As phone hacking revelations make news, there’s a take-home lesson for all of us sitting in the bleachers checking our mobile devices — or rather a warning. Tomorrow, the personal details stored in your mobile phone will be available to anyone. And they will be available because we will have willingly but unwittingly surrendered them in the name of convenience.
Hacking phones is not new. Noted journalists Ron Rosenbaum (in Esquire) and Maureen Orth (in the Los Angeles Times) simultaneously introduced the term “phone phreaks” to the masses way back in October 1971. These were guys who used ingenious little blue boxes, the size of a cigarette pack, to hack the phone networks and make free calls. By 1976, the Wall Street Journal was reporting that the use of blue boxes had spread to the “well-heeled,” with several entertainers, including singer Lainie Kazan, caught by authorities.
As the Journal explained, it was amazingly easy for anyone with a knowledge of basic electronics to build a box with off- the-shelf items (although the mystique gave rise to an underground box-building industry), and it required absolutely no technical expertise to use. You just had to dial a 1-800 number and wait for someone to pick up the call, then push a “clear line” button, which disconnected you from the number but left the line open.
But as Phil Lapsley, who runs the brilliant The History of Phone Phreaking website, told me, “People were hacking the telephone system to make free calls and make other mischief back in the 1950s and early 1960s, if not before. You can forgive the telephone engineers back then for designing a vulnerable system — after all, who knew from hackers back then? But today, too often, security is an afterthought, if it’s thought about at all. People want their telephone system to be convenient, and when convenience and security compete, convenience usually wins.”
The lack of security built into the current, evolving mobile network may be less forgivable.
Late last year, a key report by Ted Julian and Nick Holland of the research firm Yankee Group spelled out the scale of the oncoming problem: “For years,” they write, “security pros, mobile mavens, IT staff, industry watchers and others have known mobile security was a bit of a disaster waiting to happen. All knew the underlying platforms had plenty of vulnerabilities and the market would aggressively expand providing compelling economic motivation for crooks. Yet, not much happened.”
Enter the iPhone and its followers, then the iPad and its imitators, and suddenly you have 5 billion mobile devices around the world — outnumbering PCs, Yankee said, by a ratio of 5-to-1. Phreaking may have been happening on the down-low until now, but it is set to expand with a vengeance that will make recent hacking look quaint.
Instead of just making free calls, the new phreakers will take advantage of the way in which the mobile revolution provides multiple ways to expose yourself to the world. The first crucial conceptual point is to stop thinking of a mobile phone as just a phone: Your smartphone is now your avatar and virtual wallet. It contains access to your email and social networking data, while also functioning as an ATM card through the ability to scan barcodes and receive near-field communications — the latest in virtual ID and payment technology. It’s both an informational and transactional device. And this transformation has created multiple points of vulnerability: the phone, the Bluetooth device, the operating system, the applications and the network.
Now consider some of the ways in which you can have your information hacked. You can lose your phone or have it stolen (or worse, you can lose your phone that has remote access to your work’s network); you can download insecure applications; you can pick up airborne malware, locally, through your Bluetooth device just like a cold virus; you can be phished through text messaging; and you can be conned by a fake call center.
The Yankee Group’s Nick Holland said, “The bigger issue is that your mobile phone is really globally connected computer device with all your financial information on it. In terms of insecurity, it’s a perfect storm – and it’s only going to get worse.”
Phreak out.
Hacking phones is not new. Noted journalists Ron Rosenbaum (in Esquire) and Maureen Orth (in the Los Angeles Times) simultaneously introduced the term “phone phreaks” to the masses way back in October 1971. These were guys who used ingenious little blue boxes, the size of a cigarette pack, to hack the phone networks and make free calls. By 1976, the Wall Street Journal was reporting that the use of blue boxes had spread to the “well-heeled,” with several entertainers, including singer Lainie Kazan, caught by authorities.
As the Journal explained, it was amazingly easy for anyone with a knowledge of basic electronics to build a box with off- the-shelf items (although the mystique gave rise to an underground box-building industry), and it required absolutely no technical expertise to use. You just had to dial a 1-800 number and wait for someone to pick up the call, then push a “clear line” button, which disconnected you from the number but left the line open.
But as Phil Lapsley, who runs the brilliant The History of Phone Phreaking website, told me, “People were hacking the telephone system to make free calls and make other mischief back in the 1950s and early 1960s, if not before. You can forgive the telephone engineers back then for designing a vulnerable system — after all, who knew from hackers back then? But today, too often, security is an afterthought, if it’s thought about at all. People want their telephone system to be convenient, and when convenience and security compete, convenience usually wins.”
The lack of security built into the current, evolving mobile network may be less forgivable.
Late last year, a key report by Ted Julian and Nick Holland of the research firm Yankee Group spelled out the scale of the oncoming problem: “For years,” they write, “security pros, mobile mavens, IT staff, industry watchers and others have known mobile security was a bit of a disaster waiting to happen. All knew the underlying platforms had plenty of vulnerabilities and the market would aggressively expand providing compelling economic motivation for crooks. Yet, not much happened.”
Enter the iPhone and its followers, then the iPad and its imitators, and suddenly you have 5 billion mobile devices around the world — outnumbering PCs, Yankee said, by a ratio of 5-to-1. Phreaking may have been happening on the down-low until now, but it is set to expand with a vengeance that will make recent hacking look quaint.
Instead of just making free calls, the new phreakers will take advantage of the way in which the mobile revolution provides multiple ways to expose yourself to the world. The first crucial conceptual point is to stop thinking of a mobile phone as just a phone: Your smartphone is now your avatar and virtual wallet. It contains access to your email and social networking data, while also functioning as an ATM card through the ability to scan barcodes and receive near-field communications — the latest in virtual ID and payment technology. It’s both an informational and transactional device. And this transformation has created multiple points of vulnerability: the phone, the Bluetooth device, the operating system, the applications and the network.
Now consider some of the ways in which you can have your information hacked. You can lose your phone or have it stolen (or worse, you can lose your phone that has remote access to your work’s network); you can download insecure applications; you can pick up airborne malware, locally, through your Bluetooth device just like a cold virus; you can be phished through text messaging; and you can be conned by a fake call center.
The Yankee Group’s Nick Holland said, “The bigger issue is that your mobile phone is really globally connected computer device with all your financial information on it. In terms of insecurity, it’s a perfect storm – and it’s only going to get worse.”
Phreak out.
