Technology security myths debunked
Bursting the security bubble
By Bill Snyder | CIO US | Published: 13:30, 04 May 2010
Think you can hide behind the privacy of an "unlisted" cell phone number? Think again. Maybe you believe you don't need security software on a Mac or iPad. You'd swear that Firefox is the safest browser in town. Wrong on both counts.
Most of us don't think about security for our digital devices until something goes wrong, or it's time to renew an antivirus subscription. But what the security experts like to call the threat landscape changes all the time, and keeping up is hard to do. So we'll save you some time. Here are five current facts that you probably don't know about digital security, but should.
1. Your cell phone is not a juicy hacking target
Related Articles on Techworld
How's this for a loss of privacy: Your suspicious spouse's detective hacks into your voice mail, figures out who belongs to the private numbers you've been calling, tracks their whereabouts and then listens to their voice mail messages. That's a real possibility, according to two young security researchers who have found a way to exploit weaknesses in mobile telecom networks.
The researchers, Don Bailey, of iSec Partners, and independent security researcher Nick DePetrillo, presented a paper called "We Found Carmen San Diego," at the Source security conference last month.
The title of the talk was funny, but what the researchers found "scared us as well," Bailey, 31, said in an interview. "Anyone with some basic knowledge is capable of building the attack tool we developed." Let's hope Bailey was being a bit modest, but the threats he and DePetrillo, 27, found are being taken quite seriously by wireless providers, they said.
Bailey and DePetrillo are "white hats" with no interest in publicising detailed hacking techniques, but they did give me a glimpse into how they do what they do. With my permission, the researchers did a bit of searching on my personal information and found enough to convince me that they are for real.
First and foremost, they have learned how to enter the various caller ID databases, a collection of phone numbers matched to subscriber names by providers for use in caller ID service. Like you, I never suspected that wireless numbers are also entered in those databases. But a number of major wireless providers have begun doing so. The researchers won't say which companies have and which companies have not.
Caller ID information can be matched with other data culled from the global SS7 telecommunications network, including information from the Home Location Record database, and mobile switching centers.
The good news here: the providers are working hard to plug the holes found by Bailey and DePetrillo. However, some of the weaknesses that allow that type of hacking are based on the fundamental design of the cellular network, so the fix is not an easy one.
2. Virus writers ignore Apple Macs and iPads
The iPad has only been on the market for a month, but hackers have already found a way around its security features, at least for those using the tablet in tandem with a Windows PC.
According to the BitDefender, (an antivirus maker) "This particular threat comes in the form of an unsolicited email, promising to keep iPad software updated 'for best performance, newer performance, newer features and security.' Via a conveniently provided link, the email instructs iPad users to download the latest version of iTunes to their PCs. The download page to which users are directed is a perfect imitation of the one they would use for legitimate iTunes software downloads."
Once downloaded, the code opens a backdoor into the system and attempts to read the keys and serial numbers of the software installed on the affected computer, while also logging the passwords to the victim's ICQ, Messenger, POP3 mail accounts and protected storage.
This threat does not target Mac computers, but don't get smug, Apple fans. Macs are vulnerable to other threats. The main reason you hear less about attacks on Macs, is that hackers prefer to go for systems that have the widest possible distribution, and that means Windows. At this year's CanSecWest conference, security researcher Charlie Miller used a flaw in Safari to break into a MacBook in under 10 seconds.