Did Boris Johnson’s easily available phone number pose security risk?
Just how much of a security risk is it for a world leader’s current mobile number to have been sitting online, public but apparently unnoticed, for years?
The revelations about Boris Johnson’s phone prompted warnings on Friday ranging from the risk of the prime minister being hacked and surveilled to exposing him to doughty impersonators.
“For a key public figure, being openly contactable is highly undesirable,” said Tom Davison, technical director at the cybersecurity firm Lookout. “At best they could be bombarded with calls, blocking the ability to use the device legitimately. At worst they may fall prey to call spoofing or impersonation, as happened to Tony Blair in 1998, when Jon Culshaw made a hoax call pretending to be William Hague.”
Beyond unwanted calls, Johnson may have faced more serious threats. Text messages are a popular route for hackers to launch phishing and malware attacks, since they can frequently bypass corporate – or state – security teams and get their malicious message directly in front of users. When the number is linked to a known target, Davison warned, “highly targeted messages” can make such attacks hard to spot.
If mobile malware is installed, then potentially everything else on the device is open to attackers. “A malicious app can be used to intercept incoming SMS and email messages, or even send messages on behalf of the user, as well as accessing data on the device or enabling surveillance via microphone, camera and location tracking,” Davison said.
Such attacks would still rely on successfully tricking the prime minister, however, or using cyber weapons so expensive that they could only plausibly come from a state actor. But other vulnerabilities exist at the network level.
One attack, called “Sim-jacking”, can be used to completely take control of a phone number, Natalie Page, a threat intelligence analyst at Talion, said.
“The technique requires an attacker to deceive a phone operator into releasing a code to the adversary, allowing them to switch a targeted mobile phone number, such as Boris Johnson’s, to another Sim, enabling the attacker to take control of the phone number.”
Such attacks have tripled in the UK in the last 12 months, Page warned. “With every corner of our lives now directed to our phones, the tactic presents many possibilities, combined with the reality that phones are now a crucial token for accessing accounts via two-factor authentication, and you have potentially handed over the key to an innumerable amount of privileged accounts.
“For an attacker to compromise a phone number utilised by the UK’s prime minister for as long as 15 years, makes hijacking a phone number such as this one absolute gold dust to all adversary classifications.”
But others cautioned against exaggerating the risk. “If knowing the phone number is sufficient to be a disaster, the control has failed,” said Martin Jartelius, CSO at risk management company Outpost24. “It is similar to knowing the email address of someone constituting a risk for losing your email account.”
For someone like the prime minister, the “sophisticated threat actors” who represent the largest risk would not be deterred by a private phone number. “In the case of Mr Johnson, I would be more worried that large amounts of voters feel a need to voice their opinions,” Jartelius added. The PM apparently felt the same: after multiple reports on Thursday night of members of the public ringing the number, it now appears to have been disconnected.
- Cruise lines could bypass porting from Florida due to vaccination requirements
- Airline passengers fined $20,000 as US agency cracks down on unruly fliers
- Portnoy riffs on ‘$40 million punching bag’ Goodell: Feud started ‘as a joke’; he’s ‘least self-aware’ exec
- A Wandering Tiger Unnerved Houston. The Man Who Fled With It Is a Murder Suspect.
- Pediatricians prepare to vaccinate youngest Covid-19 shot recipients yet
- Rangers Look to Move Past ‘Crazy’ Season
- F.B.I. Identifies Group Behind Pipeline Hack
- Hermansson-Shahbazyan off UFC 262 card
- As Boston Celtics struggle, jersey patch partner Vistaprint takes the long view
- India’s Covid-19 catastrophe could hurt global supplies of medicines, clothing and shoes
Common Symptoms Of COVID-19
The CDC has a collection of nine Roche antibody assays designed to provide rapid results from COVID-19 rapid antigen test. If you are a potential carrier of the human papilloma virus (HPV) and are looking for HPV testing kits for the home, it is important…
Things You Never Knew About The Best Water Purifier
Things You Never Knew About The Best Water Purifier: We all know the importance of having a water purifier at home, but not many people know the things they need to know before buying one. Most of the time, we miss out on the most…
Med hub smart pill, a device for patients having medicines intake in the daily schedule.
Med hub smart pill: The drug prescribed by a doctor will be effective if it would be taken at the right time suggested by the doctor because it is necessary for our healing process. When a patient takes too many medicians in a day also…
10 Best Effective Plants to Fight Pollution – Diwali Edition
Effective Plants to Fight Pollution: Few more months and the most awaited festival of the year will be here. We Indians love our festivals, and the biggest festival of India, especially north India, is Diwali. It is a massive affair here. It generally falls in…