12:03 PM
Beware: Hacking Your BlackBerry or iPhone Is Easy As One, Two, Three
How can you avoid News Of The World-Style hacking of your smartphone? As Britain continues to reel from the massive phone hacking scandal which led to the sudden closing down of the Rupert Murdoch-owned News of The World -- the biggest English-language newspaper in the world -- you may want to consider exactly how secure your smartphone is.
According to British cell phone operator O2, phones such as those of ex-UK prime minister Gordon Brown were hacked due to lax security on their cell phones' voicemail system, the BBC reports. The News of The World's "investigators" exploited the fact that cell phone operators gave customers default pin numbers - 0000 or 1234 - to access their voicemail from another phone. O2 has since changed its system.
But before you rest easy, here is some bad news from hacker extraordinaire Kevin Mitnick, as reported by CNET.
To demonstrate how easy it still is to hack a phone, Minick accessed CNET's Elinor Mills'voice mail by tricking the reporter's "mobile operator equipment into registering the call as coming from the handset--basically pretending to be me."
From CNET:
To do this, he wrote a script using open-source telecom software and used a voice-over-IP provider that allows him to set caller ID, but there also are online services that provide similar capability that non-hackers could subscribe to. It might be easier or harder to accomplish depending on the mobile operator, he said.Any 15-year-old that knows how to write a simple script can find a VoIP provider that spoofs caller ID and set this up in about 30 minutes," Mitnick said. "If you're not adept at programming, you could use a spoofing service and pay for it."
So... If you want to avoid having anyone use Caller ID Spoofing to access your voice mail, you need to change your phone settings to require a PIN even when checking voice mail from your mobile device. Which of course, is a pain. And it doesn't even address the fact that most mobile operators don't authenticate caller ID, CNET points out.
By the way, beyond phone hacking, you might also want to make sure you don't open any PDF documents on your iPhone or iPad: Apple mobile users are vulnerable to malicious code contained in PDF files.
So far, Android devices pose the greatest risk of mobile malware, according to CNN. But Apple's iPhone and iPad are also vulnerable to security flaws.
"Apple mobile users who download PDF files currently risk letting cybercriminals access their confidential information, intercept phone conversations or take over other aspects of their device. There is no evidence yet that cybercriminals have done this, but it could happen easily," CNN reports.
Apple says it's working to fix the bug, but there is no word from the Cupertino company on how long the vulnerability has existed, or even exactly when it will fix the problem.
Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio