While the phone hacking by British tabloid News of the World was unexceptional by technical standards, security experts say the scandal portends how the growth of smartphones will lead to more sophisticated breaches.
The tactics that tabloid reporters used to eavesdrop on high-profile British targets — and eventually led News Corp. to announce Thursday it is killing the 167-year-old publication — were remarkably low tech.
Former News of the World staffers say that reporters employed tricks to access voice-mail inboxes and procure a great deal of information from British celebrities and the royal family. Experts say that to obtain the PIN codes needed to access those accounts, the reporters used an illegal method known as pretexting.
This tactic involves calling, say, a customer-service representative for a cell-phone operator and impersonating someone to get details about that person’s account. In many places, such as the United Kingdom and the United States, such practices are now prohibited.
Pretexting used to be a vital tool for freelance investigators, said Frank Ahearn, a former detective who does consulting on how to avoid detection, in an interview with CNN last year. “I could still do it, but I just don’t, because it’s illegal now,” he said.
News of the World appears to have exploited a mechanism in mobile-phone carriers’ systems that allows people to access voice-mail messages remotely, from any phone, experts say.
The episodes followed an even more primitive breach in the 1990s when the Sun, another British tabloid, published recordings of royal family members’ phone conversations. Among the revelations: James Gilbey, a close friend of Princess Diana’s, frequently referred to her affectionately as “Squidgy.”
Those unsecured mobile communications, in the days of analog transmissions, were easily tapped by amateur ham-radio operators as well.
Squidgygate aside, the migration to more advanced cell phones in recent years has facilitated more sophisticated intrusions. Smartphones have become the dominant type of mobile device bought in the U.S., according to Nielsen, and are growing rapidly worldwide.
With these pocket computers, intruders have myriad more entry points available to them.
Two of the most common, security analysts say, involve tricking a phone user into installing poison applications or opening malicious links in their Web browsers. Attacks using the latter method are becoming ever more sophisticated because software makers provide few safeguards against them.
With the proliferation of curated app stores, scammers are finding it difficult to sneak their virus-laden software onto people’s phones undetected. Apple and many others, not including Google’s Android, vet apps before making them available online.
Software providers also maintain a “kill switch” that allows them to delete problem programs remotely from customers’ phones after they’ve taken root. And some carriers, such as AT&T, have required that customers only install Android apps from trusted storefronts.
Security researchers have long warned that cell phones are poised to be the next frontier for cyber attack.
“It’s always been a concern,” said John Walls, a spokesman for industry group CTIA Wireless. “That’s why, No. 1, the carriers do invest a vast amount of resources to provide security within their own networks.”
For example, operators have increased the security measures in place to block junk text messages before they reach a recipient’s handset, Walls said.
Cell phones are “built with at least some form of protection engineered from the beginning, which was not the case with PCs,” said Horace Dediu, who runs a Helsinki, Finland, mobile consulting firm called Asymco.
But those protections have, in some cases, bred a false sense of security, Dediu said.
Join the official YWN WhatsApp status
