via the communication component 516. In some embodiments, audio component 510 further includes a speaker for outputting audio signals.

The I/O interface 512 provides an interface between the processing component 502 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.

The sensor assembly 514 includes one or more sensors for providing various aspects of status assessment for the device 500. For example, the sensor assembly 514 may detect an open/closed state of the apparatus 500, the relative positioning of the components, such as a display and keypad of the apparatus 500, the sensor assembly 514 may also detect a change in the position of the apparatus 500 or a component of the apparatus 500, the presence or absence of user contact with the apparatus 500, orientation or acceleration/deceleration of the apparatus 500, and a change in the temperature of the apparatus 500. The sensor assembly 514 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 514 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 514 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.

The communication component 516 is configured to facilitate communication between the apparatus 500 and other devices in a wired or wireless manner. The device 500 may access a wireless network based on a communication standard, such as WIFI, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 516 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 516 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on Radio Frequency Identification (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.

In an exemplary embodiment, the apparatus 500 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.

In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 504 comprising instructions, executable by the processor 520 of the apparatus 500 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.

It is understood that "a plurality" in this disclosure means two or more, and other words are analogous. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. The singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.

It will be further understood that the terms "first," "second," and the like are used to describe various information and that such information should not be limited by these terms. These terms are only used to distinguish one type of information from another and do not denote a particular order or importance. Indeed, the terms "first," "second," and the like are fully interchangeable. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the present disclosure.

It will be further understood that, unless otherwise specified, "connected" includes direct connections between the two without the presence of other elements, as well as indirect connections between the two with the presence of other elements.

It is further to be understood that while operations are depicted in the drawings in a particular order, this is not to be understood as requiring that such operations be performed in the particular order shown or in serial order, or that all illustrated operations be performed, to achieve desirable results. In certain environments, multitasking and parallel processing may be advantageous.

Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

It will be understood that the present disclosure is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the present disclosure is limited only by the appended claims.