Phone hacking - how easy is it?

How difficult is it to hack into someone's voicemail? Do you need to be a specialist programmer or have a PhD in computer science? Leila Sattary takes a look at the “technology” behind the recent phone hacking scandal

During the News of the World phone hacking scandal, like most of the country, I was appalled but also slightly amazed that journalism trained writers had the technological aptitude to be able to hack into personal information.

However, as I discovered, a simple combination of a little knowledge about mobile providers, guesswork and some social engineering is all it takes. To test the method, I thought I would give phone hacking a go on a willing victim, my other half Oliver.

First I called his mobile provider on their service to “access voicemail from a landline number”. All I needed to know was his mobile number and his pin number to get through. However, he had not set a pin number, although at four digits I’m sure a couple of guesses at 1111, 1234 etc. may have wielded a result. As he had not set a pin number I could not access his voicemail at all from a landline. Unshaken by this failure, I moved into stage two of my hacking attempt – some social engineering. With a simple call to the provider, pretending to be his secretary, I managed to set his voicemail pin number. I again tried to access his voicemail from a landline, entered his mobile number and his newly set up pin number and I could listen and delete his messages to my heart’s content. Simple.

I can hardly believe how incredibly easy it was to compromise his privacy in five short minutes. I did not need to steal his phone, know anything about the technology or my victim and just do a little bit of lying to someone with a headset in Tyneside.

Even if he had set his pin number to something unguessable, perhaps a little knowledge including his home address, date of birth and mother’s maiden name would have allowed me to reset it.

After sitting in my office feeling quite pleased with myself for having hacked in unnoticed, within ten minutes I had a call from Oliver saying he had a text from his mobile provider telling him someone had set his voicemail pin number – I’d been rumbled. This is a fairly new feature for mobile providers to protect privacy. Of course, if I was truly attacking an innocent’s voicemail, they would have a text telling them their pin had been changed but I had already listened to the messages and there is no obvious way of tracing anything back to me.

I was able to hack Oliver’s voicemail for two reasons – his negligence in not setting his own pin number (admittedly I doubt that many of us have, I certainly had not until today) and someone being persuaded by a slightly aggravated “secretary” on the other end of the phone.

We have an equally lax attitude to our online data but things are slowly improving. Online banking is getting more secure with “two-factor authentication” which makes hacking much harder without actually stealing the bank card. Yet these new systems frustrate users because it slows down the transaction or login process. We end up wearing away our security and privacy in the name of convenience.

Online and mobile technology is wonderful and I am by no means advocating we all ditch technology and delete our Facebook accounts (not that this would actually erase the information of course) but where there are security measures in place let’s make sure we use them. And go and change your passwords and set your pin numbers right now, just to be sure.