open mike:

There have been several reports of "virus" exploits in cell phones, and there's been quite a lot of discussion about it for a few months now. Early exploits were associated with a single cell-phone OS, but unfortunately it was one that's widely used in a number of phones. At least one virus form exploiting another OS has been found. The usual with these is that the individual phone, or some functions on it, are disabled. You take the phone in and get the OS reloaded.

Several sensationalized reports about celebrities (e.g. Paris Hilton) having their cell phones "hacked" have been simply cases where the persons involved "didn't bother" to set a password for access to their messages, phonebook, and account data. If you don't set a password, anyone that knows your phone's account number can "hack" (saracastic euphemism) your account to get your phonebook and harass your friends. Especially if they're famous, they'll get pissed, so you blame it on hackers instead of admitting you were stupid. (They can get the account number by any number of trivially simple methods, since it's essentially public info. A password isn't public.)

Past warnings about "incautious" use of wireless "hotspots" have reappeared recently, due to a few newer "exploits" found. (A "hotspot" is a point at which a wireless equipped computer, usually a laptop or pocket device, can tap into someone's wireless network and hitch an illicit "free connection" to the web. There's an active "sport cult" that spends time looking for "open wi-fi" hotspots and marking, with graffiti on the buildings, where they are so that others can use them.) Warnings a month or so ago were specifically directed at Londoners, but recent ones have been more general.

Legal wi-fi ports, like the ones found at hotels/motels, bookstores, and coffee shops, can also be compromised by the same or similar methods.

If a person, usually with a laptop, mounts a port with a sufficiently strong signal nearby, they can spoof your connection so that you go through their machine where they can read your stuff. Usually they just pass stuff through to the real port to make it look like a legitimate connection; but they can read and/or record your web activity to extract passwords or other personal stuff.

Of course the real server can sometimes be hacked to make it install malware on your computer, usually a keystroke logger or a worm that attempts to gather passwords or other specific personal data. The criminal can then get a "dump" of what's been collected the next time you hook up.

A Boston College student was found fairly recently with a couple of thousand credit card numbers for students and professors, collected via the wi-fi port at the student union. The school said it was just a prank, but the F.B.I. found a few thousand dollars worth of fraud. I don't think he's gone to trial yet, but he will.

Any time you use a potentially insecure connection, you should be careful not to send anything you want to keep secret. If you need to send personal data, you should always use a "hard-wired" connection via a trusted entry point. If "unknown persons" can access the port at the same time you do, they can access you and your data.

John