Could your cell phone be hacked?
Until recently, the UK phone hacking scandal, which has engulfed Rupert Murdoch’s News Corporation empire and resulted in the closure of the 168-year-old News of the World tabloid newspaper, was regarded as a problem for celebrities, politicians, and members of the British royal family.
But recent revelations have shown that the phone hacking went far beyond the usual targets of the gossip columns, potentially affecting thousands of ordinary men and women.
The sheer scale of the problem has left a lot of people on both sides of the Atlantic scratching their heads, wondering how a device that they rely on for everyday private communications can be so vulnerable. If it can happen to thousands of Brits, it can happen to anyone, right?
Unfortunately, the answer to that question appears to be yes, according to numerous engineers and security experts who have studied the phone hacking issue.
First of all, the correct description for what has been happening in the UK isn’t really phone hacking but rather voice-mail hacking. Unscrupulous journalists and private investigators have been taking advantage of loopholes in the ID-checking procedures of the phone companies to gain unauthorized access to individual voice mail boxes.
Apparently, some of the UK hackers were just calling voice mail boxes remotely and inputting default PIN numbers, correctly assuming that the real phone owner hadn’t bothered to change the PIN when he or she first set up the voice-mail.
Others were using custom software programs to “trick” the carriers into thinking that calls to access voice mail were coming from the victim’s own cell phone. This technique, known as ID Spoofing, has been around for years and was allegedly used in a much-publicized US celebrity phone hacking episode as far back as 2006.
Although anti-spoofing laws have been passed and many of the phone companies have tightened their procedures, the hackers remain one step ahead of the game. Dave Rogers, a UK-based mobile phone specialist, wrote an exhaustive blog post on the whole UK scandal, and ends up asking whether any form of remote access to cell phone voice mail should allowed, given the obvious weaknesses in establishing authenticity.
In the meantime, US-based cell phone users who are worried about phone hacking can take a few obvious precautions:
- Never leave sensitive information in a voice mail box. Delete messages as soon as you have listened to them.
- Make sure you change your PIN # when you set up your voice-mail box and make a habit of changing the PIN every couple of months. Never rely on the default settings.
- If you have a choice, select a voice mail system that requires you to confirm your PIN #, even if you are accessing your voice mail from your own phone.