Information SecurityInternetOnline SecurityPolitics

“Phone Hacking” – What is it, and how can you protect your voicemail from getting hacked?

By July 16, 2011 August 4th, 2013 No Comments

The practice of “phone hacking” has been in the news a lot over the last few years, especially in the last few weeks, and it looks like it’s a story that isn’t going to go away in a hurry. Last weekend saw the closure of the newspaper at the centre of the scandal – The News of the World – and now Rupert Murdoch and his entire News Corporation outfit is under the spotlight more than ever.

But what is phone hacking?

Put simply, the practice which the media has labelled phone hacking involves a scoop-hungry reporter illegally listening to the voicemails of people associated with his/her story, without their permission. This took advantage of the fact that as a mobile phone customer, you can listen to your voicemails from other phones as well as your own. Why would you want to do that? So that if you’ve run out of battery, forgotten or lost your phone, you can still listen to important messages.

How did they do it? And is it really hacking?

Very easily, and it relied on a combination of a flawed system having been put in place by the networks, coupled with the laziness (or perhaps lack of understanding) by the mobile phone user. To listen to your (or someone else’s, in this case) voicemail from another phone you simply need to dial that network’s voicemail number or follow the procedure to access voicemail.

For instance, you might call the mobile number listed on a web site’s Contact page and either hear a stock voicemail greeting or a personalised one followed by a stock message such as “When you’ve finished your message, just press hash!” That voice is instantly recognisable (to anyone who knows what they’re doing) as the Orange lady.

Now you know what mobile network that person is on, so for Orange you dial 07973 100 123 and when prompted, enter in “your” (in the case of “hacking”, someone else’s) mobile number. It’s at this point that anyone reading this article and trying to hack my voicemail will then hit a hurdle. However, in years gone by everyone’s voicemail was set as remotely accessible by default with a pre-set (unless they changed it) PIN of something like 0000, 1234 or 5555.

You’ve guessed it: the reporters just guessed this PIN and then got straight in. That’s all there is to it – nothing clever, nothing technical… just taking what was right in front of them.

To be honest, whilst I totally abhor this practice – especially when they were preying on victims of crime and carelessly giving out conflicting messages to parents – I don’t think it can be labelled as “hacking”. To me, guessing a password correctly or taking advantage of there being no password and calling it hacking is like opening an unlocked door and then claiming that you picked the lock. Don’t get me wrong – it doesn’t make it right… but it doesn’t make it hacking either. To me, hacking means finding a deeper-routed flaw or weakness in a system and then tricking the system into doing something it shouldn’t do, by exploiting that weakness or by fooling it into running your own program or code to reveal information. OK, the shoddy default access settings were indeed a flaw, but I still maintain that finding a front-door with the key accidentally left in it is very different from actually studying the lock, finding its strengths and weaknesses and then exploiting this information to get it to open.

Famously, Gary McKinnon got in a lot of trouble with the FBI for apparently “hacking” into many US Government computers. Naturally, they over-reacted in true American style (possibly in an attempt to wipe the egg off their faces) but if the rumours stating that the password for most of the systems was just “password” are to be believed, then it’s the IT failures that should be in the dock rather than him!

How can I protect my voicemail from being hacked?

So, what can you do to protect yourself? Well, to be honest it seems that the mobile networks have woken up and changed their poorly-thought-out default access settings for voicemails. To be sure though, you should call up your voicemail and set a PIN that you’ll easily remember, and make sure it is set to be requested ANY time you access your voicemail – even from your own phone. That way, if you leave it lying around or lose it an opportunistic thief will not be able to listen to your girlfriend phoning you up to tell you she can’t wait to see you this evening…

The same advice as usual applies when choosing a PIN – avoid easily-gussed numbers such as 1234, but also avoid things like your date of birth or house number. Certainly don’t choose the last 4 digits of your mobile number- that would be an epic fail!

What have the mobile phone network operators done to protect me?

Under the Data Protection Act, the mobile operators have duty to protect your personal information and it could be argued that they failed miserably on this front before. However, it would appear from a little bit of research that all the major networks have now changed the voicemail settings so that unless you specifically turn on remote access to your messages and select a PIN, your voicemails will not be accessible from a phone other than your own.

As mentioned before, though, you should also set your security settings so that a PIN is asked for even when you call from your own phone – this is because the way the networks’ voicemail systems know that you’re calling from your own phone is actually quite a flawed system. Caller ID spoofing means that someone who knows your phone number could set their own phone to give out your number when it makes calls, therefore tricking the voicemail into thinking you’re calling from your own phone and therefore not ask for the PIN. (Now that IS proper hacking!)

Caller ID spoofing may require some expertise and money, but if it’s a big shady media organisation doing the dirty work then don’t expect that to put them off!

Should I worry about phone hacking?

In a word: no. The networks have tightened up their security and you’ll probably be fine. In the words of the BBC’s Rory Cellan-Jones: “Luckily, most of us lead lives so mundane that we are unlikely to find ourselves targeted by the tabloids.” Err… cheers for that, Rory! 😉

What do you think?

We’d love to hear your comments on this topic, especially those on the definition of hacking! Leave your comments underneath.

Paul Freeman-Powell

Paul Freeman-Powell

Paul (@paulfp) is the main presenter of the award-winning Switched On Network YouTube Channel, which covers a variety of interesting topics usually relating to his love of technology and all things geeky. He also founded and runs Innobella Media, where he leads in all aspects of video production, video editing, sound & lighting. A father of 3 children including twins, his hobbies used to include photography, playing the drums and cycling. With a degree in Modern European Languages, Paul speaks French, Spanish and a little bit of Italian, and holds dual British & Irish citizenship.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.