Mobile Phones Being Hacked and Cloned

Cloning occurs when hackers scan the airwaves to obtain SIM card information, electronic serial numbers and mobile identification numbers, and then using that data on other phones.

Cloning can happen anywhere, anytime that you’re using your phone. The bad guy simply uses an interceptor, hardware, and software to make a phone exactly like yours.

A few years ago, I was in San Diego on business. Two weeks later I received a call from my carrier alerting me to $1500.00 worth of international calls I had not made. The activity triggered an alert within their system and they shut my account down.

Fortunately for me, my carrier recognized the fraud and relieved me of the charges, rather than me discovering it and having to fight to reverse the charges. Apparently, it was a known issue that scammers in Tijuana were cloning U.S.-based phones.

Anita Davis, another mobile clone victim, wasn’t so lucky. One month, her cell phone bill showed $3,151 worth of calls in one month, to Pakistan, Israel, Jordan, Africa, and other countries. Anita called her carrier immediately and told them she didn’t know anyone in those countries, or anyone outside the U.S. for that matter. She says, “They told me I had to have directly dialed these numbers from my cell phone and I needed to make a payment arrangement or they would send my bill to collections.” After begging and pleading, Anita convinced them to drop the charges.

The extent of your vulnerability varies depending on your phone and the network you’re on. Cloning mobile phones is becoming increasingly difficult, but consumers can’t do anything to prevent it from happening. The best way to mitigate the damage is to watch your statements closely. The moment you see an uptick in charges, contact your carrier and dispute the calls.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. (Disclosures)



Dealing With Daily Digital Surveillance

Our everyday activities are being monitored, today, right now, either by self-imposed technology or the ever-present Big Brother.

Traditionally, documenting our existence went like this: You’re born, and you get a medical and a birth record. These documents follow you throughout your life, filed and viewed by many. You must present these records in order to be admitted to a school, to be hired, or to be issued insurance. You get a Social Security number shortly after birth, which serves as your national identification. These nine numbers connect you to every financial, criminal and insurance record that makes up who you are and what you’ve done. Beyond that, it’s all just paperwork.

But today, as reported by USA Today, “Digital sensors are watching us”:

“They are in laptop webcams, video-game motion sensors, smartphone cameras, utility meters, passports and employee ID cards. Step out your front door and you could be captured in a high-resolution photograph taken from the air or street by Google or Microsoft, as they update their respective mapping services. Drive down a city thoroughfare, cross a toll bridge, or park at certain shopping malls and your license plate will be recorded and time-stamped.”

Then, of course, there are geolocation technologies that work in tandem with social media status updates, applications that track you and leak that data, and cookies on websites.

All of these technologies have been around for a while in one form or another. The difference is that today, databases are collecting and sharing that information like never before.

On top of that, new facial recognition technologies will connect your social networking profiles to your face, and that issue will be compounded when you share photographs that are geotagged with your location.

Knowing this, and understanding technology’s impact on what you once considered privacy, ought to resign you to the fact that at this point, privacy is kind of a dead issue. If you want to participate in society you have no choice but to give up your privacy (but not your security), to a certain extent.

Your new focus should be security. Secure your financial identity, so nobody else can pose as you. Secure your online social media identity, so nobody else can pose as you. Secure your PC, so nobody can take over your accounts. And please, there’s no sense in telling the world what you are doing and where you are every minute of the day. When you do this, you aren’t just relinquishing privacy; you are compromising your personal security.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses Social Security numbers as national identification on Fox News. (Disclosures)

4 Reasons 2011 is the Year to Get Serious About Security

Prognosticators are silly. Or that’s how I’ve always viewed them, anyway. They combine past experience with their perspective on current trends to make predictions and pretend to be smarter than you.

Many prognosticators in the financial world have failed miserably, and we’re all paying the price now. Their current excuse is “irrational exuberance.”

But prognostication holds a bit more water these days, thanks to technology that can quantify and collate mass amounts of data to provide an educated guess.

Here’s me being a prognosticator: In 2011, unprecedented security issues will reveal just how vulnerable we are and highlight the flaws in our systems. In other words, we have a big challenge.

