fbpx
Wikipedia

Phone hacking

January 01, 1970

This article is about the use of telephone technology to steal information. For the manipulation of telephone call routing, see Phreaking.

Phone hacking is the practice of exploring a mobile device, often using computer exploits to analyze everything from the lowest memory and CPU levels up to the highest file system and process levels. Modern open source tooling has become fairly sophisticated as to be able to "hook" into individual functions within any running app on an unlocked device and allow deep inspection and modification of its functions.

Phone hacking is a large branch of computer security that includes studying various situations exactly how attackers use security exploits to gain some level of access to a mobile device in a variety of situations and presumed access levels.

The term came to prominence during the News International phone hacking scandal, in which it was alleged (and in some cases proved in court) that the British tabloid newspaper the News of the World had been involved in the interception of voicemail messages of the British royal family, other public figures, and murdered schoolgirl Milly Dowler.[1]

Victims of phone hacking

Although any mobile phone users may be targeted, "for those who are famous, rich or powerful or whose prize is important enough (for whatever reason) to devote time and resources to make a concerted attack, it is usually more common, there are real risks to face."[2]

Techniques

Voicemail hacking

 
Phone hacking often involves unauthorized access to the voicemail of a mobile phone

The unauthorized remote access to voicemail systems, such as exposed by the News International phone hacking scandal, is possible because of weaknesses in the implementations of these systems by telephone companies.[3]

Mobile phone voicemail messages may be accessed on a landline telephone with the entry of a personal identification number (PIN).[4] Reporters for News International would call the number of an individual's mobile phone, wait to be moved to voicemail, and then guess the PIN, which was often set at a simple default such as 0000 or 1234.[5]

Even where the default PIN is not known, social engineering can be used to reset the voicemail PIN code to the default by impersonating the owner of the phone with a call to a call centre.[6][7] During the mid-2000s, calls originating from the handset registered to a voicemail account would be put straight through to voicemail without the need of a PIN. A hacker could use caller ID spoofing to impersonate a target's handset caller ID and thereby gain access to the associated voicemail without a PIN.[8][9][10]

Following controversies over phone hacking and criticism of mobile service providers who allowed access to voicemail without a PIN, many mobile phone companies have strengthened the default security of their systems so that remote access to voicemail messages and other phone settings can no longer be achieved even via a default PIN.[4] For example, AT&T announced in August 2011 that all new wireless subscribers would be required to enter a PIN when checking their voicemail, even when checking it from their own phones.[11] To encourage password strength, some companies now disallow the use of consecutive or repeat digits in voicemail PINs.[12]

Handsets

An analysis of user-selected PIN codes suggested that ten numbers represent 15% of all iPhone passcodes, with "1234" and "0000" being the most common, with years of birth and graduation also being common choices.[13] Even if a four-digit PIN is randomly selected, the key space is very small (  or 10,000 possibilities), making PINs significantly easier to brute force than most passwords; someone with physical access to a handset secured with a PIN can therefore feasibly determine the PIN in a short time.[14]

Mobile phone microphones can be activated remotely by security agencies or telephone companies, without any need for physical access, as long as the battery has not been removed.[15][16][17][18][19][20] This "roving bug" feature has been used by law enforcement agencies and intelligence services to listen in on nearby conversations.[21]

Other techniques for phone hacking include tricking a mobile phone user into downloading malware that monitors activity on the phone. Bluesnarfing is an unauthorized access to a phone via Bluetooth.[7][22]

Other

There are flaws in the implementation of the GSM encryption algorithm that allow passive interception.[23] The equipment needed is available to government agencies or can be built from freely available parts.[24]

In December 2011, German researcher Karsten Nohl revealed that it was possible to hack into mobile phone voice and text messages on many networks with free decryption software available on the Internet. He blamed the mobile phone companies for relying on outdated encryption techniques in the 2G system, and said that the problem could be fixed very easily.[25]

Legality

Phone hacking, being a form of surveillance, is illegal in many countries unless it is carried out as lawful interception by a government agency. In the News International phone hacking scandal, private investigator Glenn Mulcaire was found to have violated the Regulation of Investigatory Powers Act 2000. He was sentenced to six months in prison in January 2007.[26] Renewed controversy over the phone-hacking claims led to the closure of the News of the World in July 2011.[27]

In December 2010, the Truth in Caller ID Act was signed into United States law, making it illegal "to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value."[28][29]

See also

References

  1. ^ Davies, Nick; Hill, Amelia (4 July 2011). "Missing Milly Dowler's voicemail was hacked by News of the World". The Guardian. Retrieved 13 July 2011.
  2. ^ Wolfe, Henry B (December 2018). . mdigitalera.com. Vol. 1, no. 2. p. 3. Archived from the original on 2019-04-02. Retrieved 2018-12-12.
  3. ^ Rogers, David (7 July 2011). "Voicemail Hacking and the 'Phone Hacking' Scandal - How it Worked, Questions to be Asked and Improvements to be Made". Copper Horse Solutions. Retrieved 25 Jul 2012.
  4. ^ a b "Who, What, Why: Can Phone Hackers Still Access Messages?". BBC News. 6 July 2011.
  5. ^ Waterson, Jim (2021-07-10). "News of the World: 10 years since phone-hacking scandal brought down tabloid". The Guardian. ISSN 0261-3077. Retrieved 2023-05-08.
  6. ^ Voicemail hacking: How Easy Is It?, New Scientist, 6 July 2011
  7. ^ a b Milian, Mark (8 July 2011). "Phone Hacking Can Extend Beyond Voice Mail". CNN. Retrieved 9 July 2011.
  8. ^ Robert McMillan (25 August 2006). "Paris Hilton accused of voice-mail hacking". InfoWorld. Retrieved 14 June 2015.
  9. ^ Cell Phone Voicemail Easily Hacked, NBC News, 28 February 2005
  10. ^ Kevin Mitnick Shows How Easy It Is to Hack a Phone, interview with Kevin Mitnick, CNET, 7 July 2011
  11. ^ Soghoian, Christopher (9 August 2011). "Not an option: time for companies to embrace security by default". Ars Technica. Retrieved 25 July 2012.
  12. ^ Grubb, Ben (8 July 2011). "Vulnerable voicemail: telco-issued PINs insecure". The Sydney Morning Herald. Retrieved 9 July 2011.
  13. ^ Rooney, Ben (15 June 2011). "Once Again, 1234 Is Not A Good Password". The Wall Street Journal. Retrieved 8 July 2011.
  14. ^ Greenberg, Andy (27 Mar 2012). "Here's How Law Enforcement Cracks Your iPhone's Security Code". Forbes.com. Retrieved 25 Jul 2012.
  15. ^ Schneier, Bruce (December 5, 2006). "Remotely Eavesdropping on Cell Phone Microphones". Schneier On Security. Retrieved 13 December 2009.
  16. ^ McCullagh, Declan; Anne Broache (December 1, 2006). . CNet News. Archived from the original on November 10, 2013. Retrieved 2009-03-14.
  17. ^ Odell, Mark (August 1, 2005). "Use of mobile helped police keep tabs on suspect". Financial Times. Retrieved 2009-03-14.
  18. ^ "Telephones". Western Regional Security Office (NOAA official site). 2001. Retrieved 2009-03-22.
  19. ^ . ABC News: The Blotter. Archived from the original on 25 August 2011. Retrieved 13 December 2009.
  20. ^ Lewis Page (2007-06-26). . The Register. Archived from the original on 2013-11-03. Retrieved 2010-05-01.
  21. ^ Brian Wheeler (2004-03-02). "This goes no further..." BBC News Online Magazine. Retrieved 2008-06-23.
  22. ^ How easy is it to hack a mobile?, BBC News, 7 September 2010
  23. ^ Jansen, Wayne; Scarfone, Karen (October 2008). "Guidelines on Cell Phone and PDA Security" (PDF). National Institute of Standards and Technology. doi:10.6028/NIST.SP.800-124. Retrieved 25 Jul 2012. {{cite journal}}: Cite journal requires |journal= (help)
  24. ^ McMillan, Robert. . IDG News Service. Archived from the original on 2012-01-20. Retrieved 2011-07-24.
  25. ^ O'Brien, Kevin J. (25 December 2011). "Lax Security Exposes Voice Mail to Hacking, Study Says". The New York Times. Retrieved 28 December 2011.
  26. ^ "Pair jailed over royal phone taps ", BBC News, 26 January 2007
  27. ^ News of the World to close amid hacking scandal, BBC News, 7 July 2011
  28. ^ Truth in Caller ID Act of 2010, December 22, 2010, accessed 7 July 2017
  29. ^ [1] 2017-10-17 at the Wayback Machine, 29 September 2017

External links

  • Phone hacking collected news and commentary at The Guardian
  • US Today Has someone hacked your webcam, March 2 2018
  • Timeline: News of the World phone-hacking row, BBC News, 5 July 2011
  • Full Q&A On The Phone Hacking Scandal, Sky News, 5 July 2011
  • Anatomy of the Phone-Hacking Scandal, The New York Times, 1 September 2010
  • The Rise of Caller ID Spoofing, The Wall Street Journal, 5 February 2010
  • Phone hacking: Are you safe?, Rory Cellan-Jones, BBC News, 12 July 2011
  • Should you cover your phone camera, BUSTLE Feb 16 2018

January 01, 1970
phone, hacking, this, article, about, telephone, technology, steal, information, manipulation, telephone, call, routing, phreaking, practice, exploring, mobile, device, often, using, computer, exploits, analyze, everything, from, lowest, memory, levels, highes. This article is about the use of telephone technology to steal information For the manipulation of telephone call routing see Phreaking Phone hacking is the practice of exploring a mobile device often using computer exploits to analyze everything from the lowest memory and CPU levels up to the highest file system and process levels Modern open source tooling has become fairly sophisticated as to be able to hook into individual functions within any running app on an unlocked device and allow deep inspection and modification of its functions Phone hacking is a large branch of computer security that includes studying various situations exactly how attackers use security exploits to gain some level of access to a mobile device in a variety of situations and presumed access levels The term came to prominence during the News International phone hacking scandal in which it was alleged and in some cases proved in court that the British tabloid newspaper the News of the World had been involved in the interception of voicemail messages of the British royal family other public figures and murdered schoolgirl Milly Dowler 1 Contents 1 Victims of phone hacking 2 Techniques 2 1 Voicemail hacking 2 2 Handsets 2 3 Other 3 Legality 4 See also 5 References 6 External linksVictims of phone hackingAlthough any mobile phone users may be targeted for those who are famous rich or powerful or whose prize is important enough for whatever reason to devote time and resources to make a concerted attack it is usually more common there are real risks to face 2 TechniquesVoicemail hacking nbsp Phone hacking often involves unauthorized access to the voicemail of a mobile phone The unauthorized remote access to voicemail systems such as exposed by the News International phone hacking scandal is possible because of weaknesses in the implementations of these systems by telephone companies 3 Mobile phone voicemail messages may be accessed on a landline telephone with the entry of a personal identification number PIN 4 Reporters for News International would call the number of an individual s mobile phone wait to be moved to voicemail and then guess the PIN which was often set at a simple default such as 0000 or 1234 5 Even where the default PIN is not known social engineering can be used to reset the voicemail PIN code to the default by impersonating the owner of the phone with a call to a call centre 6 7 During the mid 2000s calls originating from the handset registered to a voicemail account would be put straight through to voicemail without the need of a PIN A hacker could use caller ID spoofing to impersonate a target s handset caller ID and thereby gain access to the associated voicemail without a PIN 8 9 10 Following controversies over phone hacking and criticism of mobile service providers who allowed access to voicemail without a PIN many mobile phone companies have strengthened the default security of their systems so that remote access to voicemail messages and other phone settings can no longer be achieved even via a default PIN 4 For example AT amp T announced in August 2011 that all new wireless subscribers would be required to enter a PIN when checking their voicemail even when checking it from their own phones 11 To encourage password strength some companies now disallow the use of consecutive or repeat digits in voicemail PINs 12 Handsets An analysis of user selected PIN codes suggested that ten numbers represent 15 of all iPhone passcodes with 1234 and 0000 being the most common with years of birth and graduation also being common choices 13 Even if a four digit PIN is randomly selected the key space is very small 10 4 displaystyle 10 4 nbsp or 10 000 possibilities making PINs significantly easier to brute force than most passwords someone with physical access to a handset secured with a PIN can therefore feasibly determine the PIN in a short time 14 Mobile phone microphones can be activated remotely by security agencies or telephone companies without any need for physical access as long as the battery has not been removed 15 16 17 18 19 20 This roving bug feature has been used by law enforcement agencies and intelligence services to listen in on nearby conversations 21 Other techniques for phone hacking include tricking a mobile phone user into downloading malware that monitors activity on the phone Bluesnarfing is an unauthorized access to a phone via Bluetooth 7 22 Other There are flaws in the implementation of the GSM encryption algorithm that allow passive interception 23 The equipment needed is available to government agencies or can be built from freely available parts 24 In December 2011 German researcher Karsten Nohl revealed that it was possible to hack into mobile phone voice and text messages on many networks with free decryption software available on the Internet He blamed the mobile phone companies for relying on outdated encryption techniques in the 2G system and said that the problem could be fixed very easily 25 LegalityPhone hacking being a form of surveillance is illegal in many countries unless it is carried out as lawful interception by a government agency In the News International phone hacking scandal private investigator Glenn Mulcaire was found to have violated the Regulation of Investigatory Powers Act 2000 He was sentenced to six months in prison in January 2007 26 Renewed controversy over the phone hacking claims led to the closure of the News of the World in July 2011 27 In December 2010 the Truth in Caller ID Act was signed into United States law making it illegal to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud cause harm or wrongfully obtain anything of value 28 29 See also nbsp Telephones portal Mobile security Operation Weeting Phreaking Wiretapping Vault 7 SIM swap scamReferences Davies Nick Hill Amelia 4 July 2011 Missing Milly Dowler s voicemail was hacked by News of the World The Guardian Retrieved 13 July 2011 Wolfe Henry B December 2018 Secure Mobile From Hackers mdigitalera com Vol 1 no 2 p 3 Archived from the original on 2019 04 02 Retrieved 2018 12 12 Rogers David 7 July 2011 Voicemail Hacking and the Phone Hacking Scandal How it Worked Questions to be Asked and Improvements to be Made Copper Horse Solutions Retrieved 25 Jul 2012 a b Who What Why Can Phone Hackers Still Access Messages BBC News 6 July 2011 Waterson Jim 2021 07 10 News of the World 10 years since phone hacking scandal brought down tabloid The Guardian ISSN 0261 3077 Retrieved 2023 05 08 Voicemail hacking How Easy Is It New Scientist 6 July 2011 a b Milian Mark 8 July 2011 Phone Hacking Can Extend Beyond Voice Mail CNN Retrieved 9 July 2011 Robert McMillan 25 August 2006 Paris Hilton accused of voice mail hacking InfoWorld Retrieved 14 June 2015 Cell Phone Voicemail Easily Hacked NBC News 28 February 2005 Kevin Mitnick Shows How Easy It Is to Hack a Phone interview with Kevin Mitnick CNET 7 July 2011 Soghoian Christopher 9 August 2011 Not an option time for companies to embrace security by default Ars Technica Retrieved 25 July 2012 Grubb Ben 8 July 2011 Vulnerable voicemail telco issued PINs insecure The Sydney Morning Herald Retrieved 9 July 2011 Rooney Ben 15 June 2011 Once Again 1234 Is Not A Good Password The Wall Street Journal Retrieved 8 July 2011 Greenberg Andy 27 Mar 2012 Here s How Law Enforcement Cracks Your iPhone s Security Code Forbes com Retrieved 25 Jul 2012 Schneier Bruce December 5 2006 Remotely Eavesdropping on Cell Phone Microphones Schneier On Security Retrieved 13 December 2009 McCullagh Declan Anne Broache December 1 2006 FBI taps cell phone mic as eavesdropping tool CNet News Archived from the original on November 10 2013 Retrieved 2009 03 14 Odell Mark August 1 2005 Use of mobile helped police keep tabs on suspect Financial Times Retrieved 2009 03 14 Telephones Western Regional Security Office NOAA official site 2001 Retrieved 2009 03 22 Can You Hear Me Now ABC News The Blotter Archived from the original on 25 August 2011 Retrieved 13 December 2009 Lewis Page 2007 06 26 Cell hack geek stalks pretty blonde shocker The Register Archived from the original on 2013 11 03 Retrieved 2010 05 01 Brian Wheeler 2004 03 02 This goes no further BBC News Online Magazine Retrieved 2008 06 23 How easy is it to hack a mobile BBC News 7 September 2010 Jansen Wayne Scarfone Karen October 2008 Guidelines on Cell Phone and PDA Security PDF National Institute of Standards and Technology doi 10 6028 NIST SP 800 124 Retrieved 25 Jul 2012 a href Template Cite journal html title Template Cite journal cite journal a Cite journal requires journal help McMillan Robert Hackers Show It s Easy to Snoop on a GSM Call IDG News Service Archived from the original on 2012 01 20 Retrieved 2011 07 24 O Brien Kevin J 25 December 2011 Lax Security Exposes Voice Mail to Hacking Study Says The New York Times Retrieved 28 December 2011 Pair jailed over royal phone taps BBC News 26 January 2007 News of the World to close amid hacking scandal BBC News 7 July 2011 Truth in Caller ID Act of 2010 December 22 2010 accessed 7 July 2017 1 Archived 2017 10 17 at the Wayback Machine 29 September 2017External linksPhone hacking collected news and commentary at The Guardian US Today Has someone hacked your webcam March 2 2018 Timeline News of the World phone hacking row BBC News 5 July 2011 Full Q amp A On The Phone Hacking Scandal Sky News 5 July 2011 Anatomy of the Phone Hacking Scandal The New York Times 1 September 2010 The Rise of Caller ID Spoofing The Wall Street Journal 5 February 2010 Phone hacking Are you safe Rory Cellan Jones BBC News 12 July 2011 Should you cover your phone camera BUSTLE Feb 16 2018 Retrieved from https en wikipedia org w index php title Phone hacking amp oldid 1213030018, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.