TECHNOLOGY -- July 12, 2011 at 4:29 PM EDT

How Do You Hack Into Someone's Voicemail?

By: Larry Greenemeier, Scientific American

Phone hack; Creative Commons photo courtesy flickr.com/dinomite

Creative Commons photo courtesy flickr.com/dinomite

The scandal that helped shutter Rupert Murdoch's News of the World tabloid and left at least nine News International journalists facing possible criminal charges has brought phone hacking into the spotlight as a means of subversively gathering information for news articles. As investigators study the scope of the problem, including the role phone hacking played in News of the World's coverage of the disappearance and death of teen Milly Dowler in 2002, it's become clear that breaking into someone else's voicemail isn't very difficult.

This, of course, doesn't make phone hacking legal. In England, where the alleged offenses took place, it is a crime to intercept phone calls unless you're a police officer or intelligence agent with an official warrant, which can be granted only to protect national security. News International may also face legal problems in the U.S. under the Foreign Corrupt Practices Act (FCPA) based on allegations that News of the World reporters offered to pay a New York police officer to retrieve the private phone records of victims of the September 11 attacks.

The key to breaking into someone's voicemail is to access that person's voicemail prompt and/or management systems, says Jim Broome, practice manager for enterprise consulting with Accuvant LABS, the security assessment and research division of Denver-based Accuvant, Inc. This can be done in several basic ways particularly if a person's voicemail account has no password or PIN, uses the default password that came with his account (typically 0000 or 1234, or something along those lines), or uses a simple password that's easy to guess, Broome says.

Voicemail prompts can also be accessed via caller ID spoofing. With the advent of caller ID, many voicemail systems have been created that simply check the number calling in and base authentication on that match, Broome says. Caller ID spoofing services like Spoofcard.com allow people to make it appear that their phone number is the same as the digits they are dialing. When the receiving phone recognizes its own phone number, it will often dump the caller directly into voice mail.

Apple apparently isn't amused by SpoofCard and has removed the app from its App Store , although it's still available through Spoofcard.com.

Obviously, setting a strong password (one that is not obvious, such as a birthday) is the primary measure for securing a voicemail account. It's also a good idea to change your PIN every few months. Of course, good luck remembering it.

This article is reproduced with permission from Scientific American. It was first published on July 11.

  • Make a Comment ( )
  • Retweet
  • Facebook
  • Email
  • Share
Beginning October 24, 2012, PBS NewsHour will allow open commenting for all registered users. We hope that the elimination of our moderation process will enable a more organic discussion amongst you, our audience. However, if a commenter violates our terms of use or abuses the commenting forum, their comment will be removed. We reserve the right to remove posts that do not follow these basic guidelines: comments must be relevant to the topic of the post; may not include profanity, personal attacks or hate speech; may not promote a business or raise money; may not be spam. Anything you post should be your own work. The PBS NewsHour reserves the right to read on the air and/or publish on its website or in any medium now known or unknown the comments or emails that we receive. By submitting comments, you agree to the PBS Terms of Use and Privacy Policy, which include more details.

The Rundown offers the NewsHour’s unique perspective on the important events of the day with insights from the journalists you trust. » More

Watch Full Programs
PBS NewsHour Support From: