Computer Security Experts: Phone Hacking Is Easy

Start your day with TPM.
Sign up for the Morning Memo newsletter

How easy is it to “hack” into a voice mail system? Easy, according to security experts.

That’s both because cell phone owners make it easy by not changing their default personal identification number to access their voice mail, and because of the proliferation of easily-accessible software online that enables people to pretend to be the owners of phones that they’re trying to break into.

The News of the World phone hacking scandal has people on both sides of the Atlantic wondering how widespread the practice is within News Corp., with one group calling for a congressional investigation into whether other News Corp. journalists have hacked into any Americans’ accounts.

Mobile phone security expert David Rogers recently wrote a piece over at computer security company Sophos’ Naked Security blog explaining how the phone hacking probably worked, and how you can protect yourself against being “hacked.”

The problem boils down to a few key points: people leaving their PINs untouched and set at the generic number, phone companies enabling remote access to voice mail, and caller-ID spoofing.

Rogers says that in addition to changing your PIN yourself, phone companies for their part could help out either by disabling remote access to phone voice mails completely, or by sending cell phone users a text message every time there was an attempt to remotely access your voice mail, or that there was a failed attempt to log in with the wrong PIN, or your PIN was changed.

Meanwhile, computer security journalist Elinor Mills at CNET called computer hacker-turned security consultant/author Kevin Mitnick to demonstrate how easy it is to break into a phone system.

He accessed Mills’ cell phone voice mail within minutes by writing a software script that enabled a voice-over-internet-protocol phone system to pretend it was her own phone calling in to check voice mail. He told her: “Any 15-year-old that knows how to write a simple script can find a VOIP provider that spoofs caller ID and set this up in about 30 minutes.”

Mills could have prevented it by setting her system up so that she would have to enter a password when accessing her voice mail even from her own phone.

Latest Idealab
Comments
Masthead Masthead
Founder & Editor-in-Chief:
Executive Editor:
Managing Editor:
Associate Editor:
Editor at Large:
General Counsel:
Publisher:
Head of Product:
Director of Technology:
Associate Publisher:
Front End Developer:
Senior Designer: