Virgin Mobile could be sitting on a security time-bomb.
So says developer Kevin Burke, who claims that the carrier’s poor web security standards expose its customers’ data to attack.
The heart of the vulnerability lies in Virgin Mobile’s six-digit PIN password system, which Burke says can be breached via basic brute force tactics.
This is where the real trouble arises. Once hackers gain access to accounts, they can wreak havoc by snooping on SMS and call records, changing account passwords, and even buying new phones.
While these are serious security problems in their own right, the more worrying thing is that Virgin Mobile doesn’t appear to be taking them very seriously.
In the post, Burke details his lengthy history of contact with Virgin Mobile, which culminated with a collective shrug from the company.
“I reported the issue to Virgin Mobile a month ago and they have not taken any action, nor informed me of any concrete steps to fix the problem, so I am disclosing this issue publicly,” Burke writes.
With security breaches popping up left and right this year, it’s amazing that Virgin Mobile’s stance on the concerns hasn’t been more proactive.
But what’s more amazing is how easy it is to fix the security issues. Burke recommends, for instance, that Virgin Mobile simply allow users to create more complex passwords and employ two-step verification.
Still, in spite of the increasing media coverage, company reactions to the allegations have been tepid. “We are reviewing the systems we have in place and conducting audits to ensure our standards are being met, including for Virgin Mobile,” a spokesperson for Virgin Mobile parent company Sprint told Wired.
In matters of security, it seems that Virgin Mobile customers are on their own.
Like this story? Want to learn more? On April 14-15, our fourth annual VentureBeat Mobile Summit will tackle the eight biggest growth opportunities in mobile today. The invitation-only Summit will gather the top 180 executives at the scenic Cavallo Point Resort in Sausalito, Calif., to discuss issues like this. Request an invitation.