Smartphone Hijack: Virgin Mobile Users Vulnerable
Software developer Kevin Burke claims Virgin Mobile customers face an unacceptable risk of falling prey to hackers. Unlike many security issues, this isn't an unexpected bug that's produced by an oversight during the coding process.
Burke says weak security within that system might allow hackers to hijack a user's phone number.
According to Burke, he reported the problem a month ago but has not yet seen any sign that the firm is taking steps to fix it. He is now publicizing the issue in the hope of forcing Virgin Mobile into action.
Six Digit Pin Insufficient
The weakness stems from Virgin Mobile forcing its customers to use their phone numbers as their user names when logging into their accounts. Instead of a freeform password, customers must use a six digit numerical PIN code. There's no other option.
As a result, there are only a million possible passwords (000000 through 999999) on the Virgin Mobile system. The total is further reduced because Virgin bans using the same digit four or mores times consecutively (for example, 001111) and four or more sequential numbers (such as 001234).
According to Burke, this makes it significantly easier to guess a password. He tested this theory by writing software that guessed his own password in less than a day.
Burke says allowing eight-character passwords with upper and lower case letters would allow as many as 218 trillion different passwords. (Source: inburke.com)
Virgin Mobile Users Could Lose Privacy, Cash
Once a hacker guesses a PIN, he can read the customer's call logs, change the PIN, and alter the email and home addresses associated with the account.
Worse still, a successful hacker could buy a new handset using the Virgin Mobile customer's money and even start receiving the unsuspecting user's calls and messages.
Virgin hasn't publicly addressed Burke's complaints, but has changed its policies to lock accounts after four failed PIN attempts.
However, Burke asserts that this measure is also flawed because a simple technical workaround could prevent Virgin from properly recognizing each attempted break-in. (Source: computerworld.com)
I can help! Send me a message on the bottom left of the screen (using the Zopim Chat button), or click my picture to read more about how I can fix your computer over the Internet. Optionally you can read all about my credentials, here.
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
Free Guide
