Smartphone Hijack: Virgin Mobile Users Vulnerable

by John Lister on 20120920 @ 11:54AM EST | google it | send to friends
Filed under Security | (related terms: virgin mobile, burke, pin, user, customers)

Software developer Kevin Burke claims Virgin Mobile customers face an unacceptable risk of falling prey to hackers. Unlike many security issues, this isn't an unexpected bug that's produced by an oversight during the coding process.

Burke says weak security within that system might allow hackers to hijack a user's phone number.

According to Burke, he reported the problem a month ago but has not yet seen any sign that the firm is taking steps to fix it. He is now publicizing the issue in the hope of forcing Virgin Mobile into action.

Six Digit Pin Insufficient

The weakness stems from Virgin Mobile forcing its customers to use their phone numbers as their user names when logging into their accounts. Instead of a freeform password, customers must use a six digit numerical PIN code. There's no other option.

As a result, there are only a million possible passwords (000000 through 999999) on the Virgin Mobile system. The total is further reduced because Virgin bans using the same digit four or mores times consecutively (for example, 001111) and four or more sequential numbers (such as 001234).

According to Burke, this makes it significantly easier to guess a password. He tested this theory by writing software that guessed his own password in less than a day.

Burke says allowing eight-character passwords with upper and lower case letters would allow as many as 218 trillion different passwords. (Source: inburke.com)

Virgin Mobile Users Could Lose Privacy, Cash

Once a hacker guesses a PIN, he can read the customer's call logs, change the PIN, and alter the email and home addresses associated with the account.

Worse still, a successful hacker could buy a new handset using the Virgin Mobile customer's money and even start receiving the unsuspecting user's calls and messages.

Virgin hasn't publicly addressed Burke's complaints, but has changed its policies to lock accounts after four failed PIN attempts.

However, Burke asserts that this measure is also flawed because a simple technical workaround could prevent Virgin from properly recognizing each attempted break-in. (Source: computerworld.com)

Free eBook: Windows 7 - The Pocket Guide. Windows 7 is by far the most favorite and widely-used Microsoft operating system to date, and, there are literally thousands of customizations you can apply to it. This pocket guide will help you customize your Windows 7 PC and make it work in the easiest and most optimized way possible. The eBook is written in an easy to understand manner, whether you're a newbie or seasoned pro user. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.

Free Newsletter

Stay informed -- get our timely news delivered via email or RSS!

Most Clicked Stories
(In the Past 15 Days)

Freebies

Recommended Sites

DownloadMix.com: More Freeware + Shareware

About

Established in 2001 and read by over 250,000 users world-wide, infopackets features the latest in headline news based on MS Windows, Internet, and technology trends. Subscription to our website is free! Join our discussion list, today!