Security experts: It's not easy to hack mobile phones

A Tacoma, Washington, family is claiming the mobile phones it uses have been taken over by hackers, who are turning them on at will, capturing conversations and manipulating the mobile phone camera.

The story of the Kuykendall family, as reported in the Tacoma News Tribune last week, seems an unlikely one, with tales of how they believe their cell phones, as well as those owned by other families, have been taken over and cell-phone cameras mysteriously turned on and off. While the mystery of the Kuykendall family's cell-phone experience isn't fully explained, people are wondering whether such events are even possible. Security experts say yes -- but still in the realm of the unlikely.

Security experts from IBM, McAfee and Symantec all agree that mobile phones of virtually any type can be broken into and maliciously controlled, though it takes a high degree of sophistication to do it.

"It's definitely possible but still something that is limited to a very sophisticated attacker," says Neel Mehta, team lead in the advanced research group at IBM's Internet Security Systems Division.

Mehta said malicious code to take over the phone could be sent to the intended victim in the guide of a picture or audio clip. Once the victim clicked on it, however, the malware to control the phone would be installed. Many in the industry refer to this as "snoopware."

This type of cell phone hijacking, enabling the attacker to manipulate the microphone and camera, remains "a very rare occurrence in the field," said Paul Miller, managing director of mobile security at Symantec.

However, he noted that J2EE-styled malware such as the "Red Browser" for sending SMS messages, believed to have originated in Russia, is known to exist, and has been used typically to defraud the victim, particular in Europe. He added the number of viruses targeting smart phones and feature-based cell phones remains low, roughly one in the mobile realm for every 500 viruses targeting PCs, he noted.

Miller also pointed out that there are 'spouse-monitoring tools" that can be obtained on the Internet to snoop on phone use, and some pure hacker varieties of this are starting to appear as well.

McAfee had a similar perspective on hijacking of cell phones, whether feature-added voice phones with cameras or the newer breed of computer-based smartphones, agreeing it can happen but appears to be a rare occurrence.

"People aren't expecting any trouble with mobile phones and in general, it's been a safe tool," says Jan Volzke, senior manager in mobile security at McAfee. But having your cell phone hacked "is possible though unlikely."

Volzke said the ways this might be done would depend on someone deliberately tampering with the cell phone by gaining physical access to it, or possibly tricking the cell phone user into downloading of malicious software through Bluetooth infrared or other means.

Once installed, that Trojan, acting like a small application, would let the attacker remotely control the phone and its features, such as cameras and microphones.

However, Volzke added this kind of attack remains highly unusual and is regarded as likely targeted at the specific individual using the cell phone rather than a mass attack against an entire cell-phone population base.

A Verizon Wireless spokesman said the situation concerning the Kuykendall family, couldn't occur on a CDMA wireless network. Jeffrey Nelson, executive director corporate communications for the carrier, based in Basking Ridge, N.J., says: "As any responsible wireless service provider should, we're investigating to best understand what may have happened in this particular situation, and whether it's even theoretically possible. At this point, we don't believe our customers are in any way vulnerable to the kind of remote hacking you describe."

Yet Nelson declined to give any explanation of why Verizon thinks that. And in response to a request for a technical expert to explain it, he emailed back: "sorry, don't have anybody."

Network World Senior Editor John Cox contributed to this story.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Ellen Messmer

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?