Wednesday, July 13, 2011

Vodaphone Hack

If you follow mobile phone security (or haven't been on vacation), you've read about THC's Vodaphone hack by now. Although I shouldn't be surprised, it continually astounds me how companies make such poor security design decisions. Of course, then I realize that this was not a design decision as no security expert could have been consulted on this design. Perhaps Vodaphone rushed the product to market.

Having watched a Fortune 500 company, which believed in security, lift its internal process to begin to match the onslaught of outside hacking, I can tell from the outside that Vodaphone has little or no internal security process. Despite any rhetoric and PR, they do not care about security, their customers or quite frankly their shareholders.

Security is complicated and it takes trained professionals to ensure a product's security and safety. However, this type of problem could have been prevented easily - who stores an administrator password inside their systems and distributes them to customers?!

I can't believe we have to close our eyes, hold our noses, cross our legs and hope these companies know what their doing. I always had philosophical problem with the White and Grey hackers who published their attacks. However, very few folks have the talent or knowledge to understand the complete and utter lack of security inherent in their consumer devices. Someone has to watch out for us.



THC's Wiki for tracking this project can be found here.