- This topic has 26 replies, 20 voices, and was last updated 12 years ago by uplink.
-
Mobile phone security – hacking
-
rightplacerighttimeFree Member
Just listening to yet another exhaustive discussion of who knew what when on the radio, and it occurs to me that after weeks and weeks of this stuff building up I’ve not yet heard or read one feature about the security of mobiles.
How easy is it to hack a phone, are more recent models/services any better than they were a few years ago, and what can you do to make sure your messages are secure (presumably this is something for the providers to be looking at)?
beejFull MemberPhones weren’t “hacked”. What was generally happening was that the baddies were exploiting a feature of the voicemail systems – the ability to dial into a voicemail from any phone, enter a PIN and get access to the messages. This feature allows people to listen to their messages even if they don’t have their mobile with them.
At the time, most/all networks had a default PIN, which few people bothered to change. To listen to someone elses voicemail involved calling their mobile, waiting for it to divert to the voicemail then entering the PIN. Given most PINs were 0000, or 3333, or whatever was default for that network, it wasn’t difficult to get access.
Since then a couple of things have changed:
– Networks no longer have default PINs – every one is different
– Some networks only allow you to change the PIN after calling from your own mobile, rather than allowing you to change it when dialling in from another phone.
– Some networks monitor attempts to access the mailbox remotely, and lock access if they detect failed remote access attempts.It has nothing to do with the make of phone – voicemail is kept within the network (hey, it’s a cloud service! Before the term was even invented!), not on the phone. (Exceptions to this are 3rd party voicemail services that may also send the voicemail to the handset in the form of an MP3 – e.g. Hullomail).
(Hope that all makes sense… I do this stuff for a living)
wombatFull MemberAs I understand it the hacking is an issue with the network, not the handset as voice messages are not held in the handset (you can’t get pick up voicemails if you don’t have network coverage).
IIRC You used to be able to to access your mobile voicemeils from a landline if you knew the mobile number and an associated code number and a PIN. Not sure if you can still do this.
As it’s a network issue I suspect that there will be/will have been in the past folks somewhere working for one or some or all networks that might be persuaded to swop “useful” info for, say, a wedge of cash.
EDIT
Too slow
Fresh Goods Friday 696: The Middling Edition
Latest Singletrack VideosFresh Goods Friday 696: The Middlin...bruneepFull Member(Hope that all makes sense… I do this stuff for a living
Phone hacking?
xiphonFree MemberMost voicemails authenticate you by caller-ID. i.e. when you phone the voicemail from your mobile, it sends your number down the line as the authentication.
This can be spoofed. So you impersonate the intended target.
By knowing their mobile number, you can then find out what operator they use (Virgin, O2, Orange, etc) – who all have their own voicemail number to ring. 901 on your mobile is a shortcut for a +44 number, often a mobile number owned by the carrier +00447….
Also, when voicemail systems have their own security pin enforced – how many people actually change from the default? 0000, 1111, 1234, etc.
( Too slow for me too! Doh! )
rightplacerighttimeFree MemberSo is the next revelation going to be skulduggery by someone working for one of the networks?
Hard to imagine the the Royals wouldn’t have reset their pin numbers (or rather had them reset for them).
beejFull Member(Hope that all makes sense… I do this stuff for a living
Phone hacking?
Shhhhh!
beejFull MemberMost voicemails authenticate you by caller-ID. i.e. when you phone the voicemail from your mobile, it sends your number down the line as the authentication.
This can be spoofed. So you impersonate the intended target.
I don’t think this work (95% sure but willing to be corrected). CLI is applied within the network for mobile originated calls, as the mobile doesn’t actually know its own phone number (strange but true, all the comms/paging uses another number, IMSI). So for a mobile dialling into voicemail (e.g. on Voda, 121) the phone number is applied in the network (at the MSC?) before the call is routed to the voicemail boxes.
Thing is, they didn’t need to spoof CLI. It was far easier than that.
simonfbarnesFree MemberBy knowing their mobile number, you can then find out what operator they use
not any longer as numbers are transferrable. I have an O2 number but I’m on T-Mobile. A higher level of security can be achieved by disabling voicemail 🙂
buffalobillFree MemberSince it was/ is so easy, and so common as a practice within NOTW, I am finding it hard to believe that other newspapers didn’t adopt similar practices?
midlifecrashesFull MemberAs I understand it it went like this:
Journo A calls victim on their mobile, keeps them chatting
Journo B then calls victim, it’s busy so goes straight to voicemail, by pressing * you then go to voicemail menu and are prompted for the password, since hardly anyone changes theirs it will be set as the default for the network, so will be 0000, 1234 or whatever. There are only a handful of networks so won’t take long to try all the defaults.TeetosugarsFree MemberI don’t think this work (95% sure but willing to be corrected). CLI is applied within the network for mobile originated calls, as the mobile doesn’t actually know its own phone number (strange but true, all the comms/paging uses another number, IMSI). So for a mobile dialling into voicemail (e.g. on Voda, 121) the phone number is applied in the network (at the MSC?) before the call is routed to the voicemail boxes.
