Phone hacking is the practice of intercepting telephone calls or voicemail messages, often by accessing the voicemail messages of a mobile phone without the consent of the phone's owner. The term came to prominence during the News International phone hacking scandal, in which it was alleged (and in some cases proved in court) that the British tabloid newspaper the News of the World had been involved in the interception of voicemail messages of the British Royal Family, other public figures, and the murdered schoolgirl Milly Dowler.
Although many mobile phone user may be targeted, "for those who are famous, rich or powerful or whose prize is important enough (for whatever reason) to devote time and resources to make a concerted attack,it is usually more common, there are real risks to face."
Contrary to what to their name suggests, scandals such as the News International phone hacking scandal have little to do with hacking phones, but rather involve unauthorised remote access to voicemail systems. This is largely possible through weaknesses in the implementations of these systems by telcos.
A simple and effective hack against a pabx system is to attempt to call a direct dial number with voicemail and attempt to enter the voicemail features by entering a weak password while the voicemail initial greeting is being played. If the hacker manages to guess the right password, the pabx may have a "call me back" function. The hacker then selects the call back function, but enters a premium rate number for the call back. The pabx calls back the premium rate line, monetising the attack for the hacker. It is important to turn off the call back feature on the pabx, to use strong passwords. Note that automation techniques will then exploit the hack by constantly calling the compromised voicemail and entering the premium rate number ad-Infinitum.
Since the early days of mobile phone technology, service providers have allowed access to the associated voicemail messages via a landline telephone, requiring the entry of a Personal Identification Number (PIN) to listen to the messages. Many mobile phone companies used a system that set a well-known four digit default PIN that was rarely changed by the phone's owner, making it easy for an adversary who knew both the phone number and the service provider to access the voicemail messages associated with that service. Even where the default PIN was not known, social engineering could be used to reset the voicemail PIN code to the default, by impersonating the owner of the phone during a call to a call centre. Many people also use weak PINs that are easily guessable; to prevent subscribers from choosing PINs with weak password strength, some mobile phone companies now disallow the use of consecutive or repeat digits in voicemail PIN codes.
During the mid-2000s, it was discovered that calls emanating from the handset registered against a voicemail account were put straight through to voicemail without the caller being challenged to enter a PIN. An attacker could therefore use caller ID spoofing to impersonate a victim's handset phone number and thereby gain unauthorized access to the associated voicemail without a PIN.
Following controversies over phone hacking and criticism that was levelled at mobile service providers who allowed access to voicemail without a PIN, many mobile phone companies have strengthened the default security of their systems so that remote access to voicemail messages and other phone settings can no longer be achieved via a default PIN. For example, AT&T announced in August 2011 that all new wireless subscribers would be required to enter a PIN when checking their voicemail, even when checking it from their own phones, while T-Mobile stated that it "recommends that you turn on your voice mail password for added security, but as always, the choice is yours."
An analysis of user-selected PIN codes suggested that ten numbers represent 15% of all iPhone passcodes, with "1234" and "0000" being the most common, with years of birth and graduation also being common choices. Even if a four-digit PIN is randomly selected, the key space is very small ( or 10,000 possibilities), making PINs significantly easier to brute force than most passwords; someone with physical access to a handset secured with a PIN can therefore feasibly determine the PIN in a short time. Enterprises may therefore implement policies enforcing strong passwords through mobile phone management systems.
Mobile phone microphones can be activated remotely by security agencies or telcos, without any need for physical access. This "roving bug" feature has been used by law enforcement agencies and intelligence services to listen in on nearby conversations.
Other techniques for phone hacking include tricking a mobile phone user into downloading malware which monitors activity on the phone, or bluesnarfing, which is unauthorized access to a phone via Bluetooth.
There are also flaws in the implementation of the GSM encryption algorithm that allow passive interception. The equipment needed is available to government agencies or can be built from freely available parts.
In December 2011, German researcher Karsten Nohl revealed that it was possible to hack into mobile phone voice and text messages on many networks with free decryption software available on the Internet. He blamed the mobile phone companies for relying on outdated encryption techniques in the 2G system, and said that the problem could be fixed very easily.
Phone hacking is a form of surveillance, and is illegal in many countries unless it is carried out as lawful interception by a government agency. In the News International phone hacking scandal, private investigator Glenn Mulcaire was found to have violated the Regulation of Investigatory Powers Act 2000. He was sentenced to six months in prison in January 2007. Renewed controversy over the phone hacking claims led to the closure of the News of the World in July 2011.
