MegaSack DRAW - This year's winner is user - rgwb
We will be in touch
Just listening to yet another exhaustive discussion of who knew what when on the radio, and it occurs to me that after weeks and weeks of this stuff building up I've not yet heard or read one feature about the security of mobiles.
How easy is it to hack a phone, are more recent models/services any better than they were a few years ago, and what can you do to make sure your messages are secure (presumably this is something for the providers to be looking at)?
Phones weren't "hacked". What was generally happening was that the baddies were exploiting a feature of the voicemail systems - the ability to dial into a voicemail from any phone, enter a PIN and get access to the messages. This feature allows people to listen to their messages even if they don't have their mobile with them.
At the time, most/all networks had a default PIN, which few people bothered to change. To listen to someone elses voicemail involved calling their mobile, waiting for it to divert to the voicemail then entering the PIN. Given most PINs were 0000, or 3333, or whatever was default for that network, it wasn't difficult to get access.
Since then a couple of things have changed:
- Networks no longer have default PINs - every one is different
- Some networks only allow you to change the PIN after calling from your own mobile, rather than allowing you to change it when dialling in from another phone.
- Some networks monitor attempts to access the mailbox remotely, and lock access if they detect failed remote access attempts.
It has nothing to do with the make of phone - voicemail is kept within the network (hey, it's a cloud service! Before the term was even invented!), not on the phone. (Exceptions to this are 3rd party voicemail services that may also send the voicemail to the handset in the form of an MP3 - e.g. Hullomail).
(Hope that all makes sense... I do this stuff for a living)
As I understand it the hacking is an issue with the network, not the handset as voice messages are not held in the handset (you can't get pick up voicemails if you don't have network coverage).
IIRC You used to be able to to access your mobile voicemeils from a landline if you knew the mobile number and an associated code number and a PIN. Not sure if you can still do this.
As it's a network issue I suspect that there will be/will have been in the past folks somewhere working for one or some or all networks that might be persuaded to swop "useful" info for, say, a wedge of cash.
EDIT
Too slow
(Hope that all makes sense... I do this stuff for a living
Phone hacking?
Most voicemails authenticate you by caller-ID. i.e. when you phone the voicemail from your mobile, it sends your number down the line as the authentication.
This can be spoofed. So you impersonate the intended target.
By knowing their mobile number, you can then find out what operator they use (Virgin, O2, Orange, etc) - who all have their own voicemail number to ring. 901 on your mobile is a shortcut for a +44 number, often a mobile number owned by the carrier +00447....
Also, when voicemail systems have their own security pin enforced - how many people actually change from the default? 0000, 1111, 1234, etc.
( Too slow for me too! Doh! )
So is the next revelation going to be skulduggery by someone working for one of the networks?
Hard to imagine the the Royals wouldn't have reset their pin numbers (or rather had them reset for them).
(Hope that all makes sense... I do this stuff for a livingPhone hacking?
Shhhhh!
Most voicemails authenticate you by caller-ID. i.e. when you phone the voicemail from your mobile, it sends your number down the line as the authentication.This can be spoofed. So you impersonate the intended target.
I don't think this work (95% sure but willing to be corrected). CLI is applied within the network for mobile originated calls, as the mobile doesn't actually know its own phone number (strange but true, all the comms/paging uses another number, IMSI). So for a mobile dialling into voicemail (e.g. on Voda, 121) the phone number is applied in the network (at the MSC?) before the call is routed to the voicemail boxes.
Thing is, they didn't need to spoof CLI. It was far easier than that.
By knowing their mobile number, you can then find out what operator they use
not any longer as numbers are transferrable. I have an O2 number but I'm on T-Mobile. A higher level of security can be achieved by disabling voicemail 🙂
Since it was/ is so easy, and so common as a practice within NOTW, I am finding it hard to believe that other newspapers didn't adopt similar practices?
As I understand it it went like this:
Journo A calls victim on their mobile, keeps them chatting
Journo B then calls victim, it's busy so goes straight to voicemail, by pressing * you then go to voicemail menu and are prompted for the password, since hardly anyone changes theirs it will be set as the default for the network, so will be 0000, 1234 or whatever. There are only a handful of networks so won't take long to try all the defaults.
I don't think this work (95% sure but willing to be corrected). CLI is applied within the network for mobile originated calls, as the mobile doesn't actually know its own phone number (strange but true, all the comms/paging uses another number, IMSI). So for a mobile dialling into voicemail (e.g. on Voda, 121) the phone number is applied in the network (at the MSC?) before the call is routed to the voicemail boxes.
Quite Correct there Beej....
Apart from the fact they use a TMSI, not the IMSI..
