Phone hacking generally means the access of voice messages held by the phone service on their servers. This is done without accessing the physical phone handset. The hack relies on many people not changing the default pin number on the voice message service, or using a simple to guess pin. To make it easier for the hackers service providers did not lock the message box if the pin was enter incorrectly a number of times.
Always change the default pin number. And try to make it something difficult to guess.
In the UK phone hacking came to prominence during the scandals in which it was alleged (and in some cases proved in court) that newspapers were involve in the accessing of mobile phone voicemail messages of the British Royal Family, other public figures, and members of the public.
Fixed Line Phone Hacking
It is a type of hacking in which by intercepting a phone line you can listen the ongoing calls. This one of the most common and old method of hacking. Line hacking is done by placing a recorder on the physical telephone line, placing a short range transmitter.
Mobile Phone Hacking
After telephones were out, mobile phones took their place but the hacking of calling devices never changes. This is done by installing software on the phone to provide the functionality that is remotely access. The phone user is not aware of the operation of the software. Information is send using the phone data capability and is not readily identifiable from the phone bill.
Another approach is call bluesnarfing, which is unauthorize access to a phone via Bluetooth. This can only be done by someone close to the mobile phone due to the short range of bluetooth.
Guarding against unauthorised voicemail access
Security of any device is a compromise between ease of use and security. Generally the easier to use then the less secure. Many electronic devices, such as mobile phones, the ease of use is a prime consideration. Security is an ‘inconvenience’ that the user does not want.
The password is the weakness in the security of voicemail systems. Mobile phones allow access to voicemail messages via a fixed line telephone, requiring the entry of a Personal Identification Number (PIN) to listen to the messages. Many mobile phones are supply with a factory default PIN which not all voicemail systems force to be change on first use. These default numbers are available on the internet. You MUST always change the default PIN / password.
We all have many PINs and passwords. There is a temptation to make them all the same. Do NOT. If one PIN / password is discovered it would give someone access to other services / accounts belonging to you if they were the same.
Although it is inconvenient to have multiple PINs never use the same PIN on two services. Be honest do you have all your credit / debit card PINs set the same? If yes, then now might be a good time to change them to different numbers.
Can suppliers do more?
There are a number of actions that suppliers can take:
- force change of PIN when voicemail service is activated
- disallow common PINs such as “1234” and “0000”
- force longer PINs of more than 4 digits
- lock an account when the PIN is entered incorrectly a number of times
Some mobile phone companies are tightening their security. However there is a reluctance as many users do not like the inconvenience of security.
Legality
Phone hacking is a form of surveillance, and is illegal in many countries unless it is carried out as lawful interception by a government agency.
In the UK phone hacking is an offence under the Regulation of Investigatory Powers Act 2000.