Another Brick from the Wall - Leadership thoughts

RSSSubscribe to this blog
About Author

The Jericho Forum is an international group of organisations working together to define and promote the solutions surrounding the issue of de-perimeterisation. Members include top IT security officers from multi-national Fortune 500s & entrepreneurial user companies, major security vendors, government, & academics. Working together, members drive approaches and standards for a secure, collaborative online business world.

Contact Author

Email Jericho


The world goes phone-phreaking mad

Voicemail hacking is one of the simplest attacks going

Article comments
Will the News of the World phone hacking scandal go away soon? And now there are other newspapers being accused of phone hacking as well. The short answer is probably not, at least not while it sells news.

Phone hacking has been around for a long time (or phone 'phreaking' as it used to be called in the pre-Internet era), and while there were only a few simple scams it didn’t make front page news. So, what’s changed? Today all information is money to someone. Celebrity news sells as does political news.

How easy is it to hack a phone or voicemail? Unfortunately for most people, just a little bit too easy mainly due to the fact that people don’t set PIN numbers to secure access. We are back to the same old problem, that a voicemail service comes with a default PIN and the user doesn’t change it either because they are too lazy to do so, or it is too difficult.

There are other ways to hack phones, from the relatively simple ‘bluejacking’ and ‘bluesnarfing’, where you take control through an unsecured Bluetooth connection through to number spoofing, SIM card duplication and specialist hardware. The method chosen all depends on how serious the hacker is and how much the information on the device is worth.

Hacking a phone can now bring more rewards to the cybercriminal as there is often more valuable information stored on a phone than there is in voicemail. Contact lists, email, web browsing history, in fact much of the good stuff on a laptop is now also on the phone as well.

From a corporate perspective, being aware of the risks associated with mobile phones is a start. Setting security and usage policies should be high on the agenda to make them as secure as laptops are within the organisation.

Passwords/PINs should be on the devices themselves (as well as on services such as voicemail) and these should be changed from time to time.

Ensure that phones are backed up regularly.

Ensure that any removable media (and the phone itself) is encrypted.

Consider installing an anti-malware/security application.

Look at a remote wipe/kill software to be absolutely sure that a lost phone doesn’t become a data leak incident.

Finally, when it comes to sensitive business transactions, remember the problem of eavesdroppers. Find somewhere private for a discussion, and consider whether your mobile phone is secure enough for the information you are about to convey.

Guy Bunker, Jericho Forum board member

Email this to a friend

* indicates mandatory field






ComputerWorldUK Webcast

Advertisement
ComputerworldUK
Share
x
Open