Connect with us

Hi, what are you looking for?


Mobile & Wireless

How Vulnerable Are You to Cell Phone Hacks?

Cell phone hacking is big news as of late. Recently, scandal has rocked News of the World and The Daily Mirror. These two British tabloids are under investigation for alleged hacking into the cell phones and voice mail of celebrities and 9/11 victims. Whatever the outcome, it’s put a huge focus on potential privacy violations with regard to mobile devices.

Cell phone hacking is big news as of late. Recently, scandal has rocked News of the World and The Daily Mirror. These two British tabloids are under investigation for alleged hacking into the cell phones and voice mail of celebrities and 9/11 victims. Whatever the outcome, it’s put a huge focus on potential privacy violations with regard to mobile devices.

Mobile Phone SecurityAs the story goes, reporters from the tabloid employed a hacking “trick” that relies largely on one basic given: that a lot of cell phone users haven’t set a unique security PIN for voicemail access or haven’t changed their standard four-digit default one either—often 1234 or 0000. The “trick” entails dialing the cell carrier’s general voicemail access number, putting in the subscriber phone number and then the default password. In other words, guessing correctly that the target has left his or her voicemail box essentially open.

Another type of hack is caller ID spoofing and it involves placing a call to the targeted number from the same number. The “spoof” leverages pretty easily obtained software that essentially makes the cell phone carrier network think that an outside call to a phone’s voicemail is actually coming from the phone itself—similar to dialing *86 on your own mobile device to get messages. This type of attack specifically targets mobile users who have not set a voicemail password and, again, it allows easy access to inboxes.

No doubt you see a pattern here. And no doubt you see an easy fix to most voicemail vulnerabilities: Set a security PIN! Or, if you’ve already got one, make sure it’s been updated from the easy-to-guess default.

Smart Fixes to Smartphone Vulnerabilities

A bigger concern than voicemail hacking is the even more invasive data hacking. Cell phones aren’t just phones anymore. They’re “smart” phones—literally just smaller, mobile versions of desktop computers with even more powerful processors, memory, and communications capabilities than many desktop PCs. And just like computers, they can be hacked by cybercriminals. Most enterprises, regardless of size today use smartphones and mobile devices in some manner to improve mobility and productivity, as do government agencies and even small-to-medium sized businesses (SMBs), These organizations must protect their network from breach or malware attack, their sensitive information from loss or theft, and their users – and their devices, whether corporate owned or a user’s personal mobile device – from loss, theft and exploit.

Advances in Mobile Technology Bring Advances in Mobile Security

Lastly, in addition to the hacking scenarios mentioned above, you’ve got to contend with malware, including viruses, worms, spyware, and keyloggers. Malware can install on a phone through an email or text message – or nearly any other input means, including Bluetooth and direct connect to a PC – and lurk around to gather all sorts of information, including call history, messages, financial data, you name it. Malware can even track, capture, and send to a third party server every key hit on a mobile device keyboard, and even surreptitiously record “private” conversations and information, like bank account and credit card numbers. Without consent, malware can also work through applications to take such data as contacts, browsing habits, text history, and location.

Advertisement. Scroll to continue reading.

Luckily, solutions are emerging to help prevent malware attacks. With advances in mobile technology have come advances in mobile security. Not only can you prevent malware’s destructive path by keeping your apps up to date and staying away from emails or texts from unknown or untrusted sources, but you can install additional security software onto your smartphone for extra protection.

To protect the sensitive personal information you maintain on your mobile phone, you should consider various options for security control. Your service provider or employer may offer some of these:

For Consumers:

• Install an on-device anti-malware solution to protect against malicious applications, spyware, infected SD cards, and malware-based attacks on the device

• Use an on-device personal firewall to protect device interfaces

• Set a robust, unique password for device access

• Implement anti-spam software to protect against unwanted voice and SMS/MMS communications

• For parents, use device usage monitoring software to oversee and control pre-adult mobile device usage, and protect against cyberbullying, cyberstalking, exploitative or inappropriate usage, and other threats

Enterprise Mobile Security

Some ideas on how organizations can protect their network and precious, sensitive information from loss, theft or exploitation in today’s mobile world:

• Employ on-device anti-malware to protect against malicious applications, spyware, infected SD cards and malware-based attacks against the mobile device

• Use SSL VPN clients to protect data in transit and ensure appropriate network authentication and access rights

• Centralize locate and remote lock, wipe, backup and restore facilities for lost and stolen devices

• Strongly enforce security policies, such as mandating the use of strong PINs/passcodes

• Leverage tools to help monitor device activity for data leakage and inappropriate use

• Centralize mobile device administration to enforce and report on security policies

Ensuring the proper setup of each of these controls may take a little more time than setting up a voicemail security PIN, but by being proactive with this type of security, you’ll be a step ahead at preventing personal data breaches.

Whether you are a mobile service consumer, corporate smartphone user or mobile service provider you have options. Today, third-party security vendors can help you manage risks by providing solutions that include antivirus, personal firewall, anti-spam, loss and theft prevention, and monitoring and control services. With it, enterprises can provide employees secure access to corporate applications and email on mobile devices, while keeping business data and networks safe. It also lets service providers deliver a worry-free mobile experience to consumers and enterprises who routinely store sensitive personal or corporate information on their smartphones.

Related Content: Rethinking Cybersecurity in a Mobile World

Read More in SecurityWeek’s Mobile Security Section

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

The February 2023 security updates for Android patch 40 vulnerabilities, including multiple high-severity escalation of privilege bugs.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.