July 21, 2011 12:57:00 PM
The recent phone hacking scandal in the U.K. has so far resulted in multiple resignations, arrests and the closure of a 168-year-old newspaper. News reports this week suggest that Rupert Murdoch''s own job as CEO of News Corp. may be in jeopardy as a result of at least one of his newspapers accessing the voice mail of celebrities, royalty and even a murdered teenager.
"Phone hacking" as used by the media in this story is deceptive. The method allegedly used by English newspaper reporters and private investigators is much more boring, and you don''t have to be a hacker to pull it off.
Basic phone hacking
Most cellphone companies make it easy for you to check your voice mail from phones other than your own. AT&T offers a voice mail access phone number you can call from any phone. Once you call this number, you are prompted for your 10 digit phone number and password. Once you enter this information, you have complete access to your own voice mail.
Verizon customers can access their voice mail by calling their own number and pressing the # key once their message starts playing. Cellular South customers can do the same by pressing the * key. Both carriers require a password to access voice mail.
Many cell phone users select easy to guess passwords for their voice mail like 1234, 0000 or the digits from their birth date. Some cellphone companies use default passwords that are also simple, and many people never bother to change those default passwords.
Through trial and error, a "hacker" could potentially access your voice mail if you have a simple password. This appears to be the method used by News of the World journalists.
Not very exciting, huh?
A more interesting technique is called "caller ID spoofing." If you dial your own number from your own phone, most cell phone carriers assume you are the caller and do not even prompt you for a password. Spoofing involves tricking the phone company into thinking you are actually calling from your mark''s cellphone.
With fewer than 50 lines of programming code and freely available software, caller ID spoofing is possible for even a novice programmer.
As a side note, the act of manipulating the phone system is called "phreaking" and not "hacking."
A word of caution to aspiring phreakers: Caller ID spoofing with the intent to defraud or cause harm was outlawed by the Truth in Caller ID Act of 2009 and carries a penalty of up to $10,000 for each violation.
Even before this latest scandal, phone companies started cracking down on voice mail vulnerabilities. Requiring users to change default passwords, requiring complicated passwords and sending text-message alerts to target phones are all methods various cell companies are using to help prevent phone hacking.
Each cellphone provider handles voice mail security differently. Spend some time on your cellphone provider''s website to determine how to set your voicemail password. Once you know how to change your password, set it to a random number.
Peter Imes is the general manager at The Dispatch. You can email him at email@example.com or follow him on Twitter at @pimes.
brynnrn73 commented at 7/21/2011 1:31:00 PM:
Appreciate the clarification...I've been wondering how that all happened...very unfortunate.
frank commented at 7/21/2011 4:58:00 PM:
kat commented at 7/21/2011 6:09:00 PM:
Thanks for the easy explanation. I always enjoy reading your articles. You make seem so simple-even a caveman could do it !
lorenza102053 commented at 7/22/2011 9:09:00 AM:
It,s a little scary that is so EASY to do ...at least I was hoping that you had to be a nerdy hacker in order to pull this off. I'ts still an issue of privacy, ethics and morals , all of which seem to be in short supply lately...
roscoe p. coltrain commented at 7/24/2011 10:09:00 AM:
Well thanky Mr. Imes, now could you please explain to us why Birney hasn't said a word in the paper about the Open Meeting Law violation attempts at the last CC meeting, why the person who ordered it hasn't been fired or charged with it, and why Birney's lips only move when someone has their hand up his azz?