What makes me say this? Here are just a few reasons:

1. In recent months, “hactivisim” has become a popular term, even among non-technical people.

2. A new virus called Stuxnet has stoked anxieties about cyber warfare.

3. Cybercrime targeting the government has become bolder than ever.

4. Mobile phones are eclipsing wired phones, so software developers are more focused on mobile. But is your cell phone ready to be your bank?

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses online banking security on CBS Boston. (Disclosures)


Cool Tools To Access Files Remotely

Whether you’re a road warrior or simply own multiple PCs and want access to all your data from anywhere, here are a few easy ways to do it, and one not so easy option.

All of these options are secure, as long as you don’t leave a remote PC logged into your account, or log in from a PC that is already infected with spyware or a virus. I only log in from trusted PCs like my own laptop.

LogMeIn gives you remote access to your PC or Mac from any other computer with an Internet connection, for free. Just install LogMeIn on the computer you want to access, and then log into your account from any other computer. You’ll be able to see your desktop and use all your applications, as if you were sitting right in front of your home computer, even if you’re across town, across the country, or across the world. LogMeIn Pro², a paid upgrade, adds additional features like file transfers and remote printing.

Orb is a free program that essentially turns your PC into a server. Once you’ve downloaded and installed Orb, you can use any Internet-connected device with a streaming media player (mobile phone, PDA, laptop) to log into mycast.orb.com and access all your digital media, anywhere, anytime. Orb is also compatible with the Wii, PS3, and Xbox, so you can enjoy your media on your television screen as well! While Orb is heavily focused on delivering digital media, it works with documents as well.

If you’re a Mac guy, then you’re all about Me.com. For $99 a year, Me.com gives you easy access to your most important stuff, including email, contacts, calendars, photos, and files, from one place on the web. And since any changes you make on Me.com are stored in the cloud, you can see them on all your other devices, too.

Mocha Remote Desktop is a free application that provides complete, secure access to all the files and programs on your work PC from your iPhone, iPad, or iPod touch, as long as your work computer is running Windows XP Professional, Windows Vista, or Windows 7.

Remote Desktop is built into the Microsoft Windows operating system. Not all versions of Windows have Remote Desktop functionality, though. Windows Professional and Ultimate editions generally include Remote Desktop by default. This is the cleanest example of real-time remote access technology, giving you the feeling that you’re sitting in front of your home PC’s desktop, from anywhere.

Setting up Remote Desktop is another story.

It’s easiest to do it from within your own internal network. If you want to use Remote Desktop from anywhere else in the world, you’ll need to configure your router and set up port forwarding, preferably with a Dynamic DNS account.

Personally, I like Remote Desktop best, but it takes serious time and effort to get it working the way you want.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses yet another data breach on Fox News. (Disclosures)

mCrime Perfectly Positioned to Pounce in 2011

The number of households in the United States that rely solely on wireless telephones continues increasing. More than one in four households had cell phones and no landlines in the first half of 2010, which is an increase of 2.1% since the second half of 2009. And almost one in six households uses cell phones exclusively or almost exclusively despite still having a landline.

What’s most interesting is that more than half of adults between 25 and 29 rely on cell phones alone. This is the first time that adults of any age range have been more likely to go without landlines. This trend indicates that those who have grown up with mobile phones as an accoutrement that went along with their lunch box have never bothered to get a landline. In a few decades, the landline will probably be about as obsolete as the rotary phone is today.

As a result of this shift, software application developers are focusing primarily on mobile devices, with PCs demoted to a secondary consideration.

And whenever there’s a major transition to a new technology, the uncertainty and newness creates the perfect opportunity for scammers to launch attacks. Dave DeWalt, chief executive of McAfee Inc. security software, predicts, “2011 is the year of the threat to the mobile device, particularly the mobile app.”

There are plenty of new tablets and smartphone devices coming out this year, along with thousands of new mobile applications. Meanwhile, hackers are creating bugs and viruses that modify the legitimate software industry’s processes.

Expect more scams and more scam warnings in 2011. The main initial concerns involve rogue apps and phishing messages designed to extract credit card numbers and login credentials. As mCrime evolves and criminals begin to make some money, they will have the resources to hire crackerjack programmers to do their deeds.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. (Disclosures)

Digital Lifestyle: 4 Essential Mobile Travel Apps

You don’t reach Platinum Medallion status on Delta by sitting on your back porch. I got there by schlepping all over the country, from one airport and hotel to the next. And technology definitely plays a major role in making my trips more manageable.