Quite Correct there Beej….
Apart from the fact they use a TMSI, not the IMSI..
A new one is generated each time you ake a call IIRC.
dooosukFree MemberSince then a couple of things have changed:
– Networks no longer have default PINs – every one is different
Networks certainly do still have default PINs.
Most voicemails authenticate you by caller-ID. i.e. when you phone the voicemail from your mobile, it sends your number down the line as the authentication.
This can be spoofed. So you impersonate the intended target.
I don’t think this work (95% sure but willing to be corrected).
I think CLI spoofing can and does indeed work (on some networks).
toys19Free MemberSince it was/ is so easy, and so common as a practice within NOTW, I am finding it hard to believe that other newspapers didn’t adopt similar practices?
Understatement of the century.
clubberFree MemberA mate’s ex-gf did this to him – he wondered how she was always ‘coincidentally’ bumping into him when he was out on the town after they split up…
She was known as psycho-bird though.
simon_gFull MemberJourno A calls victim on their mobile, keeps them chatting
Journo B then calls victim, it’s busy so goes straight to voicemailThe chatting bit isn’t even necessary, just need two phones, call the number from phone 1, straight away call from phone 2 (which will go to voicemail), hang up phone 1. If it’s done quickly enough, the victim’s phone may not even ring. Even if it does, it’s too quick to answer.
andytherocketeerFull MemberWith smartphones, it can get even more interesting. For example, there are SMS proxys out there that sit between the phone’s main OS and the firmware. Might be tricky to get the malware on the phone, but once it’s there, it’s completely stealthy.
And there’s many many more tricks once you start talking about smartphone/netbook/wifi connections.joemarshallFree MemberSince it was/ is so easy, and so common as a practice within NOTW, I am finding it hard to believe that other newspapers didn’t adopt similar practices?
Well, the Sun & Sunday Times both apparently blagged information in various ways to get information about Gordon Brown’s sick & dying children. How bloody callous is that, it isn’t like there was a public interest reason that we needed to know that his baby was going to die, they just wanted to sell newspapers on the back of it.
So it at least is all of the Murdoch newspapers that are up to this kind of illegal shenanigans, not just NOTW.
joemarshallFree MemberOh and in the USA at least, you can spoof caller ID, and use that to make it seem like the person is calling the voicemail from their own phone, which means it won’t ask you for a PIN even.
http://www.nata2.org/2006/09/24/hacking-voicemail-with-asterisk-and-caller-id-spoofing/
beejFull MemberNetworks certainly do still have default PINs
Voda doesn’t (I guess old customers might still have one? Not sure)
TeetoS – ah yes, the TIMSI… the days of my GSM/3G courses are waaaaay behind me!
dooosukFree MemberO2 still have a default PIN but force you to change it on first access. If your account is subsequently locked then they send you a temporary PIN via SMS and force you to change that when you next dial in.
Tesco obviously have the same as O2.
ScottCheggFree MemberWith all this phone hacking that has now come to light now that someone has looked at the evidence (why didn’t plod think of that?), I’m starting to understand why there has been such an explosion of super-injunctions.
If all the shagger footballists and philandering MP’s can’t keep secrets, no wonder they resorted to the law to keep it out of the papers.
Well, out of News International papers, at least.
ScottCheggFree Membervarious ways to get information about Gordon Brown’s sick & dying children. How bloody callous is that, it isn’t like there was a public interest reason that we needed to know that his baby was going to die, they just wanted to sell newspapers on the back of it.
Or GB’s wife could have told her best mates, Rebecca Wade (as was) and Elizabeth Murdoch.
It seems a bit hypocritical to have cozied up to them so much when they were in Downing street, and now denounce them as Satan’s little helpers.
I might be being cynical, but it seems like GB is using his children to get a sympathetic reaction; so how does he have the moral high ground?
5labFull Memberthere’s different levels of CLI. Some can be spoofed, some cant. I’ve actually got plenty of kit here at work which can send calls to anyone, with any CLI\ANI spoofed for the caller display – its really notveryhard to get hold of (just need a friendly carrier)
RockhopperFree MemberDefault pin for Orange is the last four digits of your phone number.
uplinkFree MemberThe chatting bit isn’t even necessary, just need two phones, call the number from phone 1, straight away call from phone 2 (which will go to voicemail), hang up phone 1. If it’s done quickly enough, the victim’s phone may not even ring. Even if it does, it’s too quick to answer.
don’t even need two phones or the hackees to be engaged/off
AFAIK all the networks have dedicated numbers to access voicemail from another phone
O2 use 07802 090100 > your normal phone number > PIN
That will take you straight to the voicemail of your mobile
The topic ‘Mobile phone security – hacking’ is closed to new replies.