I am not a super-sneaky hacker.
But when I started working in a software company in 2013, my team was the first to implement a feature that would force users to enter their PINs on every call.
It worked like this: We would log into our phone, unlock it, and then a number would pop up asking us to enter the PIN.
As I typed, a countdown would begin counting down until we got the unlock code.
We were able to log in and access all our emails and texts without needing to enter our PIN.
And we could do it at home without having to worry about someone else logging into our house.
When a PIN is stolen, you can’t really access your data.
It’s like being robbed by a burglar, but you can get your phone back.
For my part, I didn’t realise how secure this feature really was until I tried it out on my own phone, and discovered that it wasn’t secure.
So I decided to go back to the drawing board.
In a previous life, I used to work as a security analyst for an IT company in Australia.
We often worked on security audits of the company’s servers, and it was common practice for people in the company to share information about the network to the security team.
One day I was watching a security audit that was being carried out by a company called Sophos, which is part of the world’s biggest IT security company, Sophos Networks.
A colleague was in a meeting and noticed that the computer in front of him was not working.
I said to him, “You’re going to need to be at work the next morning”.
The meeting was going to be a little bit delayed, so he asked me to come in to help.
He said, “Can I come in right now?”
I said, ‘Sure, why not?
I can help you with that problem’.” I came in and he was working on the IT security audit, and he saw my colleague, who was doing an audit.
He went over to him and said, “‘What are you doing here?'”
He said,”I don’t know.”
I’m not even going to talk about the root cause of this.” “
I’m not going to tell you what to do.
I’m not even going to talk about the root cause of this.”
So, he started to explain the problem to me.
He was actually doing an internal IT audit on a piece of software that we use to manage our database.
He had been doing this for a while, and had started to find a bug in the software that caused it to crash and stop working.
He explained the bug, and the reason why it crashed.
“It was a security issue in that part of it that would prevent it from accessing your data.”
So, I said,”OK, well I’ll do it.”
I did it.
It wasn’t long before I started seeing the same issue again.
This time, I started to notice that the software wasn’t working as intended.
It was not being properly audited.
It didn’t support the password protection features I was using to make it secure.
There were more and more security issues and bugs with the software.
The problem was getting worse and worse.
The software would crash, or it would restart, or the phone would freeze.
I was losing sleep over this, because I couldn’t sleep at night.
I tried to get to the bottom of it, but I wasn’t getting any answers.
So what happened next?
I decided that I needed to do something.
I thought, Why don’t I just get the phone back?
And so I did.
I put it back into my bag, and I called my local phone company and asked them to get the company in touch.
And that’s how I found out about the vulnerability.
I emailed the phone company.
And they immediately responded.
They sent me a phone number that they said would be happy to send me the phone.
I called them.
And I asked them, “I need to know exactly what’s going on.”
And I said.
“I’m trying to figure out why the phone is freezing.”
And they told me, “Well, the problem is you’re using a PIN.”
“I’m using a fingerprint.”
And so they explained what the problem was.
And then they said,” Well, this PIN is not valid on this phone.
And it’s a random number.
You can’t get this PIN.”
And, of course, they told them.
The phone company was not happy.
It told me they had no idea what was going on.
But they said, it doesn’t really matter, because you’re not supposed to have a PIN, and so you’ll never have to use one.
And so, I contacted the Australian Communications and Media Authority (ACMA) about it.
And, amazingly, I was able to get an AC