“It’s really interesting to watch a phone number turn into a person’s life,” security researcher Nick DePetrillo told the Los Angeles Times in a report published yesterday. According to Petrillo and fellow expert Don Bailey, the mere digits of your cell phone number can betray your name, your travel itinerary, and your work and home address; it can also allow others to listen in on your voice messages and personal phone calls.
Using “widely available information and existing techniques,” DePetrillo and Bailey reportedly were able to construct detailed files on a cellphone user. Find out how after the break.
As “white hat hackers,” meaning the good guys that hack you to expose security gaps and then figure ways to patch them, DePetrillo and Bailey have learned that by using special software to spoof a call from the target number, tricking the cell phone company into thinking the call is coming from the target’s cell phone: The Caller ID system then identifies the victim’s name for you. As the LA Times points out, a hacker could create their own phonebook of numbers and corresponding identities.
From there, the hacker can then query the cellphone network to discover the location of the phone. Websites such as InstaMapper are openly accessible and free to use. With this, one can hypothetically track and generate a general schedule of your movements.
Moreover, there is always the possibility of malicious applications, which appear to do one thing but in reality can collect private information. For example, security expert Tyler Shields created an application called “TXSBBSPY,” which when installed on a Blackberry, could read text messages, listen to voice mail, and even turn on the phone’s mic at will.
Today, smartphones including the iPhone, Blackberry, and Android devices comprise about 21% of the cell phone market, and often contain sensitive information like other phone numbers, e-mails, and banking information. Nielsen Co. estimates the smartphone to become the new standard by 2011. However, as the smartphone is a recent development, Shields says that we are only living in the “late ’90s” when it comes to mobile security.
The obvious solutions, of course, are to 1) keep your cell phone number private; 2) shield your number with services like Google Voice; 3) use common sense – don’t access suspicious software and links.