How cellphones get hacked

Amid the headlines and hearings about a British tabloid hacking cellphones, you may be curious about how that was done. You may also be curious about phone security for kids – I’ll get to that in a moment. My ConnectSafely co-director Larry Magid explained in the Huffington Post how easily those hacks can happen. He writes of default PIN numbers (used sometimes by criminal hackers when people don’t bother to change the factory default on their phones for their own security) and caller ID spoofing services that hackers like the News of the World reporters can subscribe to so it appears they’re calling into voicemail from a targeted user’s phone. Larry also mentions malware that may be embedded in legitimate-seeming apps users install on their phones and that allow criminal hackers to steal data from them. Finally, there’s social engineering, which is more about human trickery than sophisticated technology. In this case, it’s a phone company’s customer service employee who might get “socially engineered” – tricked into believing the caller is you asking to recover a PIN or password. My own carrier asks me what my PIN is first, which is a security measure you’ll want to make sure your carrier uses. Larry suggests that you not use your phone to record any messages you wouldn’t want to be heard by a snoopy stranger.

The kid kind of ‘ID spoofing’

As for kid cellphone users, the most important security measure is for them to be very careful about letting other people, including friends, use their phones. Here’s what we need to tell our kids: Mobile phones are very personal devices. When someone texts or sends photos from your phone, the person at the receiving end naturally thinks they’re from you. So you can easily be impersonated by someone using your phone. Most of the time that’s no big deal because most kids wouldn’t be cruel to their peers, but there are situations, including pranks, when things can go bad. A New York Times piece I link to here tells the story of a boy who lost his phone. Another kid picked it up and sent harassing, sexually explicit text messages to a girl. The boy who lost the phone was blamed and it took the three kids’ school a long time to figure out who actually sent the messages and let the phone’s owner off the hook. In another situation an educator friend tells, a girl left her phone on a school library table and friends started going through it. They found a nude photo of her that she had stored on her phone for some reason, which was hugely embarrassing all by itself, but in some cases the situation could be even worse – if the kids had sent it to everybody on her contact list, making it look as if she was sending it, in which case criminal charges could be involved in some jurisdictions. Fortunately, their principal ended the problem quickly and kindly. This is not to scare kids; it’s to help them be mindful about these powerful little devices and how much they represent their owners. It’s a good idea for them to password-protect or at least lock their phones if they ever leave them around away from home, and find an app that protects phone data and, with GPS technology, finds the phone if it gets lost or stolen. Examples: Lookout Mobile Security for Android phones, MobileMe for iPhones, or BlackBerry Protect. [See also ConnectSafely’s Cellphone Safety Tips and Tips for Strong, Secure Passwords.]