Hacking smartphones with ease
Many of us carry almost every detail of our lives on our phones - so how secure are we from those who might want to know what we're saying and doing on the move? We know how insecure the voicemail of some famous folk turned out to be a few years back; surely today's sophisticated smartphones are much less vulnerable?
I've been conducting an experiment with a company which offers to protect the phones and e-mail accounts of high-profile individuals - not, I hasten to add, because I fit either category but to find out how vulnerable all of us with modern mobiles might be.
So I challenged Tom Beale of Vigilante Bespoke to do his worst with my iPhone 4. First, I asked him to get through the initial layer of security, the passcode on the front screen. There's a well-known method for this, which Apple keeps trying to patch, but it proved a matter of moments for Tom, who was soon looking at my contacts.
This is obviously worrying if you lose your phone; in that case, there is a way to remove everything on it remotely. And Apple points out that its latest software update for the iPhone, released on Monday, has now fixed this problem once more.
Of greater concern was what Tom showed me about the danger of connecting to wireless networks on the move.
He and a colleague used a netbook computer to set up a wireless access point. They called it "BTOpenzone", a network my phone and many others look out for and join. I watched as they showed me a range of devices in their office in London's Soho looking at the network - including my phone.
Tom explained to me that any mobile, when not connected to wi-fi, transmits what he called probe requests looking for networks which it has used previously. "Probe requests are essentially a loud shout - is there any wi-fi access point near me with the name 'BTOpenzone'?"
My phone then connected to the access point - it was dumb enough just to check the name, rather than comparing the address with others it had previously used.
"Once the device is connected to our access point," Tom explains, "its user is able to browse the web as normal. Unbeknown to them, the web traffic is being transmitted through our computer. The program examines the traffic between users and websites, looking for data containing cookies."
Among my cookies - the small pieces of code which smooth our path to frequently-visited sites - was at least one for Facebook. Within seconds, Tom had access to my account on the social network: he didn't have my password, but the cookie allowed him to masquerade as me.
My attackers could do whatever they liked: change my status, read through my contacts and so on.
They then moved on to the final stage of the demo, using a program they'd written to send me a spoof text message. Having spotted my wife's phone number on Facebook, they sent a message which popped up on my phone appearing to come from her. In the wrong hands, of course, such a program could provide scope for all sorts of mischief.
I should stress that while we used an iPhone for this experiment, other smartphones are equally vulnerable to these kinds of attacks.
So what should we learn? Obviously, it's not a good idea to leave your valuable phone lying around, or to respond to texts from friends which seem out of character.
The main lesson must be how insecure you can be if you sit in a public place and go online using an open network. I'd heard about Firesheep, a tool demonstrated recently as a warning of the dangers of open networks and unencrypted cookies. But sitting and watching as your entire life - or rather your social-networking life - is laid bare is very sobering.
Facebook sent me this statement about the security issues this demonstration appears to raise:
"Facebook takes the security of people using the platform very seriously. We advise people to be very careful about the information they access or send from an unsecured public wireless network. We're working hard to make Facebook the safest platform online, and are currently investigating how to best roll out more secure login processes, including SSL, that will enable people to use Facebook on unsecured wi-fi networks with total peace of mind."
But Facebook is just one of many services whose mobile users are vulnerable to the kind of attack we've demonstrated. So, better safe than sorry: from now on I will be switching off the wi-fi button on my phone whenever I leave the security of my home or office network.