How Are Celebrity Cellphones Hacked?
Huffington Post reported
Celebrities are a perfect target for hackers -- they're highly visible, spend lots of time on their smartphones and they know next to nothing about security. It's no wonder they're often victimized by hackers -- from lone hackerazzis like the alleged Christopher Chaney to hacker groups like the Anonymous offshoot 'Hollywood Leaks.'
But how do these hackers actually hack a cell phone?
Many people seem to think it requires a great deal of computer skill to hack a phone; that you have to be some type of hacker mastermind. But the reality is, it's not that hard.
Here are a few ways:
# 1 -- Physical Access to the Phone -- Obviously, if a person can get physical access to a cell phone, even for a few seconds, it's game over. The person can clone it, place a remote spying tool on the phone or download the pictures and information directly to their own account.
TIPS -- Make sure your phone has a strong password lock to prevent unauthorized access. Sign up for a mobile phone recovery service -- like Where's My Droid, Find My iPhone, McAfee's WaveSecure, etc. -- that offers GPS tracking, remote freeze and remote wiping in case the phone is ever lost or stolen.
#2 -- Hacking Email, Twitter and Apps -- Most celebrities are hacked through email, Twitter and other accounts that they use on their phones. This is what happened to Scarlett Johanson, Kreayshawn, Mila Kunis and Christina Aguillera, among others -- and it may also be the reason for the more recent hacks on Heather Morris and Christina Hendricks.
Hackers get in by guessing a weak password or bypassing the password altogether by answering a series of cognitive security questions such as mother's maiden name or what high school they attended. This technique is what is alleged to have been used by Chris Chaney and Hollywood Leaks.
To beat a password, hackers can use special password cracking programs that attempt to "dictionary attack" or "brute force" the account, or they can simply do their homework on the celebrity and use that to guess the passphrase or security questions. Once the hacker gets in to one account, especially email, he can use it to get into other accounts (for example, request the Twitter password reminder be sent to Gmail or other web-based email account).
TIPS -- Use a unique password for each online account. Make sure it's at least 10 characters long and doesn't make up a real word -- use letters, numbers and symbols. Give fake answers to the security questions to make it hard for others to guess. To be extra safe, consider using "two-factor authentication" and PGP encryption with the email account as well.
#3 -- Social Engineer the Phone Company -- In 2005, hackers stole nude pictures of Paris Hilton by getting access to her T-Mobile Sidekick II, a precursor to today's smartphones. How did they do it? They impersonated a T-Mobile support tech over the phone and tricked T-Mobile employees into giving them access to the carrier's intranet site that contained a list of user accounts, which allowed them to reset the password to her account and steal photos and contacts. Today, there's still a risk hackers could reset accounts or permissions by conning the phone company, but it's more likely they'll simply target a person's accounts directly online.
TIPS -- Check your online phone accounts periodically to make sure there haven't been any unauthorized changes.