Saturday, July 9, 2011
Voicemail Hacking - It's Easier Than You Think.
We’ve been hearing a lot about hacks these past few months. But this is the first time many have heard of a voicemail hack and of course I am referring to the News of the World scandal. The 168 year old newspaper has been accused of tapping in to celebrities, royals and victims cell phones and even deleting voicemails. I want to touch on this from the technology side as discussed on CNN this evening.
A lot of people might think voicemail hacking sounds complex but it’s actually fairly simple.
I spoke with John Hering CEO of Lookout, the most downloaded mobile security app. He has over 10 years mobile security experience and works to protect people from hackers and thieves everyday. He noted “There are a handful of applications that can produce sophisticated attacks --- that don’t require overly sophisticated software.”
Given the timeline in which the News of World alleged phone hacked happened they could have executed voicemail hacking in a few ways.
1.) Voicemail could have been left on a default pin from the network (which would make it easy to guess)
2.) Individuals voicemail access pin was something obvious like their birthday or consecutive numbers (again making it easy to guess)
3.) They didn’t have a pin set up on their voicemail (which many people don’t today)
If the latter is the case enter Caller ID spoofing.
Caller ID spoofing has been popular for years. It basically is a hack that allows you to make a call and your phone number can show up as any number you choose. Since a lot of people don’t have passwords set up on their voicemail you can trick an account into authentication and granting access to their messages. With John’s mobile hacking experience he noted that in the case of News of the World a program of this nature was likely used. Software of this nature yields sophisticated results but is super easy to use.
But voicemail hacking is just a blip in what you can achieve with a mobile hack.
Type mobile spyware in to Google and immediately see a snapshot of options right at your fingertips.
With the right software you can:
· Track someone’s location
· Pull all their data (which in the world of smart phones can be extremely valuable)
· Listen in on calls
· Listen in on conversations even when a phone is just sitting there (not even making a call). The program does this by activating the phone’s microphone.
What are tips for Mobile Security in general?
I teamed up with Lookout and also Bill Stackpole a Professor in the Department of Security and Networking at the Rochester Institute of Technology to narrow down some of the most important tips on maintaining cell safety.
· Set a pin on your voicemail. Many people don’t have an access pin on their voicemail and can access messages just from their phone. Even a 4-digit pin is a good leap for security. And don’t mail it in and use the same pin as your ATM, your birthday or four consecutive numbers in a row.
· Make sure you are up to date on the latest OS updates (its not just about the latest features but also the latest security patches that are available)
· Don’t jailbreak your phone it makes you more vulnerable
· Use HTTPS when making a purchase
· Understand what you are downloading. Now more than ever this comes in to play with apps. How many reviews does it have, how are the ratings, is it from a reputable company? Apps have tricked people in to thinking they were a bank and also an antivirus.
· Look for unusual behavior on device: deleted voicemails, extra charges, phone is hot when not in use, battery getting sucked up fast for no reason, background noises
· Protect yourself and your private data from malware and spyware with an app like Lookout
The bottom line.
A lot of people associate the word hacking with computers. But what everyone needs to realize is that our phones are essentially are mini computers. Not realizing this almost makes you even more vulnerable.