The phone hacking scandal by the News of the World has led to blame being thrown all over the place. In addition to the main focus of intrusive journalism, IT networks are now also in the firing line for the lack of security in place.
However, the method by which many voicemail accounts were breached barely warrants the term ‘Hack.’ In fact, no specific IT skills are required at all.
The trick involves calling the target’s phone and when they are on the line they are called from another phone. This way, the fraudster can access the target’s voicemail. For most telephone networks, fraudsters can dial star and enter the target’s pin.
Frequently, most people stick with their phone’s default pin, making it simple for a private investigator or journalist to just reel off the stored messages.
It is only now that many telcos are beginning to change their practices, forcing customers to change the default pin they are provided with.
Obviously hacking pins has not been the only means by which information has been extracted. Nick Davies in his book ‘Flat Earth News’ points to call centre staff being conned into providing details, the bribing of civil servant staff and investigators sifting through garbage. Ring a call centre claiming that you have forgotten your pin code and all that is required for a reminder is the first line of your address and your date of birth. If you’re a celebrity, this information is easy to find on the internet.
Network security needs to be taken more seriously. Looking at the way pins are managed for credit cards, clearly mobile security is distinctly lacking comparison. It is difficult to imagine banks issuing default pin numbers.