Cell phone hacking is big news as of late. Recently, scandal has rocked News of the World and The Daily Mirror. These two British tabloids are under investigation for alleged hacking into the cell phones and voice mail of celebrities and 9/11 victims. Whatever the outcome, it’s put a huge focus on potential privacy violations with regard to mobile devices.
As the story goes, reporters from the tabloid employed a hacking “trick” that relies largely on one basic given: that a lot of cell phone users haven’t set a unique security PIN for voicemail access or haven’t changed their standard four-digit default one either—often 1234 or 0000. The “trick” entails dialing the cell carrier’s general voicemail access number, putting in the subscriber phone number and then the default password. In other words, guessing correctly that the target has left his or her voicemail box essentially open.
Another type of hack is caller ID spoofing and it involves placing a call to the targeted number from the same number. The “spoof” leverages pretty easily obtained software that essentially makes the cell phone carrier network think that an outside call to a phone’s voicemail is actually coming from the phone itself—similar to dialing *86 on your own mobile device to get messages. This type of attack specifically targets mobile users who have not set a voicemail password and, again, it allows easy access to inboxes.
No doubt you see a pattern here. And no doubt you see an easy fix to most voicemail vulnerabilities: Set a security PIN! Or, if you’ve already got one, make sure it’s been updated from the easy-to-guess default.
Smart Fixes to Smartphone Vulnerabilities
A bigger concern than voicemail hacking is the even more invasive data hacking. Cell phones aren’t just phones anymore. They’re “smart” phones—literally just smaller, mobile versions of desktop computers with even more powerful processors, memory, and communications capabilities than many desktop PCs. And just like computers, they can be hacked by cybercriminals. Most enterprises, regardless of size today use smartphones and mobile devices in some manner to improve mobility and productivity, as do government agencies and even small-to-medium sized businesses (SMBs), These organizations must protect their network from breach or malware attack, their sensitive information from loss or theft, and their users – and their devices, whether corporate owned or a user’s personal mobile device – from loss, theft and exploit.
Advances in Mobile Technology Bring Advances in Mobile Security
Lastly, in addition to the hacking scenarios mentioned above, you’ve got to contend with malware, including viruses, worms, spyware, and keyloggers. Malware can install on a phone through an email or text message – or nearly any other input means, including Bluetooth and direct connect to a PC – and lurk around to gather all sorts of information, including call history, messages, financial data, you name it. Malware can even track, capture, and send to a third party server every key hit on a mobile device keyboard, and even surreptitiously record “private” conversations and information, like bank account and credit card numbers. Without consent, malware can also work through applications to take such data as contacts, browsing habits, text history, and location.
Luckily, solutions are emerging to help prevent malware attacks. With advances in mobile technology have come advances in mobile security. Not only can you prevent malware’s destructive path by keeping your apps up to date and staying away from emails or texts from unknown or untrusted sources, but you can install additional security software onto your smartphone for extra protection.
To protect the sensitive personal information you maintain on your mobile phone, you should consider various options for security control. Your service provider or employer may offer some of these:
• Install an on-device anti-malware solution to protect against malicious applications, spyware, infected SD cards, and malware-based attacks on the device
• Use an on-device personal firewall to protect device interfaces
• Set a robust, unique password for device access
• Implement anti-spam software to protect against unwanted voice and SMS/MMS communications
• For parents, use device usage monitoring software to oversee and control pre-adult mobile device usage, and protect against cyberbullying, cyberstalking, exploitative or inappropriate usage, and other threats
Enterprise Mobile Security
Some ideas on how organizations can protect their network and precious, sensitive information from loss, theft or exploitation in today’s mobile world:
• Employ on-device anti-malware to protect against malicious applications, spyware, infected SD cards and malware-based attacks against the mobile device
• Use SSL VPN clients to protect data in transit and ensure appropriate network authentication and access rights
• Centralize locate and remote lock, wipe, backup and restore facilities for lost and stolen devices
• Strongly enforce security policies, such as mandating the use of strong PINs/passcodes
• Leverage tools to help monitor device activity for data leakage and inappropriate use
• Centralize mobile device administration to enforce and report on security policies
Ensuring the proper setup of each of these controls may take a little more time than setting up a voicemail security PIN, but by being proactive with this type of security, you’ll be a step ahead at preventing personal data breaches.
Whether you are a mobile service consumer, corporate smartphone user or mobile service provider you have options. Today, third-party security vendors can help you manage risks by providing solutions that include antivirus, personal firewall, anti-spam, loss and theft prevention, and monitoring and control services. With it, enterprises can provide employees secure access to corporate applications and email on mobile devices, while keeping business data and networks safe. It also lets service providers deliver a worry-free mobile experience to consumers and enterprises who routinely store sensitive personal or corporate information on their smartphones.
Related Content: Rethinking Cybersecurity in a Mobile World
Read More in SecurityWeek’s Mobile Security Section