I swear by the following apps:

Tripit is a free app that keeps your itineraries easily available on your smartphone and gives you instant access to any information you might need on the road, even when you can’t connect to the Internet. (Flight times, confirmation numbers, and even maps.) Email your receipts from airlines, hotels, and rental cars to your TripIt account, and this highly intuitive app organizes the information by date and time.

FlightTrack costs $5, and it’s the best app out there for tracking flights, with beautiful, zoomable maps and real-time departure schedules, delay updates, and gate numbers at a glance. FlightTrack will alert you to cancellations and even help you find an alternate flight. Full international coverage means you can track flights worldwide. FlightTrack works in tandem with TripIt.

AroundMe is a free app that quickly provides information about your surroundings. How many times have you needed to find the closest gas station? AroundMe identifies your position and shows you a complete list of all nearby businesses in a selected category, including banks, bars, gas stations, hospitals, hotels, movie theaters, restaurants, supermarkets, and taxis. Each listing includes distance from you, a map, and directions, plus you can easily add the information to your contact list or email it to a friend.

Yelp has a free app for your iPhone that can help you find whatever you need when you’re on the road, whether it’s a burrito joint that’s open right now, the closest Irish pub, or a gas station that you can drive to before your tank hits empty. You can search for places to eat, shop, drink, relax, and play, and read reviews from an active community of locals. The iPhone’s built-in location finder makes it easy to search for places nearby. This is similar to AroundMe, but I always use Yelp for restaurants because of the detailed user commentary.

There are thousands more in this category. Some work better than others. What travel apps do you use?

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses mobile phone spyware on Good Morning America. (Disclosures)

Mobile Apps Are Leaking Data on You

Tracking users is all the rage. A battle is being waged over our data, and there are several parties involved in this fight. We voluntarily offer our data to various companies, only to discover that they are using it in ways that we never anticipated.

Smartphones have become almost an extension of ourselves. They are as integral to our lives as clothing. I have mine clipped to my suit when I’m working, jeans when I’m shopping, and pajamas when I’m lounging. And then, of course, it’s on the nightstand when I’m sleeping. It’s even right outside the shower.

And then there are the applications. Most people spend more time navigating their apps than actually making or receiving calls.

The Wall Street Journal found that many app developers haven’t been upfront with their intentions:

“An examination of 101 popular smartphone “apps”—games and other software applications for iPhone and Android phones—showed that 56 transmitted the phone’s unique device ID to other companies without users’ awareness or consent. Forty-seven apps transmitted the phone’s location in some way. Five sent age, gender and other personal details to outsiders. The findings reveal the intrusive effort by online-tracking companies to gather personal data about people in order to flesh out detailed dossiers on them.”

One developer of online ads and mobile apps declared, “We watch what apps you download, how frequently you use them, how much time you spend on them, how deep into the app you go.” The motivation here is money. The more they know about you, the more targeted ads they can deliver, and the more likely you are to buy.

So what to do? Privacy concerns are justified, but what can be done with this data, other than ad targeting? Not much. I don’t see any fraud or identity theft happening as a result of this. They aren’t going to try to sell you anything by cold calling you, and hopefully they’ll refrain from emailing sales pitches.

If you want to cleanse yourself of this type of tracking you can delete and avoid apps, or you could provide false information, but that could violate terms of service, and might even be a useless tactic.

The best you can do is try to understand what you are giving and what you are getting in return, and make conscious decisions as to whether the tradeoff is worth it to you.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses leaky applications on Fox News. (Disclosures)

Shoring Up National Cyber Security Infrastructure

The wild, wild web is the most exciting, alluring, and all-around awesome thing available to us today. It’s also something we have come to rely on to a fault. And that’s a little scary. The Internet is a decentralized wilderness, used by billions of devices worldwide.

Joe Lieberman, chairman of the Homeland Security and Governmental Affairs Committee, introduced a controversial bill designed to empower the United States to shut down the Internet, explaining, “For all of its user-friendly allure, the Internet can also be a dangerous place with electronic pipelines that run directly into everything from personal bank accounts to key infrastructure to government and industrial secrets, our economic security, national security and public safety are now all at risk from new kinds of enemies — cyber-warriors, cyber-spies, cyber-terrorists and cyber-criminals.”

