Security

12:03 PM
Melanie Rodier
Melanie Rodier
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Beware: Hacking Your BlackBerry or iPhone Is Easy As One, Two, Three

As Britain reels from the massive phone hacking scandal which closed down the Rupert Murdoch-owned News of The World, you may want to consider exactly how secure your BlackBerry or iPhone is.

How can you avoid News Of The World-Style hacking of your smartphone? As Britain continues to reel from the massive phone hacking scandal which led to the sudden closing down of the Rupert Murdoch-owned News of The World -- the biggest English-language newspaper in the world -- you may want to consider exactly how secure your smartphone is.

According to British cell phone operator O2, phones such as those of ex-UK prime minister Gordon Brown were hacked due to lax security on their cell phones' voicemail system, the BBC reports. The News of The World's "investigators" exploited the fact that cell phone operators gave customers default pin numbers - 0000 or 1234 - to access their voicemail from another phone. O2 has since changed its system.

But before you rest easy, here is some bad news from hacker extraordinaire Kevin Mitnick, as reported by CNET.

To demonstrate how easy it still is to hack a phone, Minick accessed CNET's Elinor Mills'voice mail by tricking the reporter's "mobile operator equipment into registering the call as coming from the handset--basically pretending to be me."

From CNET:

To do this, he wrote a script using open-source telecom software and used a voice-over-IP provider that allows him to set caller ID, but there also are online services that provide similar capability that non-hackers could subscribe to. It might be easier or harder to accomplish depending on the mobile operator, he said.

Any 15-year-old that knows how to write a simple script can find a VoIP provider that spoofs caller ID and set this up in about 30 minutes," Mitnick said. "If you're not adept at programming, you could use a spoofing service and pay for it."

So... If you want to avoid having anyone use Caller ID Spoofing to access your voice mail, you need to change your phone settings to require a PIN even when checking voice mail from your mobile device. Which of course, is a pain. And it doesn't even address the fact that most mobile operators don't authenticate caller ID, CNET points out.

By the way, beyond phone hacking, you might also want to make sure you don't open any PDF documents on your iPhone or iPad: Apple mobile users are vulnerable to malicious code contained in PDF files.

So far, Android devices pose the greatest risk of mobile malware, according to CNN. But Apple's iPhone and iPad are also vulnerable to security flaws.

"Apple mobile users who download PDF files currently risk letting cybercriminals access their confidential information, intercept phone conversations or take over other aspects of their device. There is no evidence yet that cybercriminals have done this, but it could happen easily," CNN reports.

Apple says it's working to fix the bug, but there is no word from the Cupertino company on how long the vulnerability has existed, or even exactly when it will fix the problem.

Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio
Comment  | 
Print  | 
More Insights
More Commentary
The Future of the CIO
Todayís chief information officers are no longer hardcore technologists. And they arenít pure business leaders either. They need to have excellent business and technology acumen to succeed.
HFT's Death by a Thousand Cuts
It took a while for regulators to catch up with high-frequency traders. Unfortunately for the HFT players, the regulators found their footing in September.
100 Years: Charles Dow to Quants to Predictive Analytics for Everyone
High-frequency trading and quantitative financial analysis left most investors in the dust. Today modern advanced data analytics tools are giving all investors access to unique information.
6 Security Strategies for Mobile Employees
Six mobility rules for employees moving between offices, meeting customers offsite, and traveling to business functions.
Behavior Biometrics a Popular Defense Against Cyberthreats
Banks are capturing behavioral data like swipes, typing cadence, and mouse patterns to identify fraudulent account activity.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video