Somebody's watching you (through your cell phone)


The manufacturers and cell phone carriers have left the security door unlocked
I have to admit, I love gadgets.

A few months back I was looking for a replacement for my trusty Palm m515. I almost went with a Palm Treo 700p. I loved the idea of having voice memos, a PDA, a camera, and a phone all in one handheld gizmo.

No offense, but I wouldn't connect a WinCE device to my toaster, much less my computer. I know people who are very happy with it, but I have yet to be satisfied with any Micro$oft product. So Palm and Blackberry were really the only two options I considered.

But there were two things that kept me from doing it. One was the ever changing price on Verizon Mobile's website for a voice and data plan.

The other was my paranoia. I just didn't like the idea of a cell phone carrier able to access my address book and calendar.

Looks like the situation was worse than I thought.

We review the results of the expedition in a nearby pub. In the 17 minutes we wandered around, Laurie's computer picked up signals from 39 phones. He peers at his monitor for a while. "It takes only 15 seconds to suck down somebody's address book, so we could have had a lot of those," he says at last. "And at least five of these phones were vulnerable to an attack."

The "attack" Laurie mentions so casually could mean almost anything - a person using another person's cell to make long distance calls or changing every phone number in his address book or even bugging his conversations. There are, he says, "a whole range of new powers" available to the intrepid phone marauder, including nasty viral attacks. A benign Bluetooth worm has already been discovered circulating in Singapore, and Laurie thinks future variants could be something really scary. Especially vulnerable are Europeans who use their mobile phone to make micropayments - small purchases that show up as charges on cell phone bills. A malicious virus maker bent on a get-rich-quick scheme could take advantage of this feature by issuing "reverse SMS" orders.

Bluetooth security has become a pressing issue in Europe, where the technology is ubiquitous. The problem will migrate to American shores as the protocol catches on here, too. But in the long run, Bluetooth vulnerabilities are manageable: Handset manufacturers can rewrite faulty implementations, and cell phone users will learn to be more careful. A far bigger security nightmare for the US is Internet telephony, which is fast being adopted for large corporations and is available to consumers through many broadband providers. Voice over IP is, by design, hacker-friendly. No enterprising criminals have dreamed up a million-dollar scam exploiting VoIP technology yet. But when they do, it likely won't be something a simple patch can fix.

As long as the cell phone carriers insist on control of a cell phone's programing, there will be security holes to exploit. Since the carriers undersell all other competition to lock people into long term contracts, consumers actually have less choice. I don't expect the situation to last, but while it does, your cell phone is a bug. Especially the more complex ones.

This assumption that because a company sold you hardware they can control what you do with a device has got to go. And it will too, once customers have a choice.

Oh, my current cell phone? A Tracfone from Walmart. Whenever I don't need to be available to the office, it sits at home. Pay phones and calling cards work remarkably well and calm my paranoid feelings.

— NeoWayland

Posted: Fri - December 15, 2006 at 04:07 PM  Tag


 ◊  ◊   ◊  ◊ 

Random selections from NeoWayland's library


Pagan Vigil "Because LIBERTY demands more than just black or white"
© 2005 - 2009 All Rights Reserved