Cookie policy
Follow this topicFollow this topic Knowledge » Mobile phones

How to prevent your phone from being hacked

John Fitzsimons
by Lovemoney Staff John Fitzsimons on 12 July 2011  |  Comments 14 comments

It's not just ropey journalists who employ a little phone hacking...

How to prevent your phone from being hacked

It’s fair to say that the hacking of mobile phones has been in the news a fair bit over the last week or so. Indeed, the practice has led to the closure of a 168-year-old newspaper, and the arrest of the Government’s former director of communications.

So what is phone hacking, and how do you ensure that you don’t come a cropper?

Read all about it!

For a while now it’s been public knowledge that journalists at the News of the World indulged in a little phone hacking in order to secure news stories. What started out with members of the Royal Family and celebrities has taken a sinister twist though with the revelation that grieving families of terrorist attacks and murder victims also had their phones hacked.

Hacking in this instance means gaining access to the user’s voicemail. And when these activities were at their most popular at News International, this was a pretty easy thing to do. It used to be the case that voicemails came with a standard PIN which allowed you to access the voicemails. The idea was that once you signed up with the mobile provider, you would then go and change that PIN (as well as record a no-doubt ‘wacky’ voicemail message).

Of course, most of us did no such thing, leaving our voicemails open to any enterprising hacker. All they had to do was call your number when it was engaged or the phone was off, and they would have free reign over your inbox. Private investigators also no doubt have access to technology (known as caller ID spoofing) which allows you to impersonate a phone number, so your victim's voicemail provider will think it was the legitimate owner of that phone number calling from their own mobile. In that situation, voicemail providers often didn't even ask for a pin.

Alternatively, it is even thought the private investigators paid sources at CTI, the accounts company which held the accounts information for all the major phone companies except O2, to tell them the pins of celebrities. This is why victims like Sienna Miller - who reportedly changed her Pin hundreds of times - still got hacked.

Changing times

Perhaps unsurprisingly, given the furore over the ease of phone hacking, the network providers have moved to tighten things up. Default PINs were ditched some time ago, with most providers now requiring you to set up your own PIN when setting up your voicemail.

Related blog post

That at least makes it harder for any hackers to get hold of your messages, though it’s still far from impossible. Picking a PIN with recurring or sequential numbers (4444 or 1234 for example) or your birthday will not give your message facility much in the way of security, so that’s to be avoided.

The real issue here is that voicemail can still be accessed remotely – i.e. from a line other than the mobile itself. So long as that is the case, there will always be opportunities for unscrupulous types to try to hack into your voicemails. And caller ID spoofing technology is still available today.

Of course, it’s not just your voicemails that represent a gravy train to hackers and scammers. Here are some other potential areas your identity may be at risk:

Fake apps

Mobile phone apps are big business these days, worth millions of pounds. And anyone with a smartphone likely has a stack of apps sitting on their phone.

Of course, this presents an opportunity to hackers. All they have to do is get a fake app out into the market, and get unsuspecting users to download it. Earlier this year a number of apps on Google’s Android Market were infected with a form of malware called DroidDream. This malware allowed hackers to access all sorts of information about the phone, such as its unique identifying numbers, potentially giving the hacker the ability to remotely control the device, as well as get hold of any data stored on it.

Currently, the vetting process before you get an app up on iTunes is far more rigorous than those apps available to Android mobiles, so it pays to be extra vigilant if you’re using an Android. It's a good idea to do some research on any app before you download it onto your phone too.

Online banking

Related how-to guide

Avoid scams and rip-offs

Worried about getting caught out by a scam or rip-off? Find out how to protect yourself.

Accessing information on your finances while on the move is a fantastic development, but also provides an opportunity to scammers. If you’re going to do some banking on your phone, be clear about your surroundings. Scammers known as ‘shoulder surfers’ like to lurk close by, watching you and the details you put into your phone. You're particularly vulnerable if you conduct your online banking in wi-fi hotspots, so avoid doing this.

If you think about it, it’s no different to being smart when using an ATM.

Bluetooth

I’ve used the Bluetooth facility on my old mobiles many times in the past, to send music files or photos to friends at close proximity, without having to pay for it. However, like public wi-fi, it is open to hijack, putting your personal information at risk.

