A developer at Twilio, which helps developers add calls and text messages to their applications, claims he’s found a security hole in Virgin Mobile phones. The security hole could allow hackers to intercept calls and text messages, lock users out of their accounts and buy a new phone with their credit card.
The developer, Kevin Burke, in a blog post said the vulnerability stems from the fact that the wireless carrier requires subscribers to use their phone numbers as their username and a 6-digit number as their password.
“Pretty much anyone can log into your Virgin Mobile account and wreak havoc, as long as they know your phone number,” he said, adding “there is no way to defend against this attack.”
Burke says Virgin Mobile’s setup for subscribers is “horribly insecure” compared with a randomly generated 8-letter password containing uppercase letters, lowercase letters, and digits. He warned a hacker could determine a Virgin Mobile subscriber’s PIN “inside of one day.”
So far, Virgin Mobile has not responded to Burke’s findings. If you’re a BlackBerry user on Virgin Mobile, perhaps reach out and let them know you’d like a more secure password and/or username.
via Huffington Post