Q&A: How Phones are Hacked and Prevention Strategies
Hacking of mobile phones and related practices such as blagging and pinging have been in the news lately and the practice has led to the closure of 'News of the World' a 168-year-old newspaper - Goodbye Cruel World!. The controversy has spread with allegations that it may have been a widespread practice. What is this all about and how can you prevent you phone from being hacked?
What is phone hacking?
There are many types of phone hacking and phone-taping that are conducted legally by police and illegally by newspaper reporters, private investigators, spies and other people and groups. Hacking in the latest instance means getting access to another person's voicemail. The vulnerability occurs because the phone companies have developed systems which allow you the owner of the phone, to access your messages remotely, using another land-line phone or cell-phone. The same vulnerability applies to any message banks on your land-line phone as well. You as owner of the phone can simply ring the number, enter a pin number and the messages will be replayed for you to listing to. But others can hack into this tool and access your voice mail.
For many of the older phones a default pin number was set for the phone when it was purchased. Uses could change their pin number, but many uses didn't not bother, and so there were a huge number of phones with the same default pin number such as "1111", "9999", "1234" etc. All the hacker had to do was call your number when it was engaged or the phone was turned off, enter a default pin associated with the brand of phone you were using and they would have access to your inbox.
Many people publish their mobile numbers on websites, in emails and in social media sites such as Twitter and Facebook.The provider can often be identified by Googling the whole number or part of it. Various providers have different systems associated with pin numbers, ways of accessing you voice mail and default pin numbers. So once the phone number and provider were known it was a simple matter of trying the default pins. In some cases personalised pins could be obtained illegally from various websites on the internet. Also A four number pin is relatively easy to hack simply by trial and error, especially when many people use part of their birth date, mother's maiden name and other codes that can be found in various ways.
What is Caller ID Spoofing?
Caller ID Spoofing is a system which allows you phone someone and to pose as another phone number. A relatively simple bit of software or a website is used to do this. The hacker is prompted to enter the phone number he wants to call, and the phone number he wants to masquerade as calling from. The system is tricked into thinking the call is coming from the owner’s phone. Many cell phone providers have systems which skip the pass code when the call is initiated from the handset owned by the consumer. Hackers can then access the voicemail without entering a pass code.
Are Newer Phone Safer Now?
The network providers have tighten up the access to mail messages. Default PINs are no longer allocated. New phone owners are required to set up their own PIN when setting the voicemail. That at least makes it harder for hackers, though it can still be done, especially if you make it easier for them. Picking a PIN with recurring or sequential numbers (4444 or 1234 for example) or your birthday or other personal codes that can be easily found should avoided.
How does Social media increase the risks?
Twitter, Facebook and other social networks represent a potential hazard. Some people put far too much personal information on their profile page on Facebook. This may include their mobile phone number, date of birth, their address.
Disclosing location information can also be a risk. Many people like to 'check in' and tell their followers and friends where we are. Hackers can then target that location to ease-drop on your conversations. This also tells criminals where you aren't - that is you are not at home and your house is vacant and ripe for burglars to pay a visit.
What is Text and SMS spoofing?
SMS spoofing is a relatively new technique which uses SMS to replace the originating mobile number (Sender ID) with alphanumeric text. The new text can fool the person receiving the call into believing it is from a trusted source. It may also be used to fool the provider into believing the message requesting a pin number came from the owner rather than a hacker. Spoofing has legitimate uses such as for company name identification, caller identification etc. But it can have illegitimate uses, such as impersonating company, another person or product.
Are Smartphones More or Less Vulnerable?
Smartphones are essentially mini-computers that store lots more data that standard mobile phones, including e-mails, text messages, data, calendars, appointments and photos. This means that intrusions can cause much more damage - you have much more to lose. Likewise there are many more vulnerability points that provide entry points for hackers, than on a standard phone. Smartphones are relatively new and many users believe they are secure, but hackers are developing all sorts of ways to hack smartphones.
Various malware and trojans can infect the mobile phones and install key loggers and other software, which that can intercept calls or send out text messages, passwords and emails from and transmit to another device using Bluetooth. Techniques such as text message spoofing and fake Wi-Fi hotspots can be the source of these infections. New techniques are popping up all the time often attached to apps and other downloads. Security agencies have begun warning that cell phones are clearly identified as the next frontier for cyber attack.
