Phone hacking is the practice of exploring a

mobile device A mobile device (or handheld computer) is a computer small enough to hold and operate in the hand. Mobile devices typically have a flat LCD or OLED screen, a touchscreen interface, and digital or physical buttons. They may also have a physica ...

often using computer exploits to analyze everything from the lowest

memory Memory is the faculty of the mind by which data or information is encoded, stored, and retrieved when needed. It is the retention of information over time for the purpose of influencing future action. If past events could not be remember ...

and

central processing unit A central processing unit (CPU), also called a central processor, main processor or just processor, is the electronic circuitry that executes instructions comprising a computer program. The CPU performs basic arithmetic, logic, controlling, a ...

levels up to the highest

file system In computing, file system or filesystem (often abbreviated to fs) is a method and data structure that the operating system uses to control how data is stored and retrieved. Without a file system, data placed in a storage medium would be one larg ...

and process levels. Modern

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized so ...

tooling has become fairly sophisticated as to be able to "hook" into individual functions within any running App on an unlocked device and allow deep inspection and modification of their functions. Phone hacking is a large branch of

computer security Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...

that includes studying various situations exactly how attackers use security exploits to gain some level of access to a

in a variety of situations and presumed access levels. The term came to prominence during the News International phone hacking scandal, in which it was alleged (and in some cases proved in court) that the British tabloid newspaper the ''

News of the World The ''News of the World'' was a weekly national red top tabloid newspaper published every Sunday in the United Kingdom from 1843 to 2011. It was at one time the world's highest-selling English-language newspaper, and at closure still had one ...

'' had been involved in the interception of voicemail messages of the British Royal Family, other public figures, and a murdered schoolgirl named

Milly Dowler Milly is a feminine given name, sometimes used as a short form (hypocorism) of Mildred, Amelia, Emily, etc. It may refer to: People * Milly Alcock (born 2000), Australian actress * Milly Babalanda (born 1970), Ugandan politician * Milly Ber ...

Victims of phone hacking

Although any mobile phone users may be targeted, "for those who are famous, rich or powerful or whose prize is important enough (for whatever reason) to devote time and resources to make a concerted attack, it is usually more common, there are real risks to face."

Techniques

Voicemail hacking

Motorola L71 on the China Mobile network 20100521

The unauthorized remote access to

voicemail A voicemail system (also known as voice message or voice bank) is a computer-based system that allows users and subscribers to exchange personal voice messages; to select and deliver voice information; and to process transactions relating to ind ...

systems, such as exposed by the News International phone hacking scandal, is possible because of weaknesses in the implementations of these systems by telcos. Some PABX systems have a distant voicemail feature, which is accessed by entering a password when the initial greeting is being played. A hacker can call a direct dial number with voicemail, and then try to use the default password or guess it, or then select the "call back" function, and enter a premium rate number for the callback. The PABX calls back the premium rate line, confirming the password for the hacker. To stop this form of hacking, the call back feature on the PABX can be turned off, or a strong password used. Mobile phone voicemail messages may be accessed on a

landline A landline (land line, land-line, main line, home phone, fixed-line, and wireline) is a telephone connection that uses metal wires or optical fiber telephone line for transmission, as distinguished from a mobile cellular network, which us ...

telephone with the entry of a

personal identification number A personal identification number (PIN), or sometimes redundantly a PIN number or PIN code, is a numeric (sometimes alpha-numeric) passcode used in the process of authenticating a user accessing a system. The PIN has been the key to facilitati ...

(PIN). The service provider commonly sets a four-digit default PIN that is rarely changed by the phone's owner. A hacker who knows both the phone number and the default PIN can access the voicemail messages associated with that service. Even where the default PIN is not known, social engineering can be used to reset the voicemail PIN code to the default by impersonating the owner of the phone with a call to a

call centre A call centre ( Commonwealth spelling) or call center (American spelling; see spelling differences) is a managed capability that can be centralised or remote that is used for receiving or transmitting a large volume of enquiries by telephone ...

. Many people also use weak PINs that are easy to guess. To prevent subscribers from choosing PINs with weak

password strength Password strength is a measure of the effectiveness of a password against guessing or brute-force attacks. In its usual form, it estimates how many trials an attacker who does not have direct access to the password would need, on average, to gues ...

, some mobile phone companies now disallow the use of consecutive or repeat digits in voicemail PIN codes. During the mid-2000s, it was discovered that calls emanating from the handset registered against a voicemail account would be put straight through to voicemail without the need of a PIN. A hacker could use caller ID spoofing to impersonate a target's handset caller ID and thereby gain access to the associated voicemail without a PIN. Following controversies over phone hacking and criticism that was leveled at mobile service providers who allowed access to voicemail without a PIN, many mobile phone companies have strengthened the default security of their systems so that remote access to voicemail messages and other phone settings can no longer be achieved even via a default PIN. For example,

AT&T AT&T Inc. is an American multinational telecommunications holding company headquartered at Whitacre Tower in Downtown Dallas, Texas. It is the world's largest telecommunications company by revenue and the third largest provider of mobile ...

announced in August 2011 that all new wireless subscribers would be required to enter a PIN when checking their voicemail, even when checking it from their own phones, while

T-Mobile T-Mobile is the brand name used by some of the mobile communications subsidiaries of the German telecommunications company Deutsche Telekom AG in the Czech Republic ( T-Mobile Czech Republic), Poland ( T-Mobile Polska), the United States (T-Mobil ...

stated that it "recommends that you turn on your voice mail password for added security, but as always, the choice is yours."

