Security

12:03 PM
Melanie Rodier
Melanie Rodier
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Beware: Hacking Your BlackBerry or iPhone Is Easy As One, Two, Three

As Britain reels from the massive phone hacking scandal which closed down the Rupert Murdoch-owned News of The World, you may want to consider exactly how secure your BlackBerry or iPhone is.

How can you avoid News Of The World-Style hacking of your smartphone? As Britain continues to reel from the massive phone hacking scandal which led to the sudden closing down of the Rupert Murdoch-owned News of The World -- the biggest English-language newspaper in the world -- you may want to consider exactly how secure your smartphone is.

According to British cell phone operator O2, phones such as those of ex-UK prime minister Gordon Brown were hacked due to lax security on their cell phones' voicemail system, the BBC reports. The News of The World's "investigators" exploited the fact that cell phone operators gave customers default pin numbers - 0000 or 1234 - to access their voicemail from another phone. O2 has since changed its system.

But before you rest easy, here is some bad news from hacker extraordinaire Kevin Mitnick, as reported by CNET.

To demonstrate how easy it still is to hack a phone, Minick accessed CNET's Elinor Mills'voice mail by tricking the reporter's "mobile operator equipment into registering the call as coming from the handset--basically pretending to be me."

From CNET:

To do this, he wrote a script using open-source telecom software and used a voice-over-IP provider that allows him to set caller ID, but there also are online services that provide similar capability that non-hackers could subscribe to. It might be easier or harder to accomplish depending on the mobile operator, he said.

Any 15-year-old that knows how to write a simple script can find a VoIP provider that spoofs caller ID and set this up in about 30 minutes," Mitnick said. "If you're not adept at programming, you could use a spoofing service and pay for it."

So... If you want to avoid having anyone use Caller ID Spoofing to access your voice mail, you need to change your phone settings to require a PIN even when checking voice mail from your mobile device. Which of course, is a pain. And it doesn't even address the fact that most mobile operators don't authenticate caller ID, CNET points out.

By the way, beyond phone hacking, you might also want to make sure you don't open any PDF documents on your iPhone or iPad: Apple mobile users are vulnerable to malicious code contained in PDF files.

So far, Android devices pose the greatest risk of mobile malware, according to CNN. But Apple's iPhone and iPad are also vulnerable to security flaws.

"Apple mobile users who download PDF files currently risk letting cybercriminals access their confidential information, intercept phone conversations or take over other aspects of their device. There is no evidence yet that cybercriminals have done this, but it could happen easily," CNN reports.

Apple says it's working to fix the bug, but there is no word from the Cupertino company on how long the vulnerability has existed, or even exactly when it will fix the problem.

Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio
Comment  | 
Print  | 
More Insights
More Commentary
Preventive Measures for Post-Interview Anxiety
Most professionals leave interviews thinking that it went well, and then they wait... and wait. The Caring Recruiter has a cure for the typical post-interview trauma.
Leaving Out the Welcome Mat for Financial Services Hackers
Everyone knows the financial services industry is a prime target for hackers. Despite the dangers, many applications have software vulnerabilities that expose real risks.
4 Surprising Ways Firms Think About Data Security Costs
Almost 28% of firms are willing to bear the cost of some financial losses due to cybercrime, because it's less than the cost of upgrading IT systems.
CIO + CFO Doesn’t Equal Mars Vs. Venus
From my decades of experience, CIOs and CFOs have more in common than you may think.
Will Apple Legitimize Mobile Payments?
The company announced its new mobile payments system, Apple Pay, during a news media event today.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video