We have been hearing all about phone hacking, but do you know how they do it. Since the early days of mobile phone technology, mobile phones have allowed access to voicemail messages via a landline telephone, requiring the entry of a Personal Identification Number (PIN) to listen to the messages. As many mobile phones were supplied with a factory default PIN that was rarely changed by the owner, it was easy for a person who knew the phone number and the default PIN to access the voicemail messages. Following controversies over phone hacking, some mobile phone companies have changed their systems so that remote access to voicemail messages and other phone settings cannot be achieved via a factory default PIN.
Caller ID spoofing allows a caller to pretend that a call has been made from another number. During the mid-2000s, it was discovered that this would allow unauthorized access to the voicemail on some mobile phone networks, as calls that spoofed the number of the handset were put straight through to voicemail without the need for a PIN code to be entered.
An analysis of PIN codes suggested that ten numbers represent 15% of all iPhone passcodes, with “1234” and “0000” being the most common, with years of birth and graduation also being common choices. To prevent hacking, some mobile phone companies disallow the use of consecutive or repeat digits in PIN codes.
Social engineering may be used to reset the PIN code to the factory default, by impersonating the owner of the phone during a call to a call centre.
Other techniques for phone hacking include tricking a mobile phone user into downloading malware which monitors activity on the phone, or bluesnarfing, which is unauthorized access to a phone via Bluetooth.
There are also flaws in the implementation of the GSM encryption algorithm which allow passive interception. The equipment needed is available to government agencies or can be built from freely available parts.
In December 2011, German researcher Karsten Nohl revealed that it was possible to hack into mobile phone voice and text messages on many networks with free decryption software available on the Internet. He blamed the mobile phone companies for relying on outdated encryption techniques in the 2G system, and said that the problem could be fixed very easily.