I was astonished and surprised and shocked to read this blog on BBC. I was wondering if technology is at our service or our lives are at its stake. Read this blog and see for yourself.
Continuing scrutiny of the methods used by some journalists to listen to private voicemails has turned the spotlight on mobile security. But how easy is it to hack a handset? It depends on how much money, time and effort you want to put into it. There are a number of ways to get at information on a handset was growing, even as it got far less likely that the method used by the journalists would still work. The journalists are believed to have listened to voicemail messages but changes introduced by UK network operators in recent months made it harder for anyone but the correct customer to listen to those messages. Some have also questioned whether the use of default pin codes to get at those voicemail accounts could be considered hacking. In addition, said Simeon Coney, a spokesman for mobile security firm, the declining use of voicemail made it a less tempting target. Rather than leave a voicemail, people will more likely send a text. It's very, very hard to get access to people's text messages without putting something on the device. It's a separate architecture that the operators run to manage text messages.
Access All Areas Key to handset hacking, he said, was installing software on a device either by getting physical access to the mobile, tricking its owner into downloading a booby-trapped application or making them visit a page that inserts malware onto a device. There are commercial software, known as spyware, available that could take copies of everything on a phone, log its location and switch on any of its components. All without revealing its presence on a handset. They give remote access, take copies of text messages and can turn the telephone into an audio bug. The hard part, he said, was getting hold of a device for a few minutes to insert the software. Alternatively, he said, targets could be sent an e-mail they read on their phone that contains a link to a website that looks benign but, in the background, is installing spyware. Security researchers have demonstrated such an attack working on high-end smartphones. It only required a user to look at a website. That loaded the software on the device. It would not be hard to target someone like that. Bugs in the Bluetooth short-range radio technology common on many smartphones could also mean that some information about a handset could be "sniffed" from only a few metres away. Security firms also report a growing number of cases in which games and other applications have been found to contain code that steals more information than it should. Leaving aside the technology, modern smartphones leak information about their owners in a way that can be hard to control. Anyone sending tweets via their phone could be revealing their location and some of the apps that can be loaded on phones report where in the world they are at that moment.
Human factors
The flaws in the early versions of mobile network software meant that it was possible for skilful attackers to build hardware that pretended to be a mobile base station. The flaws in the mobile network software made it hard for phone owners to be sure they were connecting to a legitimate base station. Control of that fake base station would give attackers access to everything a mobile owner was doing. 3G networks removed this flaw, but the equipment needed to pose as a mobile base station was getting cheaper, smaller and easier to use all the time. A similar research project was also in the process of producing an easy to use kit that contains, among other things, all the encryption keys used on 2G networks that would give attackers access to tap into mobile calls. There have been instances of setting up the equipment to pose as a base station or crack phone conversations broke several UK laws. It is also illegal to carry out surveillance as the prison sentences handed down to the journalists shows.
The flaws in the early versions of mobile network software meant that it was possible for skilful attackers to build hardware that pretended to be a mobile base station. The flaws in the mobile network software made it hard for phone owners to be sure they were connecting to a legitimate base station. Control of that fake base station would give attackers access to everything a mobile owner was doing. 3G networks removed this flaw, but the equipment needed to pose as a mobile base station was getting cheaper, smaller and easier to use all the time. A similar research project was also in the process of producing an easy to use kit that contains, among other things, all the encryption keys used on 2G networks that would give attackers access to tap into mobile calls. There have been instances of setting up the equipment to pose as a base station or crack phone conversations broke several UK laws. It is also illegal to carry out surveillance as the prison sentences handed down to the journalists shows.
Mobiles were only likely to become more tempting for attackers as people do more with them. Getting hold of the data on a handset could unlock access to much more intimate details such as Facebook accounts, private e-mails, instant messages, photos, videos and much more. People live their lives through their phone, they are more relevant and personal than a computer. Finally, he added, the easiest way to get at a mobile was perhaps to avoid technology all together.
No comments:
Post a Comment