Column

Security and Paris Hilton

Ira Winkler

Where, oh where, do I begin with this one? There are so many bad jokes that come to mind. For those of you that haven't heard, Paris Hilton apparently had her T-Mobile Sidekick hacked, with the results being that all of the contacts on her phone and all of her pictures, as well as her note pad, are now on the Internet.

    Requires Free Membership to View

Let everyone know to disable Bluetooth, if they have it, until they need it.


,

There are a lot of issues that lead me to question the reality of the hack. For example, all of the pictures posted to the Internet are of Paris Hilton, but generally, people with a camera phone use it to take pictures of others. But whether or not the hack is real, it can be used to spur security awareness.

The entertaining nature of the hack aside, this is still a crime that everyone is talking about. Many people are theorizing how it could be done, however no one but the criminal really knows. I hear many "security experts" say that the phone was probably hacked through its Bluetooth connection. But, Bluetooth is not an option on Sidekick IIs, so the experts are wrong.

There was a recent T-Mobile corporate hack that could have been the root cause. Also, the Sidekick is a computer and can run malicious programs that allow a compromise to occur -- it's not out of the question that she downloaded a malicious program. And, it is very possible that someone could have hacked into her home PC that she syncs up with.

At least people are now talking about cell phone security. While it may be days or months until we really know how the hack was accomplished, security professionals should take advantage of the incident. Even though Bluetooth is almost definitely not the root vulnerability of the hack, it is a good time to go to your company and start making them aware of Bluetooth security issues.

During the recent RSA conference, I was invited to a private lunch sponsored by Flexilis, a wireless and RFID security firm. The company put on a demo showing that vulnerable Bluetooth devices can be compromised from well over the "10 meter" distance that Bluetooth describes as the vulnerable range. A directional antenna at the demo could hack Bluetooth devices from more than a mile away. If that wasn't enough, Flexis had a chewing gum stick-sized device that can be hidden in a random location and be configured to break into any Bluetooth enabled device that passes within range. It could plant malicious software and do whatever the attacker wants, including download pictures, listen in on all calls made or turn a phone into a surreptitious listening device.

Let everyone know to disable Bluetooth, if they have it, until they need it. For that matter, users should disable any extra features that they don't need or use. And it is a good time to discourage people from downloading free programs from anonymous sites. Additionally, phone software should be updated on a regular basis. The issues are similar for all mobile devices.

While my money says that Hilton's breach is related to the recent T-Mobile hack, it really doesn't matter much. Use all of this exposure to get across an overall security message.

Probably one of the greatest ironies is that the supposed hackers are watermarking the hacked pictures. Apparently they are trying to protect what they consider their intellectual property. I'll let the U.S. Attorney's Office handle that one.

This article originally appeared on SearchSecurity.com.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: