Hacking voice mails and stealing voice transmissions from cellular devices is easier than you think. And it doesn't affect just celebrities.
For skilled hackers, snatching information from your cell is a basic procedure. By using shady online services, it can take just a few steps to listen to that voice mail your friend, family member or work colleague left on your phone. And it's especially simple for them if you don't have a unique PIN number protecting your phone or voice mail.
The issue has been magnified by the scandal looming over the News Corp. media empire. Reporters and editors at News Corp.'s now-shuttered News of the World tabloid reportedly hacked cellphones for years in their quest for scoops about crime, celebrities and politicians. The issue has been magnified by the phone sleuthing scandal looming over the News Corp. media empire, owner of the shuttered News of the World. Reporters and editors at News of the World, the formerly popular U.K. tabloid, reportedly hacked cellphones for years in their quest for scoops about celebrities and politicians.
But average Midlanders need to realize that it can happen to them, too, consumer safety and digital security experts said.
According to a recent study by the online electronics seller and reviewer Retrevo, the people most likely to snoop on your cellphone are those closest to you — your mom, dad, friend or significant other.
In the survey, 47 percent of people under the age of 25 admitted to secretly checking phone information such as emails and call logs of the person they were dating. Also, 39 percent of mothers and 36 percent of fathers polled said that they've checked their children's voice mail without them knowing.
Clearly, special equipment or knowledge is not always needed.
Oftentimes, crooks use what are referred to as caller identification "spoofing" services to access voice mails on a certain phone number they're targeting. For a small fee, the online spoofing service can fool phones and service providers by disguising the caller identification information as if it were a call coming from the targeted phone. On some phones, the spoofed call goes straight to voice mail, and if there's no password, voilà!, instant voice mail access.
One way to tell if you've been "spoofed" is to check your recent call logs. If a call from your number is listed and doesn't correlate with the calls you've made, there could be a problem.
Another sign of an intruder tinkering with your cellphone is if voice mails are randomly deleted or moved to a different folder without your knowledge.
Regardless of who's doing the hacking or snooping, Craig Spiezle, executive director and president of the nonprofit Online Trust Alliance, said the ramifications of jeopardized cellphone privacy are "far-reaching."
"The issue is the somewhat rudimentary approach to cellphone security," Spiezle said. "There is somewhat a shared responsibility between that of the user and the service provider."
The Better Business Bureau office covering Nebraska, western Iowa and South Dakota advises, "Just because you're not a hot topic for the tabloids, don't assume that hackers might not be interested in sensitive information that might be stored on your phones."
Here are some points to understand to better keep voice mails and cellular data protected:
Install a unique PIN
First and most important, go into your phone and switch your voice mail security PIN to something other than the default "1234." Although that PIN makes it easy to use the phone while doing other things, a unique PIN creates another layer hackers must clear before they can start snooping on your calls.
Three major cell providers — AT&T, Sprint and T-Mobile — offer voice mail PIN protection but don't require it. Verizon, the largest cellular provider in Nebraska, does require a PIN.
AT&T spokesman Alexander Carey said the company "strongly urges" customers to use a voice mail password, but doesn't require it. "Customers have a choice to use a password when calling voice mail from their own mobile phone."
Spiezle said we all need to move from a simple four-digit code for passwords to an eight-digit alphanumeric code.
A 2010 Georgia Institute of Technology study advocated 12-digit passwords. Researchers were able to use a computer to crack eight-character passwords in less than two hours. But when they applied that same processing power to 12-character passwords, they found that it would take 17,134 years.
Beware of shared and social networks
Bluetooth, the short-range connection typically used for connecting wireless headsets or exchanging files, can take a bite out of security, too, according to the BBB. A Bluetooth connection can give hackers access to your device and information if it's left on when not in use.
The best rule of thumb here: If you're not using your Bluetooth, turn it off.
Also be cautious when using public Wi-Fi. Unsecure public networks can leave your cellular account vulnerable to harmful malware and spyware that can infect your phone, just as they can with computers. And don't open random, unidentified text messages when connected to a public network. Those can have a similar effect.
Finally, don't post your phone number publicly on social networks like Twitter and Facebook. You can share it with friends and people you trust, but if your phone number gets into the wrong hands, your number easily could be "spoofed."
Treat your phone like your wallet
Think of your phone as a computer or, better yet, a wallet. In the next half-decade, smartphones won't just carry contacts, apps, music and photos. They will also be used for buying items at stores, scheduling bill payments and doing most of your personal banking.
Some of that is already going on now, but as more financial institutions flock to your mobile device, consumers need to amp up their precautions and be careful what information they're sharing, said Jim Hegarty, president and chief executive of the Midlands BBB.
"The bottom line on smartphone use is that consumers often don't view them in the same precautionary way that they view their home or work computers," he said. "The time is now to begin exercising the same caution with these devices that most of us have been incorporating in our computer usage for years."
Bengt Horsma, vice president of mobile commerce solutions for payment processing giant First Data, which has major operations in Omaha, said people who use mobile banking should check their accounts regularly and immediately report any shady activity. He also suggested that consumers use the fraud alert services that are offered by many banks.
What are providers doing?
Spiezle said that even before the News Corp. scandal came to a head this month, some cell providers were moving to encrypt data and install higher security barriers, like locking out users after a number of failed attempts at entering passwords.
Those steps, he said, are good news for consumers. But as more sensitive information and applications move to mobile devices, and as hackers become more refined, even those procedures aren't going to net proper security.
Verizon, AT&T and Sprint all declined to disclose whether there are any new required security measures being discussed or considered.
"The ramifications of (the News Corp. phone hacking) are far-reaching," Spiezle said. "It underscores that any of our electronic data, voice mail or email can be exploited for nefarious purposes.
"What is troubling is this is not really much of a hack. It is more like leaving your front door open and bad actors taking advantage of the situation."
Contact the writer: