Amid U.K. Controversy, Analyst Shares Phone Security Tips

By John Wagley

The best way to secure a phone’s voice mail box is to use strong PINs and hope your phone company's employees are smart and trustworthy, according to a security analyst.

Graham Cluley, a senior technology analyst at U.K.-based Sophos, spoke with Security Management as the controversy involving accusations that up to 3,000 high-profile figures’ inboxes may have been hacked swells in Great Britain.

The hacking scandal broke a few weeks ago after the Guardian, in a series of articles, reported that a two-year-old spying scandal involving a Rupert Murdoch-owned tabloid News of the World (NoW) was more extensive than previously known.

In 2007, NoW’s royal correspondent, Clive Goodman, and a private investigator (PI) accomplice, Glen Mulcaire, were imprisoned for hacking Royal assistants’ voice mail boxes. In recent weeks, former and current NoW editors have testified before a House of Commons committee that they never condoned or had any knowledge of the alleged activity, which also included hiring PIs to illegally access records on subjects, reports The Register.

A Guardian reporter, in front of the same committee last week, produced e-mails that he said indicated wider and more extensive involvement by NoW staff. Scotland Yard has declined to reopen the 2007 case, but could be under pressure to reverse course, The Register also reported.

Voice mail hacking can be relatively simple, Cluley says. Most people do not change their factory PINs or they choose easily-guessed numbers. A hacker might call when the target’s phone is off, such as in the middle of the night. A break-in could involve a phone company employee, he adds. Someone could convince a representative that he or she owned the phone or else use financial or other incentives. The company could permanently reset the PIN or perhaps (and better for the hacker) just reset it temporarily, Cluley says.

Cluley recommends setting PINs with unique numbers. If suspicious activity is detected, such as a phone saying a message has been heard when it has not, owners might consider contacting their company, he says. “There’s really not much else we can do.”

♦ Photo by mulmatsherm/Flickr


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.