A new one is generated each time you ake a call IIRC.
Since then a couple of things have changed:- Networks no longer have default PINs - every one is different
Networks certainly do still have default PINs.
Most voicemails authenticate you by caller-ID. i.e. when you phone the voicemail from your mobile, it sends your number down the line as the authentication.This can be spoofed. So you impersonate the intended target.
I don't think this work (95% sure but willing to be corrected).
I think CLI spoofing can and does indeed work (on some networks).
Wot midlifecrashes said.
Since it was/ is so easy, and so common as a practice within NOTW, I am finding it hard to believe that other newspapers didn't adopt similar practices?
Understatement of the century.
A mate's ex-gf did this to him - he wondered how she was always 'coincidentally' bumping into him when he was out on the town after they split up...
She was known as psycho-bird though.
Journo A calls victim on their mobile, keeps them chatting
Journo B then calls victim, it's busy so goes straight to voicemail
The chatting bit isn't even necessary, just need two phones, call the number from phone 1, straight away call from phone 2 (which will go to voicemail), hang up phone 1. If it's done quickly enough, the victim's phone may not even ring. Even if it does, it's too quick to answer.
With smartphones, it can get even more interesting. For example, there are SMS proxys out there that sit between the phone's main OS and the firmware. Might be tricky to get the malware on the phone, but once it's there, it's completely stealthy.
And there's many many more tricks once you start talking about smartphone/netbook/wifi connections.
Since it was/ is so easy, and so common as a practice within NOTW, I am finding it hard to believe that other newspapers didn't adopt similar practices?
Well, the Sun & Sunday Times both apparently blagged information in various ways to get information about Gordon Brown's sick & dying children. How bloody callous is that, it isn't like there was a public interest reason that we needed to know that his baby was going to die, they just wanted to sell newspapers on the back of it.
So it at least is all of the Murdoch newspapers that are up to this kind of illegal shenanigans, not just NOTW.
Oh and in the USA at least, you can spoof caller ID, and use that to make it seem like the person is calling the voicemail from their own phone, which means it won't ask you for a PIN even.
http://www.nata2.org/2006/09/24/hacking-voicemail-with-asterisk-and-caller-id-spoofing/
Networks certainly do still have default PINs
Voda doesn't (I guess old customers might still have one? Not sure)
[url= http://help.vodafone.co.uk/system/selfservice.controller?CMD=VIEW_ARTICLE&PARTITION_ID=1&CONFIGURATION=1000&ARTICLE_ID=246741&CURRENT_CMD=BROWSE_TOPIC&SIDE_LINK_TOPIC_ID=1017&SIDE_LINK_SUB_TOPIC_ID=1115&SIDE_LINK_TOPIC_INDEX=null&SIDE_LINK_SUB_TOPIC_INDEX=null ]Voda Help Centre[/url]
TeetoS - ah yes, the TIMSI... the days of my GSM/3G courses are waaaaay behind me!
O2 still have a default PIN but force you to change it on first access. If your account is subsequently locked then they send you a temporary PIN via SMS and force you to change that when you next dial in.
Tesco obviously have the same as O2.
With all this phone hacking that has now come to light now that someone has looked at the evidence (why didn't plod think of that?), I'm starting to understand why there has been such an explosion of super-injunctions.
If all the shagger footballists and philandering MP's can't keep secrets, no wonder they resorted to the law to keep it out of the papers.
Well, out of News International papers, at least.
various ways to get information about Gordon Brown's sick & dying children. How bloody callous is that, it isn't like there was a public interest reason that we needed to know that his baby was going to die, they just wanted to sell newspapers on the back of it.
Or GB's wife could have told her best mates, Rebecca Wade (as was) and Elizabeth Murdoch.
It seems a bit hypocritical to have cozied up to them so much when they were in Downing street, and now denounce them as Satan's little helpers.
I might be being cynical, but it seems like GB is using his children to get a sympathetic reaction; so how does he have the moral high ground?
there's different levels of CLI. Some can be spoofed, some cant. I've actually got plenty of kit here at work which can send calls to anyone, with any CLI\ANI spoofed for the caller display - its really notveryhard to get hold of (just need a friendly carrier)
Default pin for Orange is the last four digits of your phone number.
The chatting bit isn't even necessary, just need two phones, call the number from phone 1, straight away call from phone 2 (which will go to voicemail), hang up phone 1. If it's done quickly enough, the victim's phone may not even ring. Even if it does, it's too quick to answer.
don't even need two phones or the hackees to be engaged/off
AFAIK all the networks have dedicated numbers to access voicemail from another phone
O2 use 07802 090100 > your normal phone number > PIN
That will take you straight to the voicemail of your mobile