An entertaining and informative take on mobile phone hacking
Vijay Mukhi
2014-09-02-The_Gateway__September_2_to_8_FinalVijay Mukhi is an IT expert as well as a world-renowned writer and has taught at prestigious universities like the Institute of Chartered Accountants of India. A student of VJTI, he is an authority on the cyber world and is one of the pioneers of the Indian IT industry today.
After thanking the Programme Committee head, Rtn. Nanik Krupani, for the invitation, Mr. Mukhi, in good humour, pointed out that he would not be addressing the audience but giving demonstrations that would prompt one to think twice before using mobile phones.
He began by asking a Rotaryanne to make a call using his phone and on taking it back redialled that number, which connected to his phone. He explained, “Android phones don’t need to write a virus anymore. The entire code of the phone is available. All that I did was change the code so that whenever you call anyone from this phone, it won’t call that person, but me. Why do we need to be worried? There is no virus on this phone so there is no antivirus either. You may have the world’s best antivirus, but it simply isn’t going to get caught.”
He then moved on to his next demonstration which was a program called ‘Spoof Card’. “I have sent an SMS to this lady in the audience which reads: ‘I owe you one crore rupees. Please confirm receipt by SMS’. She replies saying, ‘Confused and yes’, instead of ‘Yes, I agree’. Now, if we were to ask a lawyer in the audience who owes whom, he would say the lady owes me and I can go to the cops and convict her. So she becomes the hacker who changed it and I have witnesses to prove it at the police station.”
Leaving the audience impressed and worried at the same time, he further explained, “My point is, do not blindly believe anything that is electronic. We spend our lives with technology and have business deals over the phone. Emails are easy to hack but text messages are even easier. A cell phone is enough evidence for an arrest today; it can serve as a witness. This happens because on android phones, you decide the content of the message entirely. On a Nokia or Apple phone, you don’t have that flexibility.”
Every phone carries a unique IMEI number and standard GSM phones have three numerical entities. The IMEI number, the sim number and finally, the phone number. He demonstrated how one can also manipulate this by asking a member to share his IMEI number, which he changed to ‘Vijay Mukhi is a fool’. This means when you go to court and have to prove which phone did what and the service provider asks for the IMEI number, this is what you will show. I didn’t change the actual number; just the text displayed. If you go to court and say that the phone did what it did, no legal sanctity would remain and it cannot be used as evidence anymore.”
Delving further into the legal aspect of these hacking systems, he spoke about the concept of Call Data Record and how easily it can be corrupted. He explained, “The police usually go to the service provider and ask for the Call Data Record. It takes at least two weeks for CDR to process which means you may have to spend that time in jail. I have spoken to CEOs of most telecom companies and they have told me, off the record, that when you receive a call, there’s something called a header which carries the phone number. None of these companies actually check if the right person is calling or if the number they have entered is being dialled. This is why we have a problem with technology. It is very easy to misuse and we are not doing anything about it.
The telecom network has multiple security concerns today, especially concerning international numbers and how one stands to lose money just by receiving calls. “Skype allows you to buy a US number from India so when you answer a call from such a number, you end up paying for a minute which may be 100 times the actual rate. So when you get a call from an international number, don’t receive it unless you know who the caller is. Most of these are premium numbers and have pornographic sources; so, if they are in your log, you can be framed. Most telecom companies don’t stop these calls because they get a share of the premium rate,” he said.
Mukhi was also vocal about his dislike for Iphones and did not shy away from elaborating on the reasons. “Apple does not say ‘it is either my way or the highway’. It says ‘it is my way or no way’. If you want a red phone, they say don’t buy an Iphone. So for a programmer like me, Iphone is a closed system. For you, it is a better phone because no one can hack into it. Although, if you want the most secure system today then go for a BlackBerry because nobody uses it. Its closest competitor is Windows mobile and hackers don’t like programming or hacking into it either because there are just about 100 or so people who use them. Albeit people do try to break into Iphones, it happens only once a month and Apple fixes it. The Iphone is thus the most secure phone around, but if there is any glitch in the telecom network, nothing can be done.”
He also conducted an experiment on a Rotarian’s phone as part of his demonstration. “Let us say he installs a program called Sonal Mukhi World. Once he has done so, I try to uninstall it. Normally, one just presses and holds the app icon and clicks uninstall. But this one cannot be uninstalled. What I did is tweak it to make sure that any app called Sonal World would not be uninstalled. This shows that I could have installed a virus as well. This is just how easy it is!”
Tracking someone using technology is the most difficult thing in the world. Mukhi explains how the anonymity of these programs can be dangerous. “When you receive Skype calls, the numbers flashing on the screen appear as +343 or +4145. Now the same Skype that runs on your computer also runs on your phone, but the problem is you don’t know who is calling and service providers don’t retain this information either. So the program has changed meaning and there is some bug in it.
“Apple phones do not catch viruses, so there is obviously a problem with the software. Please don’t give it for repairing because although they will find three non-existent viruses, they will put in four new ones and remove the first three. Most cyber crimes happen when you give your phone for repair and they add a virus or two. It is the best way to introduce a virus on your machine.”
In closing, Mukhi said that any technology today is very easy to hack into and absolutely no measures are being taken to make it any more secure for usage. “The customer has been rendered gullible because technology has become very complicated. I remember in the year 2000, I worked with the Mumbai police to catch the first hackers. It’s 2014 and the magistrates are not hearing the case anymore. Especially when there are phones worth 3000 rupees in the market, we are going to have a whole new class of people using these and it’s going to get worse,” he concluded.