Mobile

Virgin Mobile is indifferent to its gaping security holes, says developer

NOTE: GrowthBeat -- VentureBeat's provocative new marketing-tech event -- is a week away! We've gathered the best and brightest to explore the data, apps, and science of successful marketing. Get the full scoop here, and grab your tickets while they last.

Virgin Mobile could be sitting on a security time-bomb.

So says developer Kevin Burke, who claims that the carrier’s poor web security standards expose its customers’ data to attack.

The heart of the vulnerability lies in Virgin Mobile’s six-digit PIN password system, which Burke says can be breached via basic brute force tactics.

This is where the real trouble arises. Once hackers gain access to accounts, they can wreak havoc by snooping on SMS and call records, changing account passwords, and even buying new phones.

While these are serious security problems in their own right, the more worrying thing is that Virgin Mobile doesn’t appear to be taking them very seriously.

In the post, Burke details his lengthy history of contact with Virgin Mobile, which culminated with a collective shrug from the company.

“I reported the issue to Virgin Mobile a month ago and they have not taken any action, nor informed me of any concrete steps to fix the problem, so I am disclosing this issue publicly,” Burke writes.

With security breaches popping up left and right this year, it’s amazing that Virgin Mobile’s stance on the concerns hasn’t been more proactive.

But what’s more amazing is how easy it is to fix the security issues. Burke recommends, for instance, that Virgin Mobile simply allow users to create more complex passwords and employ two-step verification.

Still, in spite of the increasing media coverage, company reactions to the allegations have been tepid. “We are reviewing the systems we have in place and conducting audits to ensure our standards are being met, including for Virgin Mobile,” a spokesperson for Virgin Mobile parent company Sprint told Wired.

In matters of security, it seems that Virgin Mobile customers are on their own.

“Unfortunately, perfect security does not exist on the Internet, and therefore, Virgin Mobile makes no representations or warranties with regard to the sufficiency of our security measures,” Virgin Mobile’s privacy policy reads.