Paris Hilton's Sidekick hack - Could it happen to you?

Indeed many of you have heard about the infamous hack of the famous petite princess! After reviewing a few online news articles about how her phone/mini-computer was hacked it seems one thing kept popping up! She was using one or two of the following (according to which articles you believe)...

1. A weak password in general or
2. A weak password for the secret question asked in case you ever forget your password!

We have dubbed the first #1 and the latter #2 on the exploit list that was typed up long ago by myself! Her little pet Taco-Bell breed dog is well known and it was only a matter of time before someone attempted a stunt like this. Most referring to that little chew demon's name turned out to be the password or question answer if I'm reading articles right! With a sidekick like him who needs public enemies?

[The 'hack' explained in more detail]
Paris Hilton carries on her a T-Mobile device known as 'Sidekick'
http://www.t-mobile.com/zaaz/1/51/tmo_sidekick_family_72dpi.jpg
This device is wireless and does allow for 3 POP3 emails to be setup for each user. More details on this cellphone/mini-computer can be found here...
http://www.t-mobile.com/company/pressroom/pressrelease51.asp
As with many other cell phone providers T-Mobile allows for users to sign up accounts online for more features than the cell phone alone could provide. This might be to save emails on a larger server, save pictures, download new screensavors, midi call tunes and the like. And as with most online account setups the so called 'My Page' account page requires several bits of information to set it all up. Mandatory for any such account is usually an online handle and password. But many sites also allow to setup a password retrieval question and answer. When you forget your password you will be prompted for the answer to the question - Only the person who owns the account should know the answer. Access to the answer allows anyone to change the password and thus enter into the account. Once signed in they probably have full access to your phone and information on it.

As for Paris this was the question that she had set forth! This is one of the default questions commonly asked on many such Q + A retrieval setups!

Q. What is your pet's name?
A.

So how does one better secure themselves?
AIM clients - How to put the lockdown on security! Or any other account for that matter!
http://www.bigblueball.com/forums/showthread.php?t=20827

Please note this was something that could have been prevented. The phone is indeed wireless but was not subject of what is known as 'Bluesnarfing' hacks. However such a threat exist today - If using a 'Bluetooth' device disable it when not in use. The ability to use POP3 email further complicates matters - Viruses and spam will no doubt start popping up in cell phone inboxes everywhere. And this is not limited to text emails but vulger and inapproiate voicemails as well. Lastly the threat of SPIM also can wreck the day for that user who has the AIM client or other Instant Messenger installed in their celluar device. SPIM = Instant Message Spam!

Stay safe and best reguards,
Mikk Auður

 

Hey Mako, Nice thread. I saw this type of cell phone hacking being demonstrated on tv. They of course did their over the air cell phone hacking at the grammy awards.. Very interesting. It goes to show you one must not take passwords and privacy forgranted (there isn't any).

aka Argonaut