Notification Center

This is our new notification center. Inside, you will find updates on the most important things happening right now.

Notifications

Hmm, push notifications seem to be disabled in your browser. You can enable them from the 'Settings' icon in the URL bar of your browser.

www.phonearena.com

Virgin Mobile accounts at risk of password attacks

0
Virgin Mobile accounts at risk of password attacks
Given the news lately of how customers’ personal data is handled and hacked, this development is not so refreshing. Using an “online attack” model, a developer was able to hack into his own account, and then later log-in as a customer with no lock-outs.

The issue is the authentication that Virgin Mobile USA uses. First, Virgin requires that you use your phone number as your username. Second, your password must be a 6-digit number, which means there are only one million possible combinations.

Kevin Burke is the developer who was able to force his way into his own account by writing a simple script, and have it hammer away at the Virgin Mobile site. He was successful in just a few hours.

Customers that log in are able to view call and SMS log data, change ESNs, purchase equipment, change personal data and PINs. Due to the nature of the passwords involved, there is no surefire way to protect against these kinds of forced entry attacks.

To keep it in perspective though, because the attack must happen online, it is comparatively time consuming and therefore may not be a priority exercise for the “money-hungry” hacker. However, it is certainly not a pleasant possibility if the attacker has a more personal motivation. Sprint owns Virgin Mobile USA and stated that it is conducting audits to see if everything is working as designed, and later indicated to Burke that appropriate people have been notified with no further action expected.

Even if everything is working though, it seems pretty antiquated to have such a predictable log-in design and low-tech 6-digit PIN for password protection.

sources: Ars Technica, Kevin Burke via The Verge

New reasons to get excited every week

Get the most important news, reviews and deals in mobile tech delivered straight to your inbox

FCC OKs Cingular\'s purchase of AT&T Wireless