Wednesday, July 13, 2011

MEDIA: British Journalists and Phone Hacking Devices

In September 2008 a reporter at the well known British newspaper The Guardian wrote: “I could not believe my eyes. The News of the World ran the diaries of Kate McCann, the mother of missing Madeleine. Why, I wondered, would the McCanns suddenly agree to a red-top publishing such an intimate document? And surely they could not have sold the rights?”

Well, but now we all know HOW and via WHAT MEANS the reporters at the News of the World were able to dig out this information. We also know how they “knew” personal conversations of the celebrities, members of the Royal family, politicians and more. Hugh Grant is still pretty upset about it – can’t you just let Grant and his personal hook-ups with certain ladies be? So is upset Gordon Brown – can’t you just let a person be with his very ill son? Public should learn to NOT know EVERTHING about public people, they are entitled to a privacy like any of us.

Believe me, British people are as disguised with the News of the World’s hacking schemes as is the rest of the world. It also disqualifies and demoralizes the rest of us – the journalists who work very hard to obey and follow the Journalism Code of Ethics.

The new owner and the Editor-in-Chief of the London’s Evening Standard writes, Russian tycoon Alexander Lebedev called Rupert Murdoch's News Corp media empire the most powerful in England and called for action to reduce his overwhelming influence on British media. And it looks that the curse is taken over, now that The News of  the World was killed due to the hacking scandal and BSkyB British pay-TV operator deal is falling apart.

"I don't think it should be that big because then it has too much influence and too much money," – tells Lebedev, the Russian former spy who now owns British newspapers including the Independent and London's Evening Standard, which have been critical of Murdoch since the scandal broke, to Reuters.

Not to mention that the bidding for the additional media channel is contrary to the public interest that has been protesting in the past week against the hacking methods used by British media and the methods that are disqualifying all other solid journalists not only in UK, but around the world. Now we are all questioning how the media works ‘behind-the-scene’, especially tabloids in the likes of US Magazine and Star. However, no matter what they say about the role of tabloids, many people and experts agree that there is a part for tabloids to play in society – do not disregard them completely. 

The last issue of News of the World

Allegations that the U.K. tabloid News of the World hacked into voicemails including those of a murdered schoolgirl have sparked a public outcry in Britain and led Rupert Murdoch’s News Corp. (NWS) to close the newspaper.

Moreover, according to the specialists in USA, UK and Russia, with some of whom I’ve spoken in the last few days, say that hacking mobile devices is BEYOND easy.

The unfolding phone-hacking scandal in Britain is heightening concern about the security of mobile devices, prompting one U.S. lawmaker to query companies including Apple Inc. (AAPL) and Google Inc. (GOOG) about potential risks.

“As mobile devices become more integrated into our daily lives and do more critical functions like e-banking, then we’ll see more hacking incidents because you’ll have higher reward,” Chenxi Wang, a San Francisco-based security analyst at Forrester Research Inc. (FORR), said in an interview.

In the wake of the British scandal American politicians are now reaching out to mobile device and services providers such as Apple, maker of the iPhone and iPad, and Google, whose Android operating system powers millions of smartphones, to make sure that they are re-reviewing their privacy settings. And while as of the moment it appears to be primarily a British issue, American government wants for the industry to determine if there are any vulnerabilities in cell phones or mobile devices which can be exploited by criminals and other unscrupulous individuals.

Here are a few facts to consider:

The number of U.S. smartphone users is expected to jump to 158.9 million in 2015 from 99.6 million this year, according to Forrester Research Inc., a Cambridge, Massachusetts-based technology research firm.

Downloadable applications for smartphones and tablet computers are vulnerable to attacks by hackers, Enrique Salem, chief executive officer of Symantec Corp. (SYMC) the largest maker of security software, said in a June 1 interview.

Cupertino, California-based Apple’s App Store has more than 425,000 applications, while Google’s Android Market has more than 200,000.

According to an Apple spokesperson, Apple takes security very seriously and that they have a very thorough approval process and review every app. They also check the identities of every developer and if we ever find anything malicious, the developer will be removed from the iPhone Developer Program and their apps can be removed from the App Store.”

Hacking Devices:

Hackers can gain access to cell phones by calling a person and impersonating a phone company official, or using software to correctly guess a password. (Watch out about the broader data risks posed by mobile devices, including smartphones that carry advanced features such as Web browsing and software applications).

If it’s easy for a tabloid to hack into phones, it’s easy for other venues as well.

