Friday 6 April 2012

Protect Against Phone Hacking


In 2011 one of the more well publicised stories was that of the News of the World Phone Hacking Scandal. Among other things, this front page saga highlighted the large vulnerabilites present in mobile phone security. Phone hacking has resulted in unauthorised access to such things as a victim's personal voicemail, email, and bank accounts. Even Hollywood celebrities are not safe from phone hacking. So how exactly do the criminals do it? And how can you protect yourself from phone hacking? You don't have to be rich or famous to be the target of phone hackers -  all it takes is for you to make a few simple mistakes. Older mobiles are set with default pin numbers and most users don't bother changing them. This fact allowed hackers to easily access personal voicemail inboxes - all they had to do was dial the mobile number when it was switched off, or engaged, and try the default pin. This is thanks to a capability, put in by the network provider, to access voicemail from anywhere, including a landline. To determine the default pin all the hacker would have needed to do was google the particular mobile phone number. This would bring up the mobile's network provider and further googling would have allowed the hacker to find out the default pin for that particular provider. How would strangers have gotten a hold of your mobile number? Simple - you gave it to them. Social media sites are typically ripe with personal details that people willingly give away, including mobile phone numbers. Even when people do change their pin they typically change it to something recurring such as 1234, or to a birthday perhaps. These make it much easier for the hacker who, again, has access to social media sites where potential victims have typically left more personal information about themselves than they should have. Another thing the hackers have going for them is a property of the 4 digit pin system itself: there are only 10000 possible combinations! 10000 is not very many, and discovery of a 4 digit pin number by trial and error would not take too long. Nowadays network providers typically do not set default pins.

Sometimes a hacker will go to extreme lengths to steal information from your phone. These may include high-tech methods straight out of a spy thriller film. Although these techniques are not likely to be used on the common man on the street, they are still things to be aware of. Handset cloning is one such method. This is an advanced method which requires the hacker to use a special kit that doesn't come cheap. It's purpose is to make a duplicate of the target mobile phone, including the sim card, so that incoming calls can be recieved from the duplicate instead of the real one. It works when the real mobile is switched off. Bluetooth hacking is another method to be aware of. My advice: turn your phones bluetooth visibility to 'hidden' until you need to actually use it. Also, never accept connections with complete strangers. Malware, such as  viruses, worms, trojans, and spyware can be transferred through bluetooth. SMS spoofing is yet another technique to watch out for. It is a method that can use SMS to disguise the sender mobile number as that of anything else, including a trusted contact. It can also be used to fool the network provider into thinking that a message requesting a pin number came from the owner rather than a hacker. Another possible method hackers might use is Local Area Mobile Phone Tapping. This is another relatively advanced method, that allows the hacker to listen remotely to all phone conversations within a local area. To pull this off the hacker would rely on an array of sophisticated software. This software would pick up broadcast signals, decrypt the data and allow the hacker to listen in on phone calls within the vicinity.

Another threat to phone security, especially for smart phones, is the threat of malware from mobile apps. Smartphones are vulnerable for a number of reasons. They are relatively new, and users underestimate how secure they really are - many users forget that they are nothing more than handheld versions of desktop computers. Smartphones have more vulnerable entry points than standard mobile phones do. There are mobile apps available at the market that can steal details from a victim's phone, such as phone numbers, contacts lists, messages, data and so forth. Of course the apps don't advertise the fact that they could have malware attached to them, so it is neccessary to exercise extreme caution when deciding to download an app. The Apple Store typically has more stringent checks when it comes to apps than Google Play (now replacing Android Market) does for their apps. Even so, the advice still applies no matter what type of mobile you have.

No comments:

Post a Comment