Viewing 27 posts - 1 through 27 (of 27 total)
  • Mobile phone security – hacking
  • rightplacerighttime
    Free Member

    Just listening to yet another exhaustive discussion of who knew what when on the radio, and it occurs to me that after weeks and weeks of this stuff building up I’ve not yet heard or read one feature about the security of mobiles.

    How easy is it to hack a phone, are more recent models/services any better than they were a few years ago, and what can you do to make sure your messages are secure (presumably this is something for the providers to be looking at)?

    beej
    Full Member

    Phones weren’t “hacked”. What was generally happening was that the baddies were exploiting a feature of the voicemail systems – the ability to dial into a voicemail from any phone, enter a PIN and get access to the messages. This feature allows people to listen to their messages even if they don’t have their mobile with them.

    At the time, most/all networks had a default PIN, which few people bothered to change. To listen to someone elses voicemail involved calling their mobile, waiting for it to divert to the voicemail then entering the PIN. Given most PINs were 0000, or 3333, or whatever was default for that network, it wasn’t difficult to get access.

    Since then a couple of things have changed:

    – Networks no longer have default PINs – every one is different
    – Some networks only allow you to change the PIN after calling from your own mobile, rather than allowing you to change it when dialling in from another phone.
    – Some networks monitor attempts to access the mailbox remotely, and lock access if they detect failed remote access attempts.

    It has nothing to do with the make of phone – voicemail is kept within the network (hey, it’s a cloud service! Before the term was even invented!), not on the phone. (Exceptions to this are 3rd party voicemail services that may also send the voicemail to the handset in the form of an MP3 – e.g. Hullomail).

    (Hope that all makes sense… I do this stuff for a living)

    wombat
    Full Member

    As I understand it the hacking is an issue with the network, not the handset as voice messages are not held in the handset (you can’t get pick up voicemails if you don’t have network coverage).

    IIRC You used to be able to to access your mobile voicemeils from a landline if you knew the mobile number and an associated code number and a PIN. Not sure if you can still do this.

    As it’s a network issue I suspect that there will be/will have been in the past folks somewhere working for one or some or all networks that might be persuaded to swop “useful” info for, say, a wedge of cash.

    EDIT

    Too slow

    Fresh Goods Friday 696: The Middling Edition

    Fresh Goods Friday 696: The Middlin...
    Latest Singletrack Videos
    bruneep
    Full Member

    (Hope that all makes sense… I do this stuff for a living

    Phone hacking?

    xiphon
    Free Member

    Most voicemails authenticate you by caller-ID. i.e. when you phone the voicemail from your mobile, it sends your number down the line as the authentication.

    This can be spoofed. So you impersonate the intended target.

    By knowing their mobile number, you can then find out what operator they use (Virgin, O2, Orange, etc) – who all have their own voicemail number to ring. 901 on your mobile is a shortcut for a +44 number, often a mobile number owned by the carrier +00447….

    Also, when voicemail systems have their own security pin enforced – how many people actually change from the default? 0000, 1111, 1234, etc.

    ( Too slow for me too! Doh! )

    rightplacerighttime
    Free Member

    So is the next revelation going to be skulduggery by someone working for one of the networks?

    Hard to imagine the the Royals wouldn’t have reset their pin numbers (or rather had them reset for them).

    beej
    Full Member

    (Hope that all makes sense… I do this stuff for a living

    Phone hacking?

    Shhhhh!

    beej
    Full Member

    Most voicemails authenticate you by caller-ID. i.e. when you phone the voicemail from your mobile, it sends your number down the line as the authentication.

    This can be spoofed. So you impersonate the intended target.

    I don’t think this work (95% sure but willing to be corrected). CLI is applied within the network for mobile originated calls, as the mobile doesn’t actually know its own phone number (strange but true, all the comms/paging uses another number, IMSI). So for a mobile dialling into voicemail (e.g. on Voda, 121) the phone number is applied in the network (at the MSC?) before the call is routed to the voicemail boxes.

    Thing is, they didn’t need to spoof CLI. It was far easier than that.

    simonfbarnes
    Free Member

    By knowing their mobile number, you can then find out what operator they use

    not any longer as numbers are transferrable. I have an O2 number but I’m on T-Mobile. A higher level of security can be achieved by disabling voicemail 🙂

    buffalobill
    Free Member

    Since it was/ is so easy, and so common as a practice within NOTW, I am finding it hard to believe that other newspapers didn’t adopt similar practices?

    midlifecrashes
    Full Member

    As I understand it it went like this:

    Journo A calls victim on their mobile, keeps them chatting
    Journo B then calls victim, it’s busy so goes straight to voicemail, by pressing * you then go to voicemail menu and are prompted for the password, since hardly anyone changes theirs it will be set as the default for the network, so will be 0000, 1234 or whatever. There are only a handful of networks so won’t take long to try all the defaults.

    Teetosugars
    Free Member

    I don’t think this work (95% sure but willing to be corrected). CLI is applied within the network for mobile originated calls, as the mobile doesn’t actually know its own phone number (strange but true, all the comms/paging uses another number, IMSI). So for a mobile dialling into voicemail (e.g. on Voda, 121) the phone number is applied in the network (at the MSC?) before the call is routed to the voicemail boxes.

