Cell phones vulnerable to hackers

Criminals use Internet enabled phones to steal personal data, send viruses


Planning to buy that fancy smart phone? A word of caution: Internet-enabled phones have gaping security weaknesses waiting to be exploited, warn cyber security experts. Any smart phone - including Blackberry, Windows Mobile, iPhone and Symbian phones - can be hacked by a nerd with a little bit of code and some cunning.

And they don't stop at data and identity theft alone. Nor are they content with unleashing viruses on the operating system of your mobile. (Even Bluetooth makes your phone a potential target here.) New Age mischief makers have learnt how to bug your phone and remote-control it. They can steal your bank information, send out a mischievous SMS to your girlfriend (who might just dump you!), copy your top-secret files or simply spy on every call/SMS you make from your phone. In fact, they can even 'modify' your SMSes before these are sent out to your contacts - and you wouldn't even know it.

That's not all. Hackers can also use your phone to spy on you by switching it on. They can activate the camera and eavesdrop on your discussions during a business meeting, or while you are secretly negotiating a lucrative job offer with a rival company. What's more, they can even do an audio/video recording by sending an SMS command.

If you thought all this sounds too far-fetched, think again. Cellphone users in the US are already battling with the problem - 200 mobile viruses are on the loose and more are being spawned every day, says TowerGroup, a US-based research firm.

India, too, is a prime target. Instances of mobile viruses are already rampant and experts say the threat is only going to get worse in a market growing at 11.75% per annum. On last count, there were over 261.07 million mobile connections across the country: more than 50% phones being used are smart phones.

No wonder companies that track internet and mobile security are worried. "Smart phones are easy targets for hackers. And studies show the threat is doubling every six months in India," says Anand Naik, director, Symantec India.

How do they do it? The tactics have evolved with the technology. In 2002, IBM researchers found that a cellphone's security card could be cloned in minutes. A hacker could make calls and route charges to the victim's account. The hacking technique, known as a partitioning attack, analyses power fluctuations in a phone's SIM card, allowing the attacker to read the security codes stored inside.

However, the technique only worked on GSM phones and required that the attacker have access to the phone for at least a few minutes. But hackers have become smarter. Now they simply send a spyware or snoopware through an SMS/MMS or GPRS, email or Bluetooth.

"The message can even be disguised as an SMS from the service provider. The moment you click on it the spyware/virus gets activated. It starts working quietly and the user has no clue that someone is tapping everything he does. Once the virus is in, it can block/modify SMSes, intercept calls, upload data, delete or copy the address book," says Rajat Khare, CEO, Appin Group, an information security company. Spam and SMiShing (SMS phishing) are also beginning to make their way into smart phones.

So what should a user do? A few simple steps could go a long way. Adopt a multi-layered security approach. Protect mobile devices with antivirus, firewall, anti-SMS spam, and data encryption technologies and install regular security updates to protect phones from viruses and other malware. And yes, don't click blindly on any SMS, for someone may just be spying on you on the sly.