Handsets

An analysis of user-selected PIN codes suggested that ten numbers represent 15% of all iPhone passcodes, with "1234" and "0000" being the most common, with years of birth and graduation also being common choices. Even if a four-digit PIN is randomly selected, the key space is very small (

10^

or 10,000 possibilities), making PINs significantly easier to

brute force Brute Force or brute force may refer to: Techniques * Brute force method or proof by exhaustion, a method of mathematical proof * Brute-force attack, a cryptanalytic attack * Brute-force search, a computer problem-solving technique People * Brut ...

than most passwords; someone with physical access to a handset secured with a PIN can therefore feasibly determine the PIN in a short time. Mobile phone microphones can be activated remotely by security agencies or telcos, without any need for physical access, as long as the battery has not been removed. This "roving bug" feature has been used by law enforcement agencies and intelligence services to listen in on nearby conversations. Other techniques for phone hacking include tricking a mobile phone user into downloading

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...

which monitors activity on the phone. Bluesnarfing is an unauthorized access to a phone via

Bluetooth Bluetooth is a short-range wireless technology standard that is used for exchanging data between fixed and mobile devices over short distances and building personal area networks (PANs). In the most widely used mode, transmission power is limi ...

Other

There are flaws in the implementation of the GSM encryption algorithm that allow passive interception. The equipment needed is available to government agencies or can be built from freely available parts. In December 2011, German researcher Karsten Nohl revealed that it was possible to hack into mobile phone voice and text messages on many networks with free decryption software available on the Internet. He blamed the mobile phone companies for relying on outdated encryption techniques in the 2G system, and said that the problem could be fixed very easily.

Legality

Phone hacking, being a form of

surveillance Surveillance is the monitoring of behavior, many activities, or information for the purpose of information gathering, influencing, managing or directing. This can include observation from a distance by means of electronic equipment, such as ...

, is illegal in many countries unless it is carried out as

lawful interception Lawful interception (LI) refers to the facilities in telecommunications and telephone networks that allow law enforcement agencies with court orders or other legal authorization to selectively wiretap individual subscribers. Most countries requir ...

by a government agency. In the News International phone hacking scandal, private investigator

Glenn Mulcaire Glenn Michael Mulcaire (born 8 September 1970) is an English private investigator and former non-league footballer. He was closely involved in the News International phone hacking scandal, and was imprisoned for six months in 2007 for his role ...

was found to have violated the Regulation of Investigatory Powers Act 2000. He was sentenced to six months in prison in January 2007. Renewed controversy over the phone-hacking claims led to the closure of the ''

'' in July 2011. In December 2010, the Truth in Caller ID Act was signed into

United States law The law of the United States comprises many levels of codified and uncodified forms of law, of which the most important is the nation's Constitution, which prescribes the foundation of the federal government of the United States, as well a ...

, making it illegal "to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value."
, 29 September 2017

References

External links

*
US Today Has someone hacked your webcam
March 2 2018
Cell Hack 5.0 app in spanish for hacking

Timeline: News of the World phone-hacking row
''

BBC News BBC News is an operational business division of the British Broadcasting Corporation (BBC) responsible for the gathering and broadcasting of news and current affairs in the UK and around the world. The department is the world's largest broadc ...

'', 5 July 2011
Full Q&A On The Phone Hacking Scandal
''

Sky News Sky News is a British free-to-air television news channel and organisation. Sky News is distributed via an English-language radio news service, and through online channels. It is owned by Sky Group, a division of Comcast. John Ryley is the he ...

'', 5 July 2011
Anatomy of the Phone-Hacking Scandal
''

The New York Times ''The New York Times'' (''the Times'', ''NYT'', or the Gray Lady) is a daily newspaper based in New York City with a worldwide readership reported in 2020 to comprise a declining 840,000 paid print subscribers, and a growing 6 million paid ...

'', 1 September 2010
The Rise of Caller ID Spoofing
''

The Wall Street Journal ''The Wall Street Journal'' is an American business-focused, international daily newspaper based in New York City, with international editions also available in Chinese and Japanese. The ''Journal'', along with its Asian editions, is published ...

'', 5 February 2010
Phone hacking: Are you safe?

Rory Cellan-Jones Nicholas Rory Cellan-Jones (born 17 January 1958; "Cellan" pronounced ) is a British journalist and a former BBC News technology correspondent. After working for the BBC for 40 years, he announced in August 2021 he was leaving the corporation ...

, ''

'', 12 July 2011
Should you cover your phone camera, BUSTLE
Feb 16 2018 {{DEFAULTSORT:News Of The World Phone Hacking Affair Hacking (computer security) Telephone crimes Telephone tapping Mobile security Phreaking