The News of the World phone hacking scandal has highlighted just how vulnerable cell phones are to security breaches.
One of the low-tech methods that the tabloid's accused staffers used -- "pretexting" -- involves feeding a customer service representative just enough personal information to reset the victim's voicemail PIN, or personal identification number.
Although the practice is illegal in Britain and the United States, pretexting is relatively easy to do. To access a customer's voicemail remotely on this reporter's wireless carrier, AT&T, for example, a hacker needs to provide only the user's name, the name of the account holder and the last four digits of the account holder's Social Security number.
Not exactly hack-proof.
Many cell phones come with a default voicemail security PIN, such as 1-1-1-1-1-1 (AT&T). But often consumers never change their default PIN or use numbers that are publicly available such as the digits of their phone number or birthday.
Smart phone apps present another set of privacy concerns. App security depends largely on how strictly app stores are regulated.
"At this point we don't know how tight a ship they're running," said Jeff Fox, technology editor for Consumer Reports, of application distribution platforms. He said apps in the Apple App Store tend to contain the least malware since Apple's store is the most tightly regulated.
Jason Hong, an associate professor of computer science at Carnegie Mellon University who studies smart phone security and location privacy, says that smart phone apps present a challenge to consumers since malicious apps occasionally circumvent existing smart phone security measures.
"It's sort of a game of cat and mouse," he said of the struggle between hackers and operating system designers.
Software firms check new apps for malware and viruses, so users are advised not to download unfamiliar apps as soon as they appear online. There's also safety in numbers -- vetted apps by prominent developers with large numbers of reviews and downloads are less risky than lesser-known apps by no-name developers.
While some location-tracking apps are neat -- think Foursquare and Facebook Places -- other apps request more user information than they need to function.
"If you're downloading an app that helps you keep a to-do list and it wants to know your geographic location, I'd be suspicious of that," Mr. Fox said.
Furthermore, be sure to scrutinize permissions that apps request.
"If there's a good reason why they need your information they'll give it to you," Mr. Hong said.
Despite the threat of malicious smart phone apps, the biggest threat to consumers remains losing a phone that has inadequate password protection, Mr. Fox says. But only a fifth of cell phone users engaged in potentially risky activities -- such as online banking, social networking and storing passwords and contacts -- have set up a PIN number to protect themselves, according to a Consumer Reports survey.
Simply using a phone's security features provides a solid line of defense that many consumers ignore, but fewer than a third of users regularly back up their files or download software updates, the Consumer Reports survey shows.
Mr. Fox recommends downloading operating system updates and security patches as they become available and backing up your content either on a computer or in the cloud. If you lose your phone, some providers can locate and lock your phone remotely, and even erase your data, preventing thieves from accessing sensitive information.
"It's really everyone's job to be vigilant about this," Mr. Hong said.
First Published: July 20, 2011, 4:00 a.m.