Just how easy is phone hacking?

Amid reports of the News of the World cell phone hacking scandal, many mobile users might be wondering if their own phones are vulnerable. How easy is it to hack someone’s phone? Despite the recent hubbub, the news is pretty heartening: with advances in mobile technology have come advances in mobile security. But not all cell devices are free from invasion.

“No system is 100 percent foolproof,” said John Walls, vice president of public affairs with CTIA, a non-profit advocacy organization that represents the interests of the wireless communications industry. “Then again, the systems that are in place are very good and provide high levels of protection for consumers. You have to protect the customer to the best of your abilities — the customer and the integrity of the service is all they have.”

But why would anybody hack someone else’s phone? News of the World reporters performed these tasks to get the story — no matter what.  The hacking procedure went like this, according to The New York Times Magazine: Reporters used a technique called “double screwing,” which involved calling the same number at the same time. The first caller would make the line busy, leading the second caller directly to a voice mail prompt. After entering the voice mail password, the second caller gained access to the person’s messages. According to the Times, simple codes like “1111” would crack it.

But this is not the only way to hack voice mail. Previously, Walls said, hackers could access people’s voice mail by calling their cell phone service providers to ask to set a new voice mail password. If simple codes didn’t work, News of the World private investigators relied on this method to access passwords, wrote the Times. That was before the advent of multiple passwords and security questions. Now, only the customer who has set these codes has the ability to make changes to the voice mail settings, even to the person’s general cell account. Wireless carriers also keep a limited pool of personnel who can access customer information, so as to prevent the information from getting into the wrong hands.

But there are other ways to hack voice mail. Kevin Mahaffey, chief technology officer at Lookout, a San Francisco-based company that develops smartphone security software, explained two behind-the-back techniques.

One involves accessing a person’s voice mail through another person’s voice mail. The two have to be contacts in the same network. By calling one person’s voice mail, the hacker can use a code to bounce to another voice mailbox. The advantage here, said Mahaffey, is that the owner of the phone is not made aware of the hack — just like in double screwing. With a crack at the password, the hacker gets in.

The second involves caller ID “spoofing,” which uses a trick to make a cell phone carrier think that an outside call to a phone’s voice mail is actually coming from the phone itself, as in dialing *86 on your own device to get your  messages. The difference here is that these spoof attacks specifically target mobile users who have not set a voice mail password. Spoof calls provide straight access to voice mail, but if you have a password, this could never happen, said Mahaffey. Mahaffey also said that most mobile operators have fixed this issue, but that nobody knows the extent of this problem today.

Beyond wireless providers, the responsibility to keep the networks clean also lies in the hands of wireless customers. Walls advises that cell carriers use a password-prompted screen lock, which requires that you enter a pass code to get to the phone’s home screen. Also, choose your passwords wisely: don’t pick a password that a hacker can find on your Facebook profile, like your birthday, said Mahaffey. Never store these passwords on your phone, and be sure not to open any SMS messages coming in from unknown numbers, which, Walls said, contain content that, when opened, can install malware and spyware onto your cell.

This adds a new dimension to the hacking problem. Marc Fossi, manager of research and development for Symantec Security Response, said that the recent development of cellphone technology has made mobile devices into small computers. “They’re susceptible to the same attacks that many computers are,” said Fossi.

Mahaffey defines malware, which can affect computers, as software that works with malicious intent. If it’s installed onto your smartphone through a dodgy e-mail or text message, the bug plays a nasty fly-on-the-wall role. It can gather any information that passes through your phone as it flies from app to app. Not only can this include information about your call history and messages, but also financial information if any mobile apps are linked to a credit or debit account, said Mahaffey.

Spyware, on the other hand, falls into a murkier territory. Not all spyware is malware, said Mahaffey, but some of it can be. Spyware works through apps that take any data from your phone, such as contacts, browsing habits, text history and location, without consent. Your information could get uploaded onto an app’s contact list without your approval, for example.

Luckily, there are solutions to prevent this from happening. Be sure to keep your apps up to date. New software that fixes old security flaws can keep hackers at bay. Stay away from e-mails, texts and apps from unknown, untrusted sources. Stay safe on public wifi networks that are not secure by avoiding online shopping or banking. Finally, you can install security software onto your phone that protects you from harm.

“It’s important that we don’t end up in the same position on our phones as we did on the PC,” said Mahaffey. “There’s an opportunity for mobiles to be much better.”

 
SUGGESTED STORIES
  • thumb
    Memorial Day every day
    Beyond the backyard BBQ: Honor and aid those who have served.
  • Fast and too furious?
    Can accuracy and the demand for instant information coexist in the media?
  • thumb
      Steinbeck's Salinas Valley
    John Steinbeck's hometown came to worldwide notice through the Grapes of Wrath. Not all city fathers were pleased by the portrait. Explore what has changed and what remains the same in Salinas.

Comments

  • Kitten1964

    So funny.  I haven’t fallen to the “got to have a cell phone that you’d have to remove surgically”, still have a landline and a prepaid cell phone that is only that, a phone and just for the occasional call.  I hate it, the quality of cell phones still sucks, even those calling me with their fancy 4G network ones sounds like they’re talking in a garbage can.  So old fashioned me can’t have my phone hacked.  Not like “The Emperor’s New Clothes” and doing the same as everyone else.

  • Bbb120

    Kitten1964 — are we supposed to be impressed?

  • tony cool

    well only smart people need a smartphone, get it ???

  • http://www.facebook.com/profile.php?id=1111910437 Huw Hughes

    Will need to hack my
    Canon EOS Rebel T3i, lol

  • Anonymous

    Why would anyone be hacking a dead person’s phone? These people are not journalists. I hope they are brought to court, tried, convicted and jailed for a long time.

    How cruel can a person be? 

  • Anonymous

    i heard about this on All Things Considered yesterday and not only had it never occured to me before, it is actaully frightening how easily this could be done: http://michaelmaczesty.blogspot.com/2011/07/skin-deep-security.html

  • beau

    smart phone is for those have no imagination but just want to twaddle with his fingers and thumb like a kid all the time

  • beau

    smart phone is for those have no imagination but just want to twaddle with his fingers and thumb like a kid all the time

  • http://www.ringcentral.com/voicemail/index.html Voicemail Number

    This is quite alarming, the voicemail definitely needs to be secured in order not to get hacked by a certain someone…

  • John Fogelberg

    What a bunch of bologna…the guy whose cell phone got hacked into last year…exposed everything in his cell phone… to the world. He knows why it got hacked into as well…because he as an average size…puppy. Verizon…he will be suing!

  • http://www.facebook.com/people/Joe-Detracktor/100003181462101 Joe Detracktor

     Search youtube for detracktor for a solution to cell phone spying, hacking, eavesdropping, stalking and tracking.

  • http://www.facebook.com/people/Joe-Detracktor/100003181462101 Joe Detracktor

     Search youtube for detracktor for a solution to cell phone spying, hacking, eavesdropping, stalking and tracking.

  • Detox666

    Hacking keeps an aura of omnipresence in the world of fools……cracking directly proportion to the hacking is a good task to develop and steal data from the other malicious fraudster crackers.keep the technology revolving….its a new era…