Independent Developer Reveals Potential Flaw in Virgin Mobile Security

Sep 19, 2012 15:38:03Posted by John Skorick, MyAKA Founder & CEO

Independent Developer Reveals Potential Flaw in Virgin Mobile Security

Mobile security is key to protecting your personal information from hackers, but not all systems are as secure as you might think. For instance, Kevin Burke, an independent software developer recently exposed a major hole in Virgin Mobile's security system on his personal blog. The tech professional claims to have attempted to alert the company to the issue he found, only going public with the information when the company appeared to have done nothing about it.

When a Virgin Mobile subscriber wants to access their account information online, they are required to use their phone number as their username and a six-digit number for their password. Burke points out that this system allows for only 1 million different possible combinations, making it relatively simple for a hacker to write a program to break into a user's account using only their phone number.

To put this into perspective, Burke wrote, "Compare a six-digit number with a randomly generated eight-letter password containing uppercase letters, lowercase letters and digits - the latter has 213,340,105,584,896 possible combinations."

PCMag was able to contact Sprint, the parent company of Virgin Mobile, about the issue, and the spokesperson indicated there have been no reports of account hacks or other security breaches. She also explained that Burke's discovery was taken into consideration by the company.

"It's important to note that there are many different overlapping safeguards in place to ensure our customers' privacy and security, and we have taken steps to further prevent intrusions," the spokesperson told PCMag in an email. "We greatly appreciate Mr. Burke's outreach to the company... His inquiry did enable us to even further secure our customers' accounts."

Whether Virgin Mobile has stepped up its mobile security practices or not, those who subscribe to the company's services may want to keep a watchful eye over their personal information. They can also consider taking other steps to safeguard their mobile privacy. Enabling safety features such as requiring a password to unlock the phone itself can be one way to keep unwanted onlookers from accessing the phone. Individuals can also consider a second phone number to fill out forms, use for business-related calls and otherwise use to interact with anyone who presents a risk. This number is not connected to your personal data, so a hacker won't get very far if he or she tries to find out more about you.