Skip to main content

Phone hacking can extend beyond voice mail

Mark Milian
News Corp.'s James Murdoch announced the closing of the tabloid News of the World after a phone-hacking scandal.
News Corp.'s James Murdoch announced the closing of the tabloid News of the World after a phone-hacking scandal.
  • The phone hacking tactics that brought down the News of the World tabloid were low tech
  • The reporters were believed to have tricked customer service people into providing info
  • Security experts say the growth of smartphones will lead to more sophisticated breaches
  • Many companies offer mobile security software to help protect against malware on phones

(CNN) -- While the phone hacking by British tabloid News of the World was unexceptional by technical standards, security experts say the scandal portends how the growth of smartphones will lead to more sophisticated breaches.

The tactics that tabloid reporters used to eavesdrop on high-profile British targets -- and eventually led News Corp. to announce Thursday it is killing the 167-year-old publication -- were remarkably low tech.

Former News of the World staffers say that reporters employed tricks to access voice-mail inboxes and procure a great deal of information from British celebrities and the royal family. Experts say that to obtain the PIN codes needed to access those accounts, the reporters used an illegal method known as pretexting.

This tactic involves calling, say, a customer-service representative for a cell-phone operator and impersonating someone to get details about that person's account. In many places, such as the United Kingdom and the United States, such practices are now prohibited.

Pretexting used to be a vital tool for freelance investigators, said Frank Ahearn, a former detective who does consulting on how to avoid detection, in an interview with CNN last year. "I could still do it, but I just don't, because it's illegal now," he said.

Victims notified of phone hackings
UK phone hacking scandal widens
Famed News of the World covers
Rupert Murdoch's media empire

News of the World appears to have exploited a mechanism in mobile-phone carriers' systems that allows people to access voice-mail messages remotely, from any phone, experts say.

The episodes followed an even more primitive breach in the 1990s when the Sun, another British tabloid, published recordings of royal family members' phone conversations. Among the revelations: James Gilbey, a close friend of Princess Diana's, frequently referred to her affectionately as "Squidgy."

Those unsecured mobile communications, in the days of analog transmissions, were easily tapped by amateur ham-radio operators as well.

Security on smartphones

Squidgygate aside, the migration to more advanced cell phones in recent years has facilitated more sophisticated intrusions. Smartphones have become the dominant type of mobile device bought in the U.S., according to Nielsen, and are growing rapidly worldwide.

With these pocket computers, intruders have myriad more entry points available to them.

Two of the most common, security analysts say, involve tricking a phone user into installing poison applications or opening malicious links in their Web browsers. Attacks using the latter method are becoming ever more sophisticated because software makers provide few safeguards against them.

With the proliferation of curated app stores, scammers are finding it difficult to sneak their virus-laden software onto people's phones undetected. Apple and many others, not including Google's Android, vet apps before making them available online.

Software providers also maintain a "kill switch" that allows them to delete problem programs remotely from customers' phones after they've taken root. And some carriers, such as AT&T, have required that customers only install Android apps from trusted storefronts.

Security researchers have long warned that cell phones are poised to be the next frontier for cyber attack.

"It's always been a concern," said John Walls, a spokesman for industry group CTIA Wireless. "That's why, No. 1, the carriers do invest a vast amount of resources to provide security within their own networks."

For example, operators have increased the security measures in place to block junk text messages before they reach a recipient's handset, Walls said.

Cell phones are "built with at least some form of protection engineered from the beginning, which was not the case with PCs," said Horace Dediu, who runs a Helsinki, Finland, mobile consulting firm called Asymco.

But those protections have, in some cases, bred a false sense of security, Dediu said.

"People feel safer with these things," he said. "You can see that psychologic attacks (convincing someone to install a malicious app, for example) are always going to be possible."

Pretexting is ultimately about social engineering, Walls said. And telecoms increasingly train customer-service workers to follow strict guidelines to keep information from falling into the wrong hands, he said.

Convincing phone users to click a strange link or install an app that steals their data is also a form of social manipulation. And a relatively easy one at that, researchers say.

How to protect yourself

But the mobile security apocalypse that has long been forecasted hasn't come.

So far, mobile attacks have most often attempted to trick people into sending expensive text messages or making pricey phone calls to 900 numbers, because those ruses are the simplest and most lucrative, experts say.

When it comes to stealing personal information, cyberthieves prefer to grab reams of private data from corporate servers, such as the recent attacks on Sony, experts say.

Some security firms are working on software to protect smartphones. AnchorFree, for example, is building a program that remotely shields Apple customers from problems.

Eugene Lapidous, AnchorFree's chief architect, said in a recent interview that "iPhone doesn't protect itself. So we have to provide some intermediary service in the cloud."

If you regularly download apps or media files, or access shared Wi-Fi networks via your phone, CNN mobile columnist Amy Gahran says it's a good idea to purchase a mobile security package.

Many mobile security packages are available for $20-$30 upfront, plus about the same amount per year. recently published a comparison chart of 10 leading mobile security services for consumers.

But security software for phones so far has mostly been an underserved and largely undesired market.

While many more safeguards are in place for phones, the checklist for protecting oneself sounds similar to the handouts many corporate information-technology departments give to employees: Don't lend your equipment out; don't install suspicious programs; use common sense.

"We urge people, just like you would on a computer: Be wary of addresses or communications with which you're not familiar," Walls said. "It sounds simple."

It is. But as unscrupulous reporters have shown, some phones can be fairly easy to crack.

Part of complete coverage on
Phone hacking: How scandal unfolded
Damaging allegations over phone hacking are continuing to mount against Rupert Murdoch's media empire.
Who is Wendi Deng?
It's the slap that's been heard around the world: Wendi Deng Murdoch putting herself between her husband Rupert Murdoch and a protester armed with a shaving cream pie.
Hacking scandal gets global audience
The phone-hacking scandal began two years ago as a lonely newspaper crusade in London, but the story has taken the world by its ear.
Opinion: Closing door on Murdoch
UK lawmakers are doing the right thing in severing their ties to the Murdoch empire, says academic Steven Barnett.
Piers Morgan: I never hacked
Piers Morgan, a former editor of two British tabloid newspapers calls allegations that he participated in phone hacking "nonsense."
Spotlight on Murdoch wife Wendi
Rupert Murdoch's wife Wendi Deng becomes a sensation on Twitter after pouncing to slap down a pie attack on her husband.
Phone hacking hearings
CNN's minute-by-minute coverage of the phone hacking hearings as they happened.
Rupert Murdoch: Last press baron
Rupert Murdoch is the last of a dying breed: An old-fashioned press baron, a tough businessman with a hunger for the next big story.


Most popular Tech stories right now