Introducing legislation last month that would require companies such as Apple and Google as well as application developers to obtain permission from mobile users before collecting location data and sharing that information with third parties.

According to ITWorld News of the World investigators allegedly paid to access the phones didn't clone the target phones and reproduce identical spoofs, as is often portrayed in spy thrillers and almost-accurate tradecraft voice-overs on Burn Notice. They just got the victims' PIN numbers so they could listen to v-mails stored on server-based voice mail systems owned by cell phone carriers.

According to the New York Times, they used social engineering with a characteristically colorful British slang name: "blagging." It means they could call government agencies, cell phone carriers and other potential sources and con them into thinking they were the celebrity being targeted so they would either be given the password or could create a new one.

The more technical approach was to have two investigators on a multiline connection call the victim's phone and, while the first investigator kept the line engaged, the other called the voice-mail line, and connected that call to the already-open line to the victim's phone so when the voice-mail system asked for the phone's unique ID, the victim's phone would give it.

Ambitious LEGAL Geeks on How to Crack a Cell Phone:

There are a lot of ways to get the PIN, or get through without needing it, but none require a CS degree and years hacking firewalls at NSA to build up the expertise.

It's not even hard to find the information. Searching Google for "how to hack a mobile phone" turns up a lot of solutions so simple some people appear to be trying to make the whole thing harder just to keep it interesting.

You do have to know the victim's private cell phone number and the carrier providing the service, if only to know the generic voice-mail access number to dial.

Spoof Your Victim's ID - the big barrier is convincing the voice-mail servers you are calling from the victim's phone. Cell-phone networks identify every phone using a 17- or 15-digit International Mobile Equipment Identity number on GSM phones or the Electronic Serial Number (ESN) on CDMA phones. The numbers are flashed onto the phone at the time of firmware burn-in and can't be easily changed. In the U.S. at least, the FCC requires ways to change it not be easily accessible. You can change it by taking the chip holding the IMEI out of the phone and replacing it with another, but you'd just be changing the IMEI, not adding a different one.

Tools like this one promise to give you a different IMEI appropriate to your model of phone, but not to imprint it on the phone or discover one owned by your target.

Finding the IMEI or ESN - on most phones the ID numbers are printed inside, often under the battery. If you can get access to the phone and open it, you can get your victim's ID. Most phones will also show the ID if you hit a specific key code -- *#06#, for example. It's also possible to intercept the data stream between a cell phone and its access point and decode it, but if you have the equipment on hand you don't need my help to figure this out. Cell phones use radio the same way WiFi does, but on different frequencies . WiFi is 2.4GHz; cell phones operate on 850 MHz, 900 MHz, 1800 MHz and/or 1900 MHz. You could tune a receiver to pull in the signal, but carriers encrypt cell phone traffic using their own algorithms, so cracking the encryption to unencrypt the traffic and find the IMEI sent by the phone when it first connects to tower is possible. If you're with the NSA.

Far easier is to work for a cell phone carrier or bribe someone who does or pay a service provider for your own access to the global Equipment Identity Register (EIR) database carriers use to identify all those mobile devices.

Access is normally used to track stolen phones, but that process can be reversed to find the phones you'd like to steal, or at least break in to.

There are, however, HARDER ways to hack a phone:

It’s the old-fashioned telecom-engineer approach -- according to a BBC story written in 2002, not long before the first wave of phone-hack scandals began at NOTW -- is to spoof the victim's cell phone number and authentication data, dial in to the voice mail system, and fake your way to the v-mails. The key is to be able to convince the voice-mail server that you are calling from the cell phone of your victim -- an identification they make using the.

To learn more about the harder ways, click here.

The Easier Way Using any of a dozen Caller ID Spoofing services -- which are designed, they say, to protect the privacy of callers, not abet invasions of privacy -- you can make calls that appear to come from someone else. Those services only change the Caller ID number that shows up on the phone, however, not the IMEI or ESN the voice-mail servers use to verify the identity of the hardware itself. There are a number of Java scripts and apps for both Windows and MacOS designed to change out the IMEI, often as only one of a wider range of features to root the phones, create a backup image and change out portions of the operating system. Some emulators are able to send fake IMEI numbers to the carrier's network, even without changing the IMEI on the phone itself. They spoof by replacing a number you choose with the real one, and return the phone to normal when they're shut down.

The Easiest Way to hack a phone – is to get an app online. There are many of them, actually.

So, apparently it’s easy to hack into mobile devices. Is your phone secure?

No comments:

Post a Comment