Security and Paris Hilton

How can you use the example of the foolish heiress to spur security awareness for Bluetooth and mobile devices in your enterprise?

Where, oh where, do I begin with this one? There are so many bad jokes that come to mind. For those of you that haven't heard, Paris Hilton apparently had her T-Mobile Sidekick hacked, with the results being that all of the contacts on her phone and all of her pictures, as well as her note pad, are now on the Internet. 

There are a lot of issues that lead me to question the reality of the hack. For example, all of the pictures posted to the Internet are of Paris Hilton, but generally, people with a camera phone use it to take pictures of others. But whether or not the hack is real, it can be used to spur security awareness.

The entertaining nature of the hack aside, this is still a crime that everyone is talking about. Many people are theorizing how it could be done, however no one but the criminal really knows. I hear many "security experts" say that the phone was probably hacked through its Bluetooth connection. But, Bluetooth is not an option on Sidekick IIs, so the experts are wrong.

There was a recent T-Mobile corporate hack that could have been the root cause. Also, the Sidekick is a computer and can run malicious programs that allow a compromise to occur -- it's not out of the question that she downloaded a malicious program. And, it is very possible that someone could have hacked into her home PC that she syncs up with.

At least people are now talking about cell phone security. While it may be days or months until we really know how the hack was accomplished, security professionals should take advantage of the incident. Even though Bluetooth is almost definitely not the root vulnerability of the hack, it is a good time to go to your company and start making them aware of Bluetooth security issues.

More on Bluetooth

Phreaks love Bluetooth
Bluetooth is becoming the vector of choice for next-generation phone phreakers to swipe files from other users, make calls or render mobile phones completely useless.

Bluetooth hygiene for the enterprise 
In the face of bluesnarfing and backdoors, security managers must reexamine their company's Bluetooth deployments.

During the recent RSA conference, I was invited to a private lunch sponsored by Flexilis, a wireless and RFID security firm. The company put on a demo showing that vulnerable Bluetooth devices can be compromised from well over the "10 meter" distance that Bluetooth describes as the vulnerable range. A directional antenna at the demo could hack Bluetooth devices from more than a mile away. If that wasn't enough, Flexis had a chewing gum stick-sized device that can be hidden in a random location and be configured to break into any Bluetooth enabled device that passes within range. It could plant malicious software and do whatever the attacker wants, including download pictures, listen in on all calls made or turn a phone into a surreptitious listening device.

Let everyone know to disable Bluetooth, if they have it, until they need it. For that matter, users should disable any extra features that they don't need or use. And it is a good time to discourage people from downloading free programs from anonymous sites. Additionally, phone software should be updated on a regular basis. The issues are similar for all mobile devices.

While my money says that Hilton's breach is related to the recent T-Mobile hack, it really doesn't matter much. Use all of this exposure to get across an overall security message.

Probably one of the greatest ironies is that the supposed hackers are watermarking the hacked pictures. Apparently they are trying to protect what they consider their intellectual property. I'll let the U.S. Attorney's Office handle that one.

This article originally appeared on SearchSecurity.com.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close