All the sessions from Transform 2021 are available on-demand now. Watch now.


Virgin Mobile could be sitting on a security time-bomb.

So says developer Kevin Burke, who claims that the carrier’s poor web security standards expose its customers’ data to attack.

The heart of the vulnerability lies in Virgin Mobile’s six-digit PIN password system, which Burke says can be breached via basic brute force tactics.

This is where the real trouble arises. Once hackers gain access to accounts, they can wreak havoc by snooping on SMS and call records, changing account passwords, and even buying new phones.

While these are serious security problems in their own right, the more worrying thing is that Virgin Mobile doesn’t appear to be taking them very seriously.

In the post, Burke details his lengthy history of contact with Virgin Mobile, which culminated with a collective shrug from the company.

“I reported the issue to Virgin Mobile a month ago and they have not taken any action, nor informed me of any concrete steps to fix the problem, so I am disclosing this issue publicly,” Burke writes.

With security breaches popping up left and right this year, it’s amazing that Virgin Mobile’s stance on the concerns hasn’t been more proactive.

But what’s more amazing is how easy it is to fix the security issues. Burke recommends, for instance, that Virgin Mobile simply allow users to create more complex passwords and employ two-step verification.

Still, in spite of the increasing media coverage, company reactions to the allegations have been tepid. “We are reviewing the systems we have in place and conducting audits to ensure our standards are being met, including for Virgin Mobile,” a spokesperson for Virgin Mobile parent company Sprint told Wired.

In matters of security, it seems that Virgin Mobile customers are on their own.

“Unfortunately, perfect security does not exist on the Internet, and therefore, Virgin Mobile makes no representations or warranties with regard to the sufficiency of our security measures,” Virgin Mobile’s privacy policy reads.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member