Chinese Ministry of State Security
Disclosing a recent case involving an official who improperly used an online scanning app to digitize confidential meeting minutes, files, leading to the leakage of 127 classified documents, which posed a tangible threat to national security, China’s Ministry State Security on Monday warns the public to be vigilant against turning such apps into “enablers” of state secret leaks.
A recent case published by the ministry on its official WeChat detailed how a government employee, seeking convenience, improperly used an internet-based scanning app to digitize confidential meeting minutes. The files were automatically backed up to a cloud storage account, which was later compromised through brute-force attacks. As a result, attackers gained access to 127 classified documents scanned over three years. The leaked files were disseminated via foreign social media platforms, resulting in a serious breach of national security.
The ministry noted that most scanning apps rely on cloud-based databases provided by developers to process and analyze user-uploaded files. This means that during operation, processing, and feedback stages, file content is transmitted multiple times over the internet. If sensitive or classified materials are inadvertentlyscanned and uploaded, it can create vulnerabilities that malicious actors may exploit to steal personal data or even state secrets.
Some scanning apps request excessive permissions during installation, such as access to microphones, contact lists, photo albums, or text messages. If users grant these permissions indiscriminately, the apps may harvest sensitive data stored on the device, including identity details and account credentials, leading to potential theft, the ministry’s warned.
Many scanning apps offer cloud storage features, but if an account is compromised, the service provider has system flaws, or the cloud is targeted by foreign intelligence agencies, stored data may be exposed or maliciously exploited, the ministry warned.
The ministry noted that some malicious programs disguise themselves as scanning apps in unofficial app stores or websites. Once installed, these programs run silently in the background, scanning the device and exfiltrating its data.
To strengthen cybersecurity practices, the ministry urged the public, especially those handling classified information, not to transmit, store, or process sensitive materials via internet channels. Personnel should avoid using online scanning tools for confidential content, and resist storing classified files online for convenience.
The ministry also recommended downloading only security-certified scanning apps from official app stores to reduce malware risks. Users should carefully review app permission requests, and strengthen data storage security. For shared files, they should enable password protection and restrict additional access to prevent data leaks.
Global Times