Regardless of the politics behind the issue, shutting down the Internet would have dire consequence on everything from electricity, water delivery, transportation, and food production. We simply aren’t prepared for that kind of shift.

But the question remains, how do we shore up our nation’s critical infrastructure against online attacks?

States, governments, and corporations are investing billions in online infrastructure. Thousands of cyber security professionals are being trained to keep us safe. I can only hope that many are decentralizing their systems in order to become self-reliant if necessary.

While technologists and government leaders are sorting this out, the weakest link in the chain is still…drum roll, please…you.

Corporations and government agencies are legally required to secure their systems, at least minimally. But no such standards exist for the consumer. No laws require you to take a single step for the sake of your own security. Software vendors should certainly be held accountable if their products aren’t secure, but this alone is inadequate.

If you buy a bike for your child, for example, it’s up to you to teach him to ride safely, and to require him to wear a helmet. In many places, children are legally required to wear bike helmets. Similarly, you can’t drive a car without a license, and you can’t get that license without proper training.

It should be the same with technology. Before you come to rely on a smartphone or PC, you ought to receive training on how to use it securely. I have enough faith in people to believe that if we truly understand the consequences of inaction, we’ll come together and act to resolve whatever problems we face. We need to get together on this issue and do something about it…like, yesterday.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses the possibility of an Internet crash on Fox Boston. (Disclosures)

Who Owns the Online Road?

“Net neutrality” refers to the idea that Internet service providers should treat all sources of data equally. There has been debate as to whether ISPs should be permitted to treat their own content preferentially, or allow certain content providers to pay for faster transmission, creating two tiers of web service. There is also a question as to whether these companies can block or create hurdles to reach content representing controversial points of view.

The New York Times reports, “The proposed rules of the online road would prevent fixed-line broadband providers like Comcast and Qwest from blocking access to sites and applications. The rules, however, would allow wireless companies more latitude in putting limits on access to services and applications.”

A two-tiered web is one in which powerful companies have the ability to play favorites. Major corporations with deep pockets could purchase higher speed service to transmit their own content, while consumers would lack those resources. Some say a two-tiered Internet would bring consumer connections to a crawl. While there probably will be some abuses, I’m sure that if this happens, these abuses will come to light relatively quickly.

What has many up in arms has been the broadband carriers’ attempt to block websites or applications. In some cases those sites may compete with the carrier, or they may be a drain on resources, such as with torrent downloading sites. It doesn’t look like carriers will be allowed to block anything, but this battle is just beginning.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses the possibility of an internet crash on Fox Boston. Disclosures

Google Adds Security to Search

The Internet can be a dangerous neighborhood, and safety precautions are a necessity. . IBM Internet Security Systems blocked 5,000 SQL injections every day in the first two quarters of 2008. By midyear, the number had grown to 25,000 a day. By late fall, attacks climbed to 450,000 daily. The US government servers and sites are targeted 60 million times a day, or 1.8 billion times per month.

While the government fights to protect itself, you and I are on our own, and most civilians are completely unprepared for an attack.

In the University of Cincinnati’s Journal of Homeland Security and Emergency Management, the authors write, “The general population must be engaged as active security providers, not simply beneficiaries of security policy, because their practices often create the threats to which government responds.” In other words, citizens need to take personal responsibility and start acting securely, rather than expecting it to all be done for them.

But Google is lending a helpful hand.

In December, they posted the following announcement on the Google blog:

“Today we’ve added a new notification to our search results that helps people know when a site may have been hacked. We’ve provided notices for malware for years, which also involve a separate warning page. Now we’re expanding the search results notifications to help people avoid sites that may have been compromised and altered by a third party, typically for spam. When a user visits a site, we want her to be confident the information on that site comes from the original publisher.”

You can see an example of a search result notification here. Clicking the “This site may be compromised” warning brings you to an article with more information, and clicking the result itself brings you to the target website, as usual.

My observation has always been if a person decides to use the Internet, they should take some basic courses via your local adult education offering and read up about how to log in securely . New scams pop up every day, and one has to be aware of their options.

Thanks, Google, for lending a hand.

Robert Siciliano, personal security expert contributor to Just Ask Gemalto, discusses online banking security on CBS Boston. Disclosures