CCTV News: The WeChat official account of the Ministry of Security, in the era of digital wave, scanning software has become a quick assistant for office and life scenarios with its efficient text recognition and graphic conversion functions, bringing us many conveniences. However, in daily use, due to the lack of confidentiality awareness and insufficient risk perception, this quick assistant has become a "pusher" to leak state secrets and break through the confidentiality defense line.

Recently, staff from a certain agency have used Internet scanning software to scan confidential meeting minutes for convenience, so that the file is automatically backed up to the network disk. However, his network disk account password was brutally cracked, causing the attacker to obtain 127 confidential documents he scanned in three years. Later, the leaked documents were spread on overseas social media, causing major leaks, posing a real threat to our national security.

Potential hidden dangers need to be paid attention to

—The transmission path is not protected. Currently, most of the scanning software and programs on the market identify and analyze files provided by users based on cloud databases provided by development companies. This means that in multiple stages of scanning software operation, processing and feedback, the file content will be delivered on the Internet several times. If the confidential sensitive content is accidentally scanned and uploaded, it will provide an opportunity for criminals to steal personal privacy and even state secrets.

——Permission request is extraordinary. When some scanning software is installed, they will apply for permissions that exceed normal scanning requirements, such as obtaining permissions such as microphone, address book, photo album, SMS records, etc. Once the user easily authorizes it, the software can obtain various information in the device, which may lead to theft of important information such as identity information, account data, etc. stored in the device.

——There is a vulnerability in cloud storage. Many scanning software provides cloud storage functions, and the security of cloud storage mainly depends on its encryption technology, access control and security measures of service providers. However, in practical applications, these technical means are difficult to achieve absolute perfection. Once the account is cracked or the service provider has system vulnerabilities, or it is attacked by overseas spy intelligence agencies, it may lead to the leakage of information stored in the cloud or malicious use.

——Malware disguise. Some cases show that some malicious programs disguised as scanning software exist in some unofficial application markets or websites. Once users download and install, they quietly run in the background of the device, automatically scanning and stealing information and data in the device.

Be vigilant and build a line of defense

National security is no trivial matter, and there are no "outsiders" to keep confidential. The general public, especially staff in confidential positions, must effectively improve their security awareness, consciously standardize the use of software applications, and do a good job in information security protection.

——Strictly implement confidentiality regulations. Always remember that "no confidentiality is involved in the Internet, no confidentiality is involved". It is strictly forbidden to transmit, save or process confidential information through any Internet channel. It is strictly forbidden to use network scanning software to scan and identify confidential information, and confidential files cannot be stored online on the grounds of convenient work.

——Choose scanning software carefully. Try to download security-certified scanning software from the official app store to reduce the risk of downloading malware. Before downloading, you can view the software's user reviews and developer information to understand its credibility and security.

——Strictly control software permissions. When installing the scanning software, carefully check the list of permissions requested by the software. Only grant the permissions necessary for the operation of the software, beware of sensitive and out-of-scope permission requests for the application software, regularly check the permission settings of installed software, and promptly close the over-granted software usage permissions.

——Enhance data storage security. Carefully select the automatic backup function of photos, address books and other information provided by the service provider to the cloud. Before storing data in the cloud, you can encrypt the data through professional software, or use the encryption function that comes with cloud disk to directly select the encryption option when uploading files. For files that need to be shared, it is recommended to enable the "Extract Code" function before sharing and turn off the remaining operation permissions to avoid data leakage due to excessive sharing.

The risk of leaks in scanning software cannot be underestimated. We must keep our eyes open and be vigilant, always guard against the risks of leaks hidden behind the scanning software, and strictly protect information security. In this information security war without gunpowder, everyone is a line of defense. Let us work together to protect the information security of the country and individuals, and never let the scanning software become a "accomplice" of missing leaks.