Is it possible to remotely "hack" someone's cellphone and download pics from it?

Re this story below the claim is that someone “hacked” her cell phone and made it send them some private pics on it that she had taken. I did not think it was technologically possible to remotely take control of a person’s cell phone like this. Is this a credible claiim?

Miley Cyrus Got Violated

While I couldn’t give a flip about this tart, you got me interested in the tech. I wouldn’t think anyone could access your phone from, say, across the room, but some phones have accounts linked to them where you can upload photos. It would be easy for someone to crack the password to that. But one website claims this girl emailed them to someone a year ago and someone got ahold of them since.

Technically, it is possible. For any mobile operating system that you can develop and install 3rd party software applications (e.g. Windows Mobile, Palm OS, RIM OS, Symbian, Linux) you can technically write an application that allows access to the device remotely or sends out information from the device.

For example, look at this FTP server for Windows Mobile that allows you to access any file on the phone from your desktop browser:

The more difficult part is actually getting access to the device in order to install such 3rd party software. If you have physical access to the device, this is a trivial thing to do. Without physical access to the device, security vulnerabilities can be exploited to do some level of hacking.

For example, there was a vulnerability in the iPhone Safari web browser that allowed a remote hacker to take control of the iPhone (however, no known attack in the wild was reported because the vulnerability was fixed in a security update):

It’s very possible. There was quite a big issue with the Sidekick being hackable a couple years ago and I have no doubt issues still exist. Frankly as more phones become internet capable and more users start browsing the web and running apps on them it’s only going to get more common.

Here’s a detailed explanation of how the iPhone vulnerability worked:

When the iPhone’s version of Safari opens the malicious web page, arbitrary code embedded in the exploit is run with administrative privileges. In our proof of concept, this code reads the log of SMS messages, the address book, the call history, and the voicemail data. It then transmits all this information to the attacker. However, this code could be replaced with code that does anything that the iPhone can do. It could send the user’s mail passwords to the attacker, send text messages that sign the user up for pay services, or record audio that could be relayed to the attacker.

The instance of this I have seen (a tech show on TV) was what the victim was invited to download a picture from a second persons phone, and while this connection was active, the second person stole pictures from the victim’s phone. So, it was more like trick thiefery than hacking, abusing a legitimately established connection between the two phones.

There are Bluetooth vulnerabilities as well, and third party apps to exploit them to the fullest.

Dunnow about purposeful hacking, but one of my coworkers has all his fancy little machines set to synch with his computer. The other day I gave him some files using my pen drive, and the pen drive helpfully came back with all the music from his ipod, plus the pics from his phone.

I promise my pen drive didn’t hack anything! It was his computer that was too helpful.

There have been posts on Slashdot (so take it with a grain of salt), that not only can a phone be taken over remotely, the phones can be reprogrammed, remotely, to look like they are still off. So yes, with proper access one could take pictures from another phone, place pics in the phone, alter anything stored in the phone, and turn the phone into a live mic. Oh and use it as a tracking device. Highly concerned/paranoid people take the batteries out of their phones whenever they don’t want to be monitored. And of course the Gov’t solves the problem by simply not allowing people to bring phones in to classified areas.
Remember, phones are powerful computers with their own built-in radios. And the phone companies designed them (OK, had them designed) for the company’s benefit, not the privacy of the user.

It’s remotely possible, I suppose.

Paris Hilton is reported to have had her phone hacked as well.

Undetermined veracity as far as I’m concerned, she may have sent them out herself as a publicity ploy. But the report is there.

it is most definitely possible