Always turn off your Bluetooth when you aren’t actively using it, while switching your settings so that your Bluetooth is not ‘discoverable’ is also a smart move. Finally, be vigilant over only ever accepting connections with people you know.

Social media

As a (relatively) young person, I’ve embraced social media. Twitter has become an integral part of my day, while Facebook allows me to share pictures of my son with our relatives across the globe.

However, for all their uses, they do present a potential hazard. Some of my friends share far too much information on their profile page on Facebook, from their mobile phone number to their address and date of birth. All they need is to stick up their mother’s maiden name, and cyber criminals have the full set.

But what is becoming a real concern is the way we use social media when out on the move, with the use of our mobile phones. Too often we feel the need to ‘check in’ to let our friends or followers know exactly where we are. It’s even become some sort of strange game thanks to the likes of FourSquare, where you can ‘oust’ other users and become the 'Mayor' of Pret a Manger or wherever. It's ridiculous.

Of course, by doing this, you are just letting people know where you aren’t – and that’s at home. Insurers are already getting twitchy about paying out on burglaries if you’ve advertised that you are away from home, while organised criminals in the US have taken to scouring Facebook to identify possible properties to rob.

More: Get a 0% credit card | Earn 50 times as much interest on your savings | Car insurers are cashing in on your crash!

Enjoyed this? Show it some love

Twitter
General

Comments (14)

  • Anfauglir
    Love rating 8
    Anfauglir said

    "How to prevent your phone from being hacked" - hmm, sounds like a very useful article, I thought to myself. So I followed the link, and discovered that the wonderful advice on how to PREVENT your phone from being hacked was.....

    ....think carefully about the PIN you use.

    Gee, thanks. So that will PREVENT my phone from being hacked, will it?

    In an article inspired by the worst excesses of tabloid journalism, I find it ironic that - once again - Lovemoney resorts to an attention-grabbing headline that bears little or no relation to the content of the article. And - by using the word PREVENT when it clearly will not do so - is frankly an outright lie?

    Report on 12 July 2011  |  Love thisLove  0 loves
  • nosbort
    Love rating 125
    nosbort said

    The only way to prevent your voicemail being accessed by someone else is to turn it off.

    Report on 12 July 2011  |  Love thisLove  0 loves
  • Steviebaby1959
    Love rating 28
    Steviebaby1959 said

    Well, if folks can only use 4 digits for a PIN number, then, is there any wonder phones get hacked, it's just like online banking, if the customer had the opportunity to set up a PIN number of about 36/48 characters, then we may feel a bit more secure about our details, but, as these idiots don't give us that option then it's no wonder that fraudsters can access our information. However, as 99.99999% of the readers on lovemoney.com aren't celebrities, then, we won't have much to worry about, will we.....

    Report on 12 July 2011  |  Love thisLove  0 loves
  • tonychaitow
    Love rating 0
    tonychaitow said

    Anyone is welcome to Hack my Phone - they will be quickly bored stiff!

    Report on 12 July 2011  |  Love thisLove  0 loves
  • CuNNaXXa
    Love rating 362
    CuNNaXXa said

    Again, this is something that is directly attributable to the industry, and not the consumer. Just because someone doesn't set a PIN, or uses a simple PIN, is not the issue. In fact, the above article stated that Sienna Miller changed her PIN numerous times, yet she still got hacked.

    So, what is the cure? Obviously, the industry that manufacturers and supplies these phones need to take full responsibility for their failure in their duty of care to their customer base.

    Imagine someone walking into my local bank and saying, 'Hi, I am CuNNaXXa. Please give me all my money', and the dopey cashier complied. I would be livid. I would be questioning why it was so easy for someone else to steal from me, and why the bank did not go through any sort of vetting.

    This also needs to be applied to the mobile phone industry. We all have mobiles, and they all contain SIM cards. The data on those SIM cards should be enough to authenticate the owner of the phone as the owner of the account, allowing access to personal settings such as voicemail. Obviously, if someone steals your phone, that is your fault, but no one should be able to spoof your phone number without the system being alerted and blocking such a request.

