IT SOFTWARE & APPLICATIONS | IT HARDWARE & INDUSTRIAL COMPUTING | SECURITY & SURVEILLANCE

Smartphone users at risk of phone hacking

Let us get you 3
Quotes
"An excellent buying service"
Also get quotes for
Your phone could be a hacking risk, according to researcher.
Your phone could be a hacking risk, according to researcher.

Smartphone users who remotely check their emails are at risk of online hackers gaining access to their devices, ECU researcher Peter Hannay has found.

Hannay’s new research has found a way to hack in to people’s smartphones by impersonating a Microsoft Exchange server, gaining access to their private information or completely wiping the data from their phone.

A Microsoft Exchange Server is used on many smartphones to check emails. It is the mail server for Microsoft Windows which combines email, calendars and contacts into one system.

"Microsoft Exchange has an interesting relationship with its clients - it demands control over mobile devices through passwords, remote lock out and remote wipe functionality. People hand over the control of their phones to the server, which can then be easily hacked," Hannay said.

Conducting a series of tests at ECU’s secau Security Research Institute, Hannay was able to impersonate a Microsoft Exchange server, acting as a makeshift man-in-the-middle.

Using the makeshift server, he manipulated the relationship between smartphones and Microsoft Exchange, hacking into a phone, gaining access to private information and deleting all data. .

The flaw, Hannay believes, is the way in which the Microsoft Exchange is set up.

"When emails are synced to your phone you accept the conditions via an initial prompt," Hannay said.

"Thereafter, whenever the server sends updates or amendments to the phone they are accepted without awareness or permission from the user."

This research is only the start of further investigation in to man-in-the-middle attacks, leveraging Microsoft Exchange against poorly constructed smartphones.

"At the moment we have a lot of trust in the Microsoft Exchange server. We put faith in them to look after all our data," Hannay said.

"Initial findings show that the relationship is not at as secure as first thought, putting many of us at risk of attack without even knowing.

"Manipulating the system was really simple to do, which is what I find most disturbing." 

The research is part of an ongoing investigation into the flawed relationship between servers and mobile devices, conducted by Hannay and the team at the secau Security Research Institute.

Get 3+ quotes so you can compare and choose the supplier that's right for you

    Connect with related suppliers

    Cantilever Racking Pallet Racking Temperature & Humidity Sensor

    Connect with related suppliers

    Cable Racking Cantilever Racking Pallet Racking Tyre Racking Food Racking Trolley Pallet Racking Bund Pallet Racking Protectors Shuttle & Satellite Pallet Racking ... Temperature & Humidity Sensor
    Smartphone Thermal Camera Jacking Beam Circuit Breaker Racking Unit