Can Fake apps Steal your Identity and Provide Access to Your Inbox and other Data?
Mobile phone apps are very popular and most a smartphone owners has tens to hundreds of apps installed on their phone. This provides an opportunity for hackers to make fake app or attach the malware to a legitimate app and get users to download it. The malware can access and steal all sorts of information about the phone, messages and data. Smartphone users are advised to install one of many security apps that constantly check for malware. Apps should only be downloaded from legitimate and safe sources. Currently, iTunes has far more rigorous checks in place than those apps available to Android mobiles. It is wise to be extra cautious if you own an Android. It's a good idea to do some research on any app before you download it onto your phone too.
What is Blagging?
Blagging is defined as recklessly or knowingly getting or disclosing personal information and data or without the approval of the data owner. Blagging is illegal and applies to addresses, phone bills, bank statements and health records, etc. Hackers impersonate the data owners to hack their information using stolen identity information. Private detectives have been caught bribing staff at banks, phone providers or hospitals to get confidential information. Hackers look through garbage to get discarded documents with person information to prove identity for the blagging. The practices is also known as Pretexting.
Can Hackers use Bluetooth?
Bluetooth is a great facility to send photos, music or files to friends in close proximity, without having to pay for it. However, like public Wi-Fi, it is open to being hijacked, putting your personal information at risk and allowing malware to be transferred to your phone. Make sure you turn off your Bluetooth whenever you are not using it. Changing your settings so that your Bluetooth is not ‘discoverable’ is also a smart move. Always be extremely vigilant about accepting connections with people you don't know.
How does Cloning of Handsets work?
Cloning of handsets is another method that hackers use. When the genuine handset is switched-off the cloned phone receives the calls and messages. The cloning requires a special kit and techniques. The tools are used to take an image of the phone, duplicate other elements on the phone and duplicate the SIM card. It is not easy to do but it can be done.
What is Land Line Phone-tapping and FlexiSpy?
Traditionally, landlines were hacked into by physically connecting through terminal boxes and cables either locally or at the exchanges. The land lines are hardly secure. One of main modern methods is via a software application known as FlexiSpy, which is an authorized tool that parents use to ease-drop on their children's calls. It is attached secretly to your handset. The tool transfers recordings of voicemails and messages and to special website where that data can be can picked up. The software to run it can be downloaded to the phone via Bluetooth or WiFi, but permission for access is required to agree to the download. Some networks have banned it, but it has been used by parents.
What is Local Area Mobile Phone Tapping?
Various Software applications allow remote listening to all phone conversations within a local area. For example, a hacker could set up the system outside a famous person's house. This system is not widely available but it exists and has been widely used. Essentially the application picks up the broadcast signals, decrypts the data and allow the hacker to listen in on your calls.
What is Pinging a Mobile Phone?
Pinging a cell phone is finding out what cell tower their phone is in. Mobile phone companies can triangulate the approximate location of a mobile phone by checking which transmission masts the hone is closest to. This information is subject to controls and while law enforcement agencies regularly use is it is not available to the generally public, but may be able to be hacked. basis. Now cell phones come with GPS, hackers can determine your exact location, even when your phone is turned off!
How to protect yourself?
- Make sure you change your default passwords to a unique pin that doesn't contain your birthday or any other number or phrase linked to you.
- Change your pin frequently.
- Don't disclose your pin or phone number via email, twitter, facebook or other social networks
- Keep your identity secure, including your mail and trash. Hackers may be able to get enough information to convince your provider into giving a hacker your pin.
- Be very careful with Wi-Fi and Bluetooth to avoid being hacked or picking up malware.
- Don't lend you phone to anyone or leave it unattended and vulnerable to being infected wth malware or someone getting your pin or other detail.
- Be very careful with apps and install a mobile security package to detect malware and intrusions.
- Don't install suspicious programs and use common sense about software and apps.
- Beware of all suspicious addresses or communications. If in doubt do some research.
© 2011 Dr. John Anderson