HACKGATE DAY 260: IS THIS THE NEXT STAGE?

Eclectic mixed-data and monetised ‘Android’ phones are a hacker’s dream, and a libertarian nightmare

With the discovery over the last year or so that a 5 year old could hack into mobile phone voicemails, not surprisingly the goblins of every shape and size who would still like to know about us without us knowing that they’re knowing are working hard on new technology to quietly sidestep the blocking system it takes ten seconds to employ. And they are succeeding.

A growing number of companies, including start-ups and big names in computer security like McAfee, Symantec, Sophos and AVG, foresee huge growth in the business of  protecting phones from hacks and spyware that can already read text messages, store location information, or add charges directly to mobile phone bills.

Experts in mobile security agree that mobile hackers are not yet much of a threat. But they think things will change very quickly, especially now that increasing numbers of people are using their phones for EFTPOS. (Here in France, you can get money out of the post office with them).

“The bad guys are going to follow the money over to phones,” says Charlie Miller, a researcher at US outfit Accuvant, “smartphones people have are computers, and the same thing that can happen on your computer can happen on your phone.” Also, initial studies suggest that people are more blase and distracted about mobile phone risks than they are with laptops. But the line between the two is blurring anyway – and harmful attacks are beginning. Predictably - as my last piece about hacking and blagging suggested – these are coming from Russia and China…with all kinds of motives.

Not surprisingly, this has the ISPs worried. Google says it regularly scans apps in the Android Market for malware and can rapidly remove malicious apps from the market and from people’s phones. It prevents Android apps from accessing other apps and alerts users if an app accesses its contact list or location, for instance. T-Mobile also builds the ‘Lookout’ firewall into its Android phones.

At the moment, phone-hacking to obtain access to secret and/or monetised data is comparatively rare – maybe no more than a million cases globally. But Giovanni Vigna, a professor at the University of California, avers that it’s just a matter of time before mobile security becomes second nature to consumers. “The moment malware starts direct thieving – using text messages and expensive minutes people have to pay for – things will move a lot faster,” he says.

But for those of us who have taken a keen interest in the hacking of celebs by the media – and blagging of corporate secrets via laptop contents – there are some mid-bogglingly awful possibilities here. The day isn’t far away when the eclecticism of mobile phones/gadgets in our pockets and handbags will be such that – moving a level above the common or garden virtual mugger – a Government minister, say, could have damning or even top security texts, emails and word documents on the device. Knowledge about Lord Ashcroft’s banking arrangements is one thing: a memo ordering SAS support for US surveillance in Pakistan is a different matter entirely.

The hardware and software boys looking forward to a big payday (as one level of technology is first of all broken and then redeveloped and then broken again ad infinitum) may sound like textbook repeat-purchase capitalism. But in both the personal liberty and State security fields, it is a nightmare that must not be allowed to happen.

Anti-Murdoch campaigning MP Tom Watson is already on the record as saying that “emails will be the next big front line” when it comes to protecting all of us from spying – authorised or otherwise. The reality is that, as everyday sensitive data transfers from the laptop or dongle to the phone, there are immediately a thousand new ways for the unscrupulous to bend the law and slide under our metaphorical front door. As a nation (and especially as a political and police class) we are light years behind in this area. If we don’t start to catch up soon, that’ll be another half-million immigrants we need to do it for us.

10 thoughts on “HACKGATE DAY 260: IS THIS THE NEXT STAGE?

  1. So ISP are on the security”case”indeed.Yet they and many others insist on purchasing chips from China not Taiwan but China.In the meantime “cloud”providers in the US and the West are struggling at “start-up”whilst Russian and Chinese cloud providers have spare capacity but not yet the dark fibre optics to access their clouds by a serious number of people in the West.As soon as access price drops cloud provision will move to Russian Chinese platforms-then what?
    Meanwhile hacking of phones continues unabated in West London.

  2. I know that I’m going to sound like an old fart Luddite, but isn’t it time to revert to the postal & courier services? Particularly for sensitive government and corporate documents. It may be a slower method but if it means safer protection for the state & its citizens, surely it’s a small price to pay. Everything nowadays has to be fast-track and instantaneous, but that doesn’t always guarantee the best solutions or results. If some serious money was invested to make the services as sophisticated as possible surely it would be preferable to the continuous threats of hacking. An added bonus would be the provision of employment & it would also prevent government ministers using their private texting to avoid scrutiny of the Freedom of Information Act. So it’s back to the old electric typewriter for me (no hard drive to worry about there)

    • Liz,
      you are totally right here. Any seriously minded person looks to post – or if really careful, will simply take it around by hand (or send the chauffeur).

      After all, a lot of the investigations following the 7/7 bombings focussed on phone calls and suchlike.

  3. Its not the security of phones that bothers me. Smartphones are just computers, theres nothing really new there, other than perhaps a whole load more users and use cases.

    Google can scan the android market all they like, the fact is there is no technical distinction between a legitimate transmission of data and an illegitimate one.

    What bothers me far more is the centralisation of data, like we see with “cloud computing” (a fancy name for nothing particularly new). The war of client versus server model has gone on since the beginning of networks. Initially the internet and the web scattered data far and wide, which was a good thing in my opinion. However more recently in the “web 2.0″ or “facebook” age we have seen a major resurgence towards centralised models, and all sorts of abuses of the data.

    At the end of the day, if you keep your data anywhere other than in your pocket, it is very probably accessible to somebody.. somewhere.

    Very relevant to this topic, and counter to these trends, take a look at Diaspora, a new “libertarian” model for social networks and communication. It is like Facebook, only fully de-centralised. You can decide where your data is kept, and who can see what.

    https://joindiaspora.com/

  4. John,
    it is known that Apple computers are less easy to hack (having a Unix base for one thing helps here). What do you know about the iPhones and the like, are they easy to hack?

    Was it you that mentioned that once Apple computers achieve 25% of the market, there will be certain people who will start to get interested?

  5. Thanks for your comment JW, we agree on such a lot of issues, I’m sure we’re soulmates, separated only by the English Channel (plus a couple of spouses of course!)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s