Thursday, 7 July 2011

Mobile Phone Hacking

There's a furore about mobile 'phone hacking by agents of the News of the World.  What reports do not make clear is that none of this has been tapping according to its usual meaning of covertly listening in on telephone conversations.   What's happened, at least in every case that's been reported so far, is that voicemail messages have been illicitly accessed.

Once you have a 'phone number there are two ways to get unauthorized access to its voicemail.  One way is to discovered the 4-digit passcode usually used for security.  In the past mobile 'phones had a default passcode, which many users never changed - this has been abolished by most or all providers in the last few years.  Or users may choose an easily guessable passcode, or it may be possible to persuade the service provider to reset it for you (date of birth, mother's maiden name: this sort of check is not very difficult to defeat).  The other mechanism is that many mobile 'phones allow you to turn off passcode checking for when you call the 'phone from itself.  This relies on caller ID to determine the number you're calling from.  And caller ID is quite easy to spoof - various websites offer this as an inexpensive service.

I'd advise anyone to assume that voicemail messages are not private.  (I hate voicemail anyway.  I almost never listen to it.  If you want to tell me something when I'm not there, use SMS or email.)

Incidentally, I was watching the Tour de France yesterday when an advert came on promoting a product that spies on SMS messages.  I believe that this is software to be installed on an internet-connected smartphone, which thereafter sends information including SMS messages to a website where you can see it.

No comments:

Post a Comment