Phone hacking: Are you safe?

Woman holding mobile phoneImage source, PA
Image caption,

Could anyone else be picking up your messages?

Can my mobile phone be hacked? A question a lot of us have been asking over recent days, for obvious reasons. So I set about finding out about the threats to your phone and mine.

I called the network I've been using recently, O2, in search of reassurance. They told me that the original hacking technique which made the phones of anyone who used voicemail insecure does now appear to be obsolete.

It involved exploiting the fact that mobile phone operators gave customers default pin numbers - 0000 or 1234 - to access their voicemail from another phone.

O2 say that when they investigated back in 2006, 40 customers were identified as having had their voicemail accessed without authorisation by the News of The World's Clive Goodman and Glenn Mulcaire. After that the network changed its system.

"A customer is now required to personalise their PIN number from their mobile phone if they wish to access their voicemails from another phone. If a customer does not choose a PIN, they will not be able to remotely access any of their voicemails."

But there are other threats out there - just look at this post on the technology site CNET, external.

The security consultant Kevin Mitnick describes another technique that could allow someone to access your voicemail if they knew your phone number.

Caller ID spoofing allows anyone with a modicum of technical know-how to get access to your voicemail by convincing the system that it's you calling.

According to CNET, the technique has been used in the past to hack celebrities' messages. But rest easy - both O2 and Vodafone told me their systems were designed to make this technique impossible in the UK.

Beyond voicemail

Don't be too relaxed, though, if you are the owner of a smartphone.

The fact that these mini-computers now store vastly more data - from e-mails to calendar appointments to photos - means that any intrusion can be all the more damaging.

Last year a security firm called Vigilante Bespoke, which works to protect its clients' phones and computers from hacking, showed me just how vulnerable a modern smartphone might be.

Techniques such as text message spoofing and fake wi-fi hotspots that can capture your phone are now available to those bent on mischief with your mobile.

I checked in with Vigilante Bespoke this week and was told that new techniques are popping up all the time, when they examine their customers' mobiles for signs of vulnerability.

On one client's phone they found a piece of software, a legitimate product, used by businesses and parents to monitor everything that happens on a mobile phone - from voicemail, to e-mails to web use.

But in this case it had been installed without the client's knowledge, possibly when he put it down in a public place for a few minutes.

Other threats to your mobile security - from scanners to tracking devices - involve a lot of technical knowledge and in some cases a great deal of investment of time and money from those bent on invading your security.

But, as we've seen, for some journalists and private detectives backed by organisations with deep pockets, that's feasible if the target is deemed sufficiently valuable.

Clueless users

The security blogger Graham Cluley told me it was shocking how ignorant most of us were about the threat to our phones.

"As devices become more complex and we store more of our lives on our cellphone it will become increasingly important to properly protect them," he says.

Image source, Getty Images
Image caption,

The singer says that police want to talk to him as part of the hacking investigation Operation Weeting

"The mobile phone operators can't afford to ignore security, and should build in defences and guide users about how best to protect themselves."

And even if your phone itself is perfectly secure, what about your computer?

On Twitter yesterday George Michael made a series of allegations, external about the invasion of his privacy by journalists and the police.

"In recent years it's gone way further than phone hacking," he said.

Others who have been the target of newspaper investigations are suggesting that they were sent Trojans - e-mail attachments that allow someone to gain access to your computer.

We still need to see more evidence on that , but a Panorama investigation earlier this year found that this technique had been used in at least one case.

So the question to ask is not so much is my phone safe, but is all of my personal data, wherever it is stored, secure from the hacker?

Luckily, most of us lead lives so mundane that we are unlikely to find ourselves targeted by the tabloids.

That does not mean we can relax - our data may not be valuable to journalists, but for fraudsters it's a potential goldmine.