Hilton Phone Hack Underscores Mobile Security Lapses - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Hilton Phone Hack Underscores Mobile Security Lapses

The incident stresses the need for stronger security, says one industry executive, who adds that it raises questions about the security of the servers where mobile phone data is stored.

PARIS — The gory if inconsequential details of how hotel heiress and professional celebrity Paris Hilton's cellphone address book was hacked this week nevertheless generated a buzz among engineers in the mobile phone industry.

The address book in question was stored on Hilton's Side Kick II smart phone, and backed up on a T-Mobile server.

Kevin Kissell, an architect at MIPS Technologies Inc., said he wondered "whether the hackers accessed numbers stored in the phone — a default for most mobiles — or on the SIM card." He also wondered "whether the outcome might have been different if Ms. Hilton had stored her numbers on the SIM."

T-Mobile wouldn't discuss its investigation. A company spokesman, however, suggested that "someone had access to one of Ms. Hilton's devices and/or knew her account password."

Most reports postulated an attack on T-Mobile's server rather than the client. Speculation was based on the fact that T-Mobile's database was hacked last year by 22-year-old Nicols Jacobsen, who pleaded guilty earlier this month.

Nonetheless, speculation was rampant regarding how hackers might have snagged her account password.

Possible scenarios ranged from correctly guessing the name Hilton's dog to the theft of records and passwords stored in her SideKick II. The phone's Bluetooth interface was also cited.

Hackers could have accessed T-Mobile's database using SQL (structured query language) injections, said David Naccache, vice president, research and innovation at Gemplus, based here. By adding SQL to a query, Naccache said it's possible to manipulate a database in ways not anticipated by administrators.

Or, Hilton could have handed her phone to an acquaintance who extracted the information, said Naccache. "You need a key to the door in order to get into a house," he said. "But you can also get into the house through a window." Naccache, a forensic expert, said a hack was possible anywhere between the handset and the network.

Even if the server was hacked rather than the client, Kissell's questions remain valid for chip vendors, SIM card manufacturers and mobile handset companies. All are racing to add security features to next-generation phone and network designs.

Added Mike Yonker, director of Technology Strategy at Texas Instruments Inc., "This incident really stresses the need for stronger security. Consumers have reason to question even the security of the servers where their data is stored at the mobile operator."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

How CIO Roles Will Change: The Future of Work
Jessica Davis, Senior Editor, Enterprise Apps,  7/1/2021
A Strategy to Aid Underserved Communities and Fill Tech Jobs
Joao-Pierre S. Ruth, Senior Writer,  7/9/2021
10 Ways AI and ML Are Evolving
Lisa Morgan, Freelance Writer,  6/28/2021
Register for InformationWeek Newsletters
Current Issue
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll