When we think smartphone, we think: smart. When we think of someone who leaves the front door of their home with piles of financial and personal information laying about, we think: dumb.
But what if our smartphones can mimic leaving the front door open, making ourselves vulnerable to attack? One company proves that this is a reality.
UK Journalist Rory Cellan-Jones challenged Tom Beale of Vigilante Bespoke, a company that protects protects the sensitive celebrity’s and other high profile smartphones and email accounts, to break into his iPhone 4.
Beale demonstrated that smartphones like the iPhone, which are typically deemed secure can easily be hacked by even the most novice of hackers.
To bypass the first level of security, the onscreen passcode, Beale employed a well-known iPhone hack, which requires typing a certain combination of numbers and a few buttons.
It took Beale all of one minute to bypass the passcode and get into the phone. Similar hacks exist for Android and other smartphones.
Even if Beale wasn’t holding the iPhone in his hand, he explained that there are other ways to hack into sensitive information remotely.
By creating a WiFi network, hackers can easily access smartphone data once it’s connected.
When a smartphone is looking for an open WiFi connection, it sends out a probe request looking for networks.
Beale explained that "Probe requests are essentially a loud shout - is there any WiFi access point near me? Once the device is connected to our access point, its user is able to browse the web as normal. Unbeknown to them, the web traffic is being transmitted through our computer. The program examines the traffic between users and websites, looking for data containing cookies."
This means that a user can connect to the hacker’s WiFi network, log onto Facebook and instantly give a hacker access to all web information. Now that Facebook is connected to people’s phone numbers and contact information, the hacker essentially has access to all of this data.
Beale showed that with the information he stole from Facebook, he was able to send a text message that looked like it was coming from the journalist Cellan-Jones directly to his wife. Most people would not find it suspicious to receive a text from their significant other asking what the PIN for the spare credit care is.
This and similar hacks prove that it’s important to question the information one is sending over networks, both secure and insecure. Be careful what wireless networks you connect to and once connected, be careful what kind of information you’re sending.
The text message example is a sad reminder is that even if you’re careful about what information you’re sending over wireless network, you still need to be careful when it comes to any form of electronic correspondence.
What this hack example says to me is that we’re screwed regardless. Perhaps it’s time for an invention from the smartphone manufacturer or carrier to ensure proper security.