    Quite Correct there Beej….

    Apart from the fact they use a TMSI, not the IMSI..

    A new one is generated each time you ake a call IIRC.

    dooosuk
    Free Member

    Since then a couple of things have changed:

    – Networks no longer have default PINs – every one is different

    Networks certainly do still have default PINs.

    Most voicemails authenticate you by caller-ID. i.e. when you phone the voicemail from your mobile, it sends your number down the line as the authentication.

    This can be spoofed. So you impersonate the intended target.

    I don’t think this work (95% sure but willing to be corrected).

    I think CLI spoofing can and does indeed work (on some networks).

    allthepies
    Free Member

    Wot midlifecrashes said.

    toys19
    Free Member

    Since it was/ is so easy, and so common as a practice within NOTW, I am finding it hard to believe that other newspapers didn’t adopt similar practices?

    Understatement of the century.

    clubber
    Free Member

    A mate’s ex-gf did this to him – he wondered how she was always ‘coincidentally’ bumping into him when he was out on the town after they split up…

    She was known as psycho-bird though.

    simon_g
    Full Member

    Journo A calls victim on their mobile, keeps them chatting
    Journo B then calls victim, it’s busy so goes straight to voicemail

    The chatting bit isn’t even necessary, just need two phones, call the number from phone 1, straight away call from phone 2 (which will go to voicemail), hang up phone 1. If it’s done quickly enough, the victim’s phone may not even ring. Even if it does, it’s too quick to answer.

    andytherocketeer
    Full Member

    With smartphones, it can get even more interesting. For example, there are SMS proxys out there that sit between the phone’s main OS and the firmware. Might be tricky to get the malware on the phone, but once it’s there, it’s completely stealthy.
    And there’s many many more tricks once you start talking about smartphone/netbook/wifi connections.

    joemarshall
    Free Member

    Since it was/ is so easy, and so common as a practice within NOTW, I am finding it hard to believe that other newspapers didn’t adopt similar practices?

    Well, the Sun & Sunday Times both apparently blagged information in various ways to get information about Gordon Brown’s sick & dying children. How bloody callous is that, it isn’t like there was a public interest reason that we needed to know that his baby was going to die, they just wanted to sell newspapers on the back of it.

    So it at least is all of the Murdoch newspapers that are up to this kind of illegal shenanigans, not just NOTW.

    joemarshall
    Free Member

    Oh and in the USA at least, you can spoof caller ID, and use that to make it seem like the person is calling the voicemail from their own phone, which means it won’t ask you for a PIN even.

    http://www.nata2.org/2006/09/24/hacking-voicemail-with-asterisk-and-caller-id-spoofing/

    beej
    Full Member

    Networks certainly do still have default PINs

    Voda doesn’t (I guess old customers might still have one? Not sure)

    Voda Help Centre

    TeetoS – ah yes, the TIMSI… the days of my GSM/3G courses are waaaaay behind me!

    dooosuk
    Free Member

    O2 still have a default PIN but force you to change it on first access. If your account is subsequently locked then they send you a temporary PIN via SMS and force you to change that when you next dial in.

    Tesco obviously have the same as O2.

    ScottChegg
    Free Member

    With all this phone hacking that has now come to light now that someone has looked at the evidence (why didn’t plod think of that?), I’m starting to understand why there has been such an explosion of super-injunctions.

    If all the shagger footballists and philandering MP’s can’t keep secrets, no wonder they resorted to the law to keep it out of the papers.

    Well, out of News International papers, at least.

    ScottChegg
    Free Member

    various ways to get information about Gordon Brown’s sick & dying children. How bloody callous is that, it isn’t like there was a public interest reason that we needed to know that his baby was going to die, they just wanted to sell newspapers on the back of it.

    Or GB’s wife could have told her best mates, Rebecca Wade (as was) and Elizabeth Murdoch.

    It seems a bit hypocritical to have cozied up to them so much when they were in Downing street, and now denounce them as Satan’s little helpers.

    I might be being cynical, but it seems like GB is using his children to get a sympathetic reaction; so how does he have the moral high ground?

    5lab
    Full Member

    there’s different levels of CLI. Some can be spoofed, some cant. I’ve actually got plenty of kit here at work which can send calls to anyone, with any CLI\ANI spoofed for the caller display – its really notveryhard to get hold of (just need a friendly carrier)

    Rockhopper
    Free Member

    Default pin for Orange is the last four digits of your phone number.

    uplink
    Free Member

    The chatting bit isn’t even necessary, just need two phones, call the number from phone 1, straight away call from phone 2 (which will go to voicemail), hang up phone 1. If it’s done quickly enough, the victim’s phone may not even ring. Even if it does, it’s too quick to answer.

    don’t even need two phones or the hackees to be engaged/off

    AFAIK all the networks have dedicated numbers to access voicemail from another phone
    O2 use 07802 090100 > your normal phone number > PIN
    That will take you straight to the voicemail of your mobile

Viewing 27 posts - 1 through 27 (of 27 total)

The topic ‘Mobile phone security – hacking’ is closed to new replies.