With the massive media coverage and interest in the News of the World phone hacking scandal, people are wondering how it was possible that so many voicemail accounts could have been hacked; and not by professional hackers, but ordinary journalists. As it turns out, the hacking was simple, as default voicemail pincodes were used, and anyone with the right tool could have easily broken into the accounts.
This scandal, which was definitely unethical, was also completely avoidable. It seems that the way the hacker journalists gained access to thousands of people’s voicemail accounts was simply by calling the victim’s voicemail and trying the default pin codes, which most people never bothered to change, leaving their mailboxes totally unsecured.
Accessing the voicemail directly was even easier than it sounds. Either the journalists called the phone number and waited for the victim to not answer and then got into the mailbox, or an even sneakier approach was used; calling what’s known as a caller ID spoofing service. These are online services that let you call a phone number using a fake caller ID.
For example, say you want to call your friend’s cell phone and want the number on the caller ID to say (111) 111-1111. Just enter that number into the caller ID spoofing service and that is exactly what will show up as the caller ID on your friend’s phone. However, the trick to the voicemail hack is that when a phone gets a call from itself (which means using the caller ID spoof technique using the same phone number for the caller ID as the phone being called), the victim’s phone thinks that it is the user simply accessing his own voicemail and sends them to the main menu.
Now if there is no password, the spoofed caller or hacker gets total access to the voicemail, or if there is a password, they are asked to enter it. It’s at this point that the journalists simply tried the most common default voicemail pin codes, such as 1234 or 0000 and were able to gain total access to their victim’s voicemail accounts.
So the lesson of this post is to remember to create and use a totally different voicemail pin code than the one that came as a default with the phone. And also make sure to value other people’s privacy by not using the above spoofing technique for hacking into other people’s phones, or “defrauding or deceiving” anyone, as each of those acts could be punishable by a fine up to $10,000 with a maximum total of $1 million.