AbstractThe Internet real‐name system is widely implemented among Chinese Internet users, and many commonly used apps in China exist the functions of real‐name authentication. However, our study found that many apps do not have effective restrictions on user's operations of real‐name authentication, resulting in users being able to frequently perform unsuccessful real‐name authentication attempts. This vulnerability can help an attacker crack celebrity's ID card number by enumeration attacks, and a feasible cracking method was proposed in this paper. First, the information of birth date, birth place, and life experiences of a celebrity is collected from the platforms that display celebrities' personal information (e.g., Wikipedia, Baidu Baike, etc.). In this process, an information extraction method is used to infer permanent residences from life experiences. Then, the possible ID card numbers of a celebrity can be constructed by using the information of birth date, birth place, and permanent residences. Finally, these possible ID card numbers will be verified by sending requests to platforms that have vulnerabilities in the function of user real‐name authentication, until the real ID card number of a celebrity being cracked. This paper conducted cracking experiments on two groups of celebrities. The first group of celebrities is collected from the news events of privacy leakage that were publicly available online, and the second group of celebrities is randomly selected from two encyclopedia platforms. The experimental results showed that the success rate of cracking the ID card numbers of celebrities is 53.9%, which verified the effectiveness of the proposed cracking method. Besides, this paper proposed some security precaution suggestions to solve this security problem, and the implementation, feasibility, potential impact, expected effectiveness of these measures were also analyzed. To our knowledge, our paper is the first to point out the issue of privacy leakage of celebrity's ID card number caused by apps' real‐name authentication functions in China. We believe that our research will attract widespread attention from society regarding celebrity's privacy information protection.
Read full abstract