Threat of crooks who hacked off Paris' pals

Share this article

WHEN the news broke that the contents of Paris Hilton’s private mobile phone book had been posted on the internet, most people’s first reaction probably wasn’t one of panic.

Reports of her famous friends’ fury - as they were inundated by calls after 500 numbers and e-mail addresses appeared on a website - were more entertaining than worrying.

Rapper Eminem is said to have had to change his number as fans deluged his mobile and tennis star Anna Kournikova’s line was reported to have been constantly engaged. All are said to be furious with the hotel heiress - one unnamed celebrity rather sniffily said: "I gave Paris my number after we met in Miami. I didn’t know she kept it on her cell phone."

It’s not known how the information was obtained but the phone is reportedly one of several belonging to celebrities which have been hacked into on the T-Mobile network.

But while stars are prone to this kind of intrusion, few people need to fear that their mum’s and Auntie Pauline’s phone numbers in their mobiles’ memories are at the same kind of risk - or do they?

Well, according to the experts, they do.

Until fairly recently, it would have required someone to physically steal your mobile handset in order to get at the information inside.

But, in what is believed to be the first case of its kind, in the United States earlier this month, 22-year-old hacker Nicholas Jacobsen pleaded guilty to penetrating T-Mobile’s servers and recklessly causing damage - a charge that could see him jailed for five years when he is sentenced in May.

The court heard Jacobsen accessed one of the mobile giant’s databases to obtain customer passwords and social security numbers, and how he had amused himself by accessing US Secret Service e-mails.

And recent data gathered by London-based technological intelligence firm mi2g has suggested millions of mobile phone owners with access to the internet will be at risk from hackers targeting wireless internet systems - such as Bluetooth - throughout 2005.

In one alarming process, known as "bluesnarfing", it is believed attackers can access information such as the user’s calendar, contact list and e-mail and text messages through their Bluetooth connection without leaving any evidence.

According to mi2g, the reason mobiles have become susceptible to "malware" - or malicious computer software - is because they are now using operating systems that have effectively turned them into mini-computers.

Business experts Deloitte have predicted a massive growth in more sophisticated phones will correspond with a leap in malicious attacks. They say the recent reports of mobile phone viruses mark the beginning of this new era.

Tony Cooper, Deloitte’s telecoms and technology partner, says: "A growing dependence on electronic devices means that both consumers and businesses are increasingly vulnerable to attack.

"The proliferation of mobile devices provides a number of new entry points for hackers to gain access to private, corporate and even government networks.

"Continued growth of remote working, mobile phone usage and WiFi deployment will expand this risk. There are already more mobile phones than PCs in the world, meaning that a widespread attack on mobile devices could have major consequences.

"Factor in the rapid spread of WiFi - a wireless networking tool that hackers consider an open network - and the risks become all too evident. Businesses face the greatest risk of attack, and could collectively lose millions of pounds a year to hacking, viruses and other malicious intrusions."

HE adds: "It’s no longer a question of if, but when. These threats create a vast market opportunity for companies that sell IT security. The security business will be booming in 2005."

As for the phone company at the centre of the Hilton episode, the UK branch says the same incident could not happen over here.

Habib Khan, security programme manager for T-Mobile UK, says: "Although we don’t know much about it here in the UK, the Paris Hilton case seems to have been caused by someone hacking into the Sidekick service which is only provided in the US.

"But that’s not to say that something similar couldn’t potentially happen here if someone managed to break into our servers."

He adds that although the company is aware hackers have tried to get into the firm’s main servers - rather than individual phones - no-one has managed to break in and cause any damage - yet. But he says the company is not complacent.

He says: "Although there doesn’t seem to be much chance of the actual handsets being infiltrated at the moment, it’s still an area that we are closely monitoring."

He adds that the firm is monitoring its domestic servers - which provide connections between mobile phones - and checking its industrial firewalls and other security measures to fix any weaknesses.

The company is also planning to tell customers about the dangers of replying to unsolicited e-mails and text messages, as well as stressing the importance of installing an authorisation code on to their Bluetooth software.

"There’s no doubt that viruses, spam messaging and attacks will escalate over this next year," he stresses.

"Just as we’ve seen in the home computer industry with the advent of broadband, mobile phones will become a similar target as the technology gets more sophisticated."

However, he adds if the correct precautions are taken, there should be no cause for panic. He says: "I don’t think there’s any great cause for concern at the moment, but then again, it isn’t something that we can dismiss altogether."

But another major phone operator, Vodafone, is less concerned.

Speaking about the Hilton incident, a spokesman argues: "A lot of these reports at the moment appear to be based on speculation and a lot of people jumping to conclusions. The potential to actually hack into a mobile phone just isn’t there at all.

"Our own phone network is an incredibly highly-encrypted system based on military codes and there hasn’t been a single case in the UK of anyone being able to hack into text messages or gain illegal access to the server. In the days of analogue technology, it may have been more plausible, but the practicalities of doing so now are so low.

"Bluetooth technology is only for short-range communications and it would only really be possible for someone to gain access to stored information if they had the phone owner’s co-operation."

He adds that there are far more important security issues to deal with when it comes to mobile phones.

He says: "Most of the time when someone says that their details have been stolen, it’s because they’ve left their phone on a bar or unattended on a pub table. With all the information that can be stored on a phone these days, they’re more like Filofaxes or laptops. People need to treat their handsets in the same way that they would treat their wallets."

But others suggest that suitable anti-virus technology should be incorporated into the handsets.

William Mackaness, of Edinburgh University’s geography department, is researching mobile phone devices for navigation purposes. Although his research doesn’t concentrate on mobile security issues, he agrees that it is an area that could potentially be exploited by malicious programmers and hackers.

He says: "I think there needs to be some way of bringing anti-virus software and firewalls down to a phone level. But that kind of technology would be very difficult to achieve.

"With a computer, the firewall automatically refuses entry to anyone you don’t know, but you have the opportunity to open up the firewall to let certain people or sites through.

"With a phone, however, the whole point is that it could be anyone trying to phone you and it would be very difficult to try to restrict the various calls that you could receive. It is a very challenging problem, but with phones becoming more high-tech it is something that definitely has to be looked at."