In December 2010, the Truth in Caller ID Act was signed into United States law, making it illegal "to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value."
- Davies, Nick; Hill, Amelia (4 July 2011). "Missing Milly Dowler's voicemail was hacked by News of the World". The Guardian. Retrieved 13 July 2011.
- Wolfe, Henry B (February 2010). "Mobile Phone Security" (PDF). The TCSM Journal 1 (2): 3.
- Rogers, David (7 July 2011). "Voicemail Hacking and the 'Phone Hacking' Scandal - How it Worked, Questions to be Asked and Improvements to be Made". Copper Horse Solutions. Retrieved 25 Jul 2012.
- "Who, What, Why: Can Phone Hackers Still Access Messages?". BBC News. 6 July 2011.
- Voicemail hacking: How Easy Is It?, New Scientist, 6 July 2011
- Milian, Mark (8 July 2011). "Phone Hacking Can Extend Beyond Voice Mail". CNN. Retrieved 9 July 2011.
- Grubb, Ben (8 July 2011). "Vulnerable voicemail: telco-issued PINs insecure". The Sydney Morning Herald. Retrieved 9 July 2011.
- Cell Phone Voicemail Easily Hhacked, MSNBC, 28 February 2005
- Kevin Mitnick Shows How Easy It Is to Hack a Phone, interview with Kevin Mitnick, CNET, 7 July 2011
- Soghoian, Christopher (9 August 2011). "Not an option: time for companies to embrace security by default". Ars Technica. Retrieved 25 July 2012.
- Rooney, Ben (15 June 2011). "Once Again, 1234 Is Not A Good Password". The Wall Street Journal. Retrieved 8 July 2011.
- Greenberg, Andy (27 Mar 2012). "Here's How Law Enforcement Cracks Your iPhone's Security Code". Forbes.com. Retrieved 25 Jul 2012.
- Jaquith, Andrew (5 Apr 2011). "Picking a Sensible Mobile Password Policy" (pdf). Perimeter E-Security. Retrieved 26 Jul 2012.
- Schneier, Bruce (December 5, 2006). "Remotely Eavesdropping on Cell Phone Microphones". Schneier On Security. Retrieved 13 December 2009.
- McCullagh, Declan; Anne Broache (December 1, 2006). "FBI taps cell phone mic as eavesdropping tool". CNet News. Retrieved 2009-03-14.
- Odell, Mark (August 1, 2005). "Use of mobile helped police keep tabs on suspect". Financial Times. Retrieved 2009-03-14.
- "Telephones". Western Regional Security Office (NOAA official site). 2001. Retrieved 2009-03-22.
- "Can You Hear Me Now?". ABC News: The Blotter. Retrieved 13 December 2009.
- Lewis Page (2007-06-26). "'Cell hack geek stalks pretty blonde shocker'". The Register. Retrieved 2010-05-01.
- Brian Wheeler (2004-03-02). "'This goes no further...'". BBC News Online Magazine. Retrieved 2008-06-23.
- How easy is it to hack a mobile?, BBC News, 7 September 2010
- Jansen, Wayne; Scarfone, Karen (October 2008). "Guidelines on Cell Phone and PDA Security" (pdf). National Institute of Standards and Technology. Retrieved 25 Jul 2012.
- McMillan, Robert. "Hackers Show It's Easy to Snoop on a GSM Call". IDG News Service.
- O'Brien, Kevin J. (25 December 2011). "Lax Security Exposes Voice Mail to Hacking, Study Says". The New York Times. Retrieved 28 December 2011.
- "Pair jailed over royal phone taps ", BBC News, 26 January 2007
- News of the World to close amid hacking scandal, BBC News, 7 July 2011
- Truth in Caller ID Act of 2010, December 22, 2010, accessed 7 July 2011
- How Phone Hacking Worked and How to Make Sure You're Not a Victim at Sophos
- Phone hacking collected news and commentary at The Guardian
- Timeline: News of the World phone-hacking row, BBC News, 5 July 2011
- Full Q&A On The Phone Hacking Scandal, Sky News, 5 July 2011
- Anatomy of the Phone-Hacking Scandal, The New York Times, 1 September 2010
- The Rise of Caller ID Spoofing, The Wall Street Journal, 5 February 2010
- Phone hacking: Are you safe?, Rory Cellan-Jones, BBC News, 12 July 2011