Table of Contents
- Web Application Security
- Operating System Security
- Network Security
- Hardening Your System
- Wireless Security
- Windows Mobile Autorun
- Does Windows Mobile Code Signing Help or Hurt Microsoft Security? (Part 1)
- Does Windows Mobile code signing help or hurt Microsoft security? (Part 2)
- Cracking the Encryption of a Windows Mobile Application
- Prodding PocketMoney
- Top Ten Cell Phone Security Problems
- Wireless Gadget Vulnerabilities: The Nikon Coolpix P1
- Abusing the Nikon Coolpix P1 Picture Transfer Service/Protocol
- Caller ID Security: Hacking like Paris Hilton
- Stealing Your Family Vacation: Memories of a Media Card
- Pimp My N800
- Designing an Enterprise Handheld Security Policy, Part I
- Designing an Enterprise Handheld Security Policy, Part II
- Designing an Enterprise Handheld Security Policy, Part III
- Designing an Enterprise Handheld Security Policy, Part IV
- BlackBerry Firewall
- Virtual Lock Picking of Windows Mobile Password Managers
- Bypassing the CodeWallet 6.14 Password Validation Routine
- Building a Password Cracker
- Exploiting Systems through ActiveSync
- Mobile Platform Malware Threat Overview
- A Case for Mobile Security Software
- Data Forensics
- Legal and Ethical Issues of Security
- Home User Security
- Job Security for the IT Security Industry
- A Biased Book Review: Chained Exploits: Advanced Hacking Attacks from Start to Finish
- Security of Mechanical Locks
- Information Security in Academics
- Holiday Security: Hackers Don’t Take Holidays
- Gary McGraw on Building Secure Software
- Gary McGraw on Exploiting Online Games
- A Student-Hacker Showdown at the Collegiate Cyber Defense Competition
- The Collegiate Cyber Defense Competition Year 3: Revenge of the Red Cell
- Questions from RSA 2007
- How to Steal 80,000 Identities in One Day
Top Ten Cell Phone Security Problems
Last updated May 23, 2003.
If you don't own at least one cell phone by this point in your life, consider yourself unique. Even members of the Amish community have been seen chatting it up while riding their tractors around in the field. While all this communication may be a great thing, there are some major issues that need to be understood about owing and using a cell phone before you punch in that first number. In this section, we are going to look at the top ten security problems cell phone users face, and how you can mitigate these threats and keep yourself from becoming a victim.
Beware the Virus
The cell phone is nothing less than a simplified computer. Combine this fact with the number of cell phones that are out there, and you have an attractive target for an attacker.
If you think this is not a problem that exists, think again! There have been numerous viruses released for cell phones. Some only kill your battery as they scan for new victims, but others actually make phone calls to high priced lines or send costly SMS messages without the owner's knowledge or consent. The point is, cell phone viruses (and other forms of malware) are here and will only grow in popularity.
Currently, avoiding these malicious pieces of code is simple. Do not install illegal software and do not open attachments. Sound familiar? These two rules should because they are the same rules you should be following when operating your PC!
New Technology Problems
Thanks to the rapidly changing technology, the cell phone market is chock full of all kinds of new and interesting perks. Camera phones, MP3 players, and more can be added to make your mobile experience all the more interesting. Unfortunately, these same features can bring with them some nasty side affects.
One of the first rules of cryptology is that you never trust a new algorithm because it hasn't had enough of a chance in the real world and hasn't been truly tested. The same should apply to all new technologies that you are going to trust your personal information with, including such things as your contact list and personal photos. Simply put, don't let the thrill of a new toy or service blind you to the fact that it most likely has vulnerabilities that could leave you embarrassed, or worse.
Trusting Your Cell Phone Company
When you sign up for a phone service like T-Mobile and you purchase one of their costly Sidekick devices, you wouldn't expect to find you personal pictures online. Unfortunately, this is exactly what Paris Hilton found. As it turned out, T-Mobile stores the pictures she takes on their server. Someone figured out how to get to this information and the pictures ended up online, along with her task list, address book, and more.
The moral of this story is that if you have to rely on a phone company to keep your data secure, it is best not to store valuable or personal information.