    As for the revelation that some private investigators may have paid insiders at CTI for PIN information on customers, again that organisation should have made it impossible for operatives within their organisation to be able to link a PIN to a NAME. Even the banks have cottoned on to the fact that when you need to enter a security phrase through phone banking, it needs to be done anonymously, so why hasn't CTI?

    So, how do we stop phone hacking? We beg our politicians to regulate this industry better so that basic security provisions are part of the service. After all, the mobile phone industry is about one of the biggest industries in the world, and they need to concentrate on Quality of Service before Profit Margins.

    Anyway, I hope that whoever has been affected by these hacks also decides to take action against the mobile phone providers for failing in their duty of care. After all, they charge enough for their service, so why not pay out for their blatant incompetence.

    Report on 12 July 2011  |  Love thisLove  0 loves
  • mtjearly
    Love rating 20
    mtjearly said

    Isn't it great that as technology progresses, it gets easier and easier for (admittedly tech savvy) crooks to cash in on the lax security. Look at Chip and Pin - blatantly less secure than relying on a signature check, yet rushed out because It's A Great Idea. CVV numbers - waste of time. The tech boffins need to spend much more time considering security before rolling the latest gadget/service out.

    Report on 12 July 2011  |  Love thisLove  0 loves
  • yocoxy
    Love rating 132
    yocoxy said

    Chip and Pin less secure than signature? I don't think so..

    The main fraud right now is card not present (CNP) over the internet where the chip is not involved (and nor would the signature be) and card cloning where the magnetic stripe data is copied and used in a non chip and pin country such as the US.

    Fraud where the card is used at a Point of Sale would be virtually wiped out if all countries complied with the chip standards. It was rife when the security was reliant on a minimum wage checkout operator bothering to check the signature (and why bother if the transaction is electronically approved because it's a genuine card?).

    As for phone hacking.. clearly it's wrong and evil and Becky should go but..

    Most landline handsets with answering facility also have the option to hit a key within a couple of rings, enter a PIN (preset to 0000 typically) and listen to your voicemails whilst you're out of the house. Does that also warrant the implementation of bank style security?

    I think if anyone is dumb enough to leave their PIN at the default they should take responsibility and if fraud is committed by an employee they should face the full wrath of the law.

    Blaming big brother evil corp seems an easy target for everything these days..

    Report on 12 July 2011  |  Love thisLove  0 loves
  • MancChazzer
    Love rating 0
    MancChazzer said

    It's okay telling us all we can be hacked...how about an article that is complete i.e that tells us how to complain, the email address of who we can email i.e. the provider?

    Have you ever had cause to complain? I have and I complained to BT and Virgin, 2.5 years ago and have they solved the issue? you guessed, no!

    Any company that owns a telco or has a bunch of servers that your call are routed through can 'tap in' to your line...hacking is old news and I'm sick of hearing about it.

    What I would like to hear is...the people involved being given sentences, fines and sacked for illegal actions...so make your blog worth reading.

    Finally, what do you do with the comments on here? Nothing? Why don't you post out the hacking issues and send them to the PM, Parliament and www.ico.gov.uk

    Report on 12 July 2011  |  Love thisLove  0 loves
  • onetimothysixten
    Love rating 2
    onetimothysixten said

    "All they need is to stick up their mother’s maiden name, and cyber criminals have the full set."

    Could be quite easy to find on many people's Facebook pages as the families of any of your mother's brothers will probably be a recurring source of this surname!

    Tip: When asked for your mother's maiden name you don't have to tell the truth, just remember what name you used, then someone who knows your family or deduces 'mmn' will find it useless.

    Report on 12 July 2011  |  Love thisLove  0 loves
  • CuNNaXXa
    Love rating 362
    CuNNaXXa said

    @ yocoxy...

    You say that blaming big brother evil corp seems an easy target for everything these days, yet you have to remember that these easy targets are making a profit out of us. If they earn, then they have a legal duty of care.

    After all, why should any organisation make a profit without any requirement towards quality of service?

    If they sold us the service at cost, then they may have an argument, but since they make a profit, their service is subject to the Sale of Goods Act (and similar) which clearly states that the goods must be of a reasonable quality. In this instance, your voicemails should have adequate protection from spoofing.

    (I know it is a service they are selling, but it still comes under the general umbrella of goods and services).

