11-Jul-2011 11:27

Warning: Don't Download Apps named ‘Sexy Pics’

Phone Hacking - The Next Cyber Attack Frontier…

The phone hacking by the now defunct tabloid ‘News of the World’ was unexceptional by technical standards. Security experts say the scandal portends how the growth of smart-phones will lead to more sophisticated hacking and breaches.

The tactics that tabloid reporters used to eavesdrop on high-profile British targets, and eventually led News Corp. to close down the 167-year-old publication, were remarkably low tech.

Former News of the World staffers say that reporters employed tricks to access voice-mail inboxes and procure a great deal of information from British celebrities and the royal family.

Experts say that to obtain the PIN codes needed to access those accounts, the reporters used an illegal method known as pretexting.

This tactic involves calling, for example, a customer-service representative for a mobile phone operator and impersonating someone to get details about that person's account. This practice is now prohibited in many places including the UK & the US.

Pretexting used to be a vital tool for freelance investigators, said Frank Ahearn, a former detective who does consulting on how to avoid detection, in an interview with CNN last year. "I could still do it, but I just don't, because it's illegal now," he said.

News of the World appears to have exploited a mechanism in mobile-phone carriers' systems that allows people to access voice-mail messages remotely, from any phone.

The episodes followed an even more primitive breach in the 1990s when the Sun, another British tabloid, published recordings of royal family members' phone conversations. Among the revelations - James Gilbey, a close friend of Princess Diana's, frequently referred to her affectionately as "Squidgy."

Those unsecured mobile communications, in the days of analog transmissions, were easily tapped by amateur ham-radio operators as well.

Squidgygate aside, the migration to more advanced mobile phones in recent years has facilitated more sophisticated intrusions. Smartphones sales are growing rapidly worldwide.
With these pocket computers, intruders have myriad more entry points available to them.

Two of the most common, security analysts say, involve tricking a phone user into installing poison applications or opening malicious links in their Web browsers.

Attacks using the latter method are becoming ever more sophisticated because software makers provide few safeguards against them.

With the proliferation of downloadable phone apps. scammers are finding it difficult to sneak their virus-laden software onto people's phones undetected.

Apple and many others, not including Google's Android, vet apps before making them available online.

Software providers also maintain a "kill switch" that allows them to delete problem programs remotely from customers' phones after they've taken root.

And some carriers have required that customers only install Android apps from trusted storefronts.

Security researchers have long warned that mobile phones are poised to be the next frontier for cyber attack.

Mobile phones are "built with at least some form of protection engineered from the beginning", which was not the case with PCs...

Pretexting is ultimately about social engineering and telecom companies increasingly train customer-service workers to follow strict guidelines to keep information from falling into the wrong hands.

Convincing phone users to click a strange link or install an app that steals their data is also a form of social manipulation. And a relatively easy one at that, acc. to researchers.

So how can you protect yourself?

So far, mobile attacks have most often attempted to trick people into sending expensive text messages or making pricey phone calls to 09xx numbers, because those ruses are the simplest and most lucrative.

When it comes to stealing personal information, cyber thieves prefer to grab reams of private data from corporate servers, such as the recent attacks on Sony.

Some security firms are working hard on software to protect smart-phones.

While many more safeguards are in place for phones, the checklist for protecting oneself sounds similar to the handouts many corporate I.T. departments give to their employees, i.e.: Don't lend your equipment to others; don't install suspicious programs and please use common sense.

As expert say, "We urge people, to act exactly as you would on your computers: Be wary of addresses or communications with which you're not familiar."

It sounds so simple!

It is.

But as unscrupulous reporters have shown... some phones can still be fairly easy to crack.

(original source CNN - & adapted by NF)