Cell phones are small. This is one reason they are so popular. Unfortunately, small things have a way of getting lost or stolen. This threat is obvious, and the solution should be equally as obvious, but is ironically rarely employed. While not unbreakable, it is highly recommended that you lock the phone with a password. The finder of the phone may have your hardware, but at least they won't have your personal information or be able to use your phone.
When you make a call on a cell phone, do you talk about things that might be best kept person to person? I regularly hear people talking about all kinds of personal subjects on these mobile devices. Passwords, credit card numbers, and more are all routinely discussed. Why is this a security issue? Well, who is to say that your phone frequency is not being monitored? While this type of passive monitoring is not cheap or always easy, it is possible. If you treat your mobile communications like they are being monitored by your mother, the FBI, and your spouse. I bet you would be more careful about what you let slip out.
VoIP, Caller ID and Voice Mail
Voice over IP is a growing phenomenon, as are its security issues. With a little time and a solid understanding of a VoIP system, it is easy to target phone systems and trick them into passing fake information. This could be as simple as changing the caller ID number listed with the phone call, or as dangerous as being able to bypass security checks and accessing a mobile phone users account.
To avoid becoming a victim you just have to be aware that a caller may not be who they appear to be. Also, make sure you enable your PIN for all voice mail accounts. It may be a bit annoying to have to enter that four digit number each time you check your voice mail, but that PIN can go a long way in keeping attackers out.
Wireless networking has created several loop holes for phone users. Thanks to VoIP protocols, many new phones are supporting the technology to make free 802.11 calls. This is great, but you need to be aware of the dangers of using 802.11 to pass any information. It has been proven over and over again that 802.11 networks are insecure. They can be easily monitored and attacked. So, before you connect a phone to a WLAN, be sure your security is in order.
Bluetooth is a wireless technology that allows local devices to create a small network through which information can be passed. When it comes to cell phones, this information usually consists of addresses and small files. Unfortunately, if the Bluetooth settings are not correctly applied, an attacker can retrieve address book, call history, and more from a target phone. In addition, viruses have been seen in the wild that have been able to reproduce over the Bluetooth connection. To avoid these problems, simply disable the Bluetooth component of your device until you need it.
When you make a call, your phone must find the local tower and establish a wireless connection. While this is a necessary part of the communication process, it does make it easy for various three letter agencies to track your movements. If needed, authorities can use a triangulation process to find your position down to several feet. Combine this with the fact that some phones include GPS system, and you now have a true Orwellian tool.
Now, this is a bit on the paranoid side, but 911 uses this same process to locate people who call them and then are disconnected. What is to stop someone else from doing the same to track and/or locate your position? If this is something that concerns you, turn off your phone, remove the battery, and wrap the phone in tinfoil.
Cell Phone Radiation, Driving, and Manners
Not all problems related to cell phones are tied to digital security (OK, so I needed one more item to make it an even ten). It would not be a top ten list if you did not include the dangers associated to radiation and cell phone manners.
Cell phones emit energy when establishing a connection. Energy in the form of radio waves is also known as radiation. Radiation can cause problems with cells in your body and lead to nasty things like cancer. The true danger of the problem is related to the amount of power and the frequency of the radio signal. To put this in non technical terms, the only difference between a cell phone and a microwave is the amount of energy used to create a signal. No one in their right mind would stick their head in a microwave! So, keep this in mind and use the antenna. It serves to keep your head out of the way of the signal, and thus keeps the signal out of your head.
Next we have to address the whole driving while talking on a cell phone problem. It is illegal in some areas, and generally frowned upon in the remaining. Fortunately, there are many accessories that can eliminate the dangers related to holding the phone up to your ear (i.e. ear piece, speaker phone, car phone systems).
Finally, it wouldn't be a top ten list if we didn't mention cell phone manners. Not that this is a security issue, unless you consider being targeted with angry stares and insulting comments a problem. Just keep in mind the golden rule (treat others as you want to be treated) and everything else will fall into line.
Some items on this list are more viable than others. Obviously, most of us aren't worried about being tracked down by the FBI. However, things like viruses and privacy should be of serious concern. Hopefully, this short update enlightened you to the possible problems and issues related to owning a phone. Keep this list in mind the next time you pick up your phone and make a call. It only takes a few moments to implement basic cell phone security controls.