    As for stating that an employee should be prosecuted if they act illegally, it is still a requirement of any employer to have policy and procedures in place to actively discourage any foreseeable abuses, and while an unforeseeable abuse is excusable, foreseeable abuses aren't, and the employer is then just as liable as the employee, or even more so for encouraging such an abuse by being negligent.

    (CASE NOTE: An employer was penalised when an employee was killed playing a game of Chicken with a fork truck during his lunch break. The employer stated it had no control over its employees during their unpaid break, but the HSE stated that a lack of proper education coupled with the fact that employees had access to the fork trucks during their unpaid lunch break meant that the employer took full responsibility for the death of this individual.)

    Report on 13 July 2011  |  Love thisLove  0 loves
  • hopefultom
    Love rating 43
    hopefultom said

    CuNNaXXa

    Once again I find myself in agreement with your good self,also some of the posting by MTJEARLY

    I am by no means an expert on mobile phone technology but would like to put a suggestion forward :

    Why shouldn't the phone manufacturers/network providers be called upon to spend whatever it takes to develop a universal app which would make voicemail hacking impossible?

    Perhaps some of you technos could tell me why it couldn't be done.

    Report on 13 July 2011  |  Love thisLove  0 loves
  • yocoxy
    Love rating 132
    yocoxy said

    Security is best provided by combining three elements: something you have, something you are and something you know. To do this the "something you are" element needs to be a biometric, so fingerprints, iris scans etc would be required, that usually gets the civil liberties anti big brother guys shouting..

    That leaves the other two, something you have and something you know. In the banking world, you have a card and you know the PIN, two out of three 'ain't bad (as they say) so its pretty secure. Mobile phone voicemail is protected by two things something you (and a lot of other people) know - your phone number and something you know (again) your PIN. Therefore it's pretty insecure.

    If you ensure that only you know your PIN it's secure enough for the purpose (in my opinion) after all, it's not protecting state secrets (at least I'd hope that politicians aren't discussing anything sensitive over any open network). If you leave your PIN at the default you're ensuring that there's no security at all. This is fine if all your messages are meaningless or you switch off the voicemail function.

    All mobile (and landline) phone messages can be listened to by the 'appropriate' authorities and if you call a number in Iran, Syria or any of a bunch of other sensitive countries, you can be pretty sure that there will be more than just the two people at the ends of the line listening in. If you don't like that thought, don't use public networks.

    All security has to be relevant to the threat. Quite frankly I'm not bothered if anyone overhears me telling my wife I'm going to be late home again..

    Having said all that I do think Murdochs gang still need to be brought to account.

    Report on 14 July 2011  |  Love thisLove  0 loves
  • jacytacy
    Love rating 0
    jacytacy said

    Have a look a t this:

    http://my-love-for-money.blogspot.com/

    Report on 18 July 2011  |  Love thisLove  0 loves
  • Liony
    Love rating 15
    Liony said

    ALL phone calls we make are monitored anyway so what's the difference?

    Mobiles are easier to hack that landlines.

    Technology has brought us closer together with friends and other people but it is not always safe. For example, there was a news report this year about pictures being put on facebook by parents of their children and unscrupulous people were able to find out where the pic was taken and susequently where they lived. Yes, they put them on facebook from their mobile phones.

    Report on 13 December 2011  |  Love thisLove  0 loves

Post a comment

Sign in or register to post a reply.

Related content

Our top deals

Credit card
company 		Balance transfers rate and period Representative
APR 		Apply
now

Barclaycard 27Mth Platinum Visa

0% for 27 months (3.5% fee) Representative 18.9% APR (variable) Apply
Representative example: assumed borrowing of £1,200, representative 18.9% APR (variable). Purchase rate 18.9% PA (variable). BT fee is reduced from 3.9% to 3.5% (T&Cs apply).

Barclaycard 25Mth Platinum Visa

0% for 25 months (2.4% fee) Representative 18.9% APR (variable) Apply
Representative example: assumed borrowing of £1,200, representative 18.9% APR (variable). Purchase rate 18.9% PA (variable). BT fee is reduced from 3.5% to 2.4% (T&Cs apply)

Halifax BT 25 Month MasterCard

0% for 25 months (2.