Why the mobile networks are to blame for phone “hacking”
Right now it’s impossible to switch on the radio or TV news without at least half of the bulletin being devoted to “phone hacking”. Alongside the genuine news reporting, there’s a lot of blame being dished out.
In particular, the newspapers and their staff are being lambasted for using dirty tricks, while the Metropolitan Police is being blamed for its ineffectual investigations.
Some people have argued that listening to someone else’s messages this way is no more ‘hacking’ than walking through an open door is trespassing, although I’m not sure I’d go that far
I wonder whether I’m alone in thinking that the real blame belongs elsewhere? As far as I can tell, the majority of these so-called “phone hacking” incidents involved calling the victim’s mobile from one phone and then, while you’re speaking to them (or while they are trying to figure out a silent call) you call their mobile again from a second line, so that this time you get put through to their voicemail. While listening to their greeting, you can press * (at least from most mobile networks), type in the person’s voicemail PIN, and happily listen to their messages.
The problem is that a lot of people, perhaps the majority of them, never change their PIN from the default number supplied by their network, so it’s pretty easy to listen to any messages they might have been stored on their voicemail. This is despite the fact that just about every phone manual and network website I’ve ever seen mentions that you ought to change your voicemail PIN immediately.
Some people have argued that listening to someone else’s messages this way is no more “hacking” than walking through an open door is trespassing, although I’m not sure I’d go that far. I think that mobile owners who didn’t change their PIN need to shoulder at least some of the blame if their phone gets hacked – but, for me, the biggest share of the blame ought to lie with the mobile networks themselves, because in these security-conscious times I don’t think there’s any place for the concept of a “default PIN”.
Imagine if your bank sent you a debit card that employed a default PIN until such time as you changed it – that isn’t even thinkable, is it? Well, the same should be true with the mobile networks – although most have now rectified their policies in the wake of this scandal to force people to set a new PIN when their voicemail is first set up.
The networks ought to hang their heads in shame for making it so easy for unscrupulous journalists to listen to other people’s messages.
I’ll leave you with this thought: it’s the “hacking” of murder victims, celebrities and politicians that we hear about in the news, but given that it really is this easy, just think about how much of it must go on in the world of corporate espionage.
If you work for a large corporation, perhaps as head of marketing or product strategy, just think about what might happen if your competitors got to hear what’s in your voicemail box. Doesn’t bear thinking about, does it?
This article originally appeared in the May 2011 edition of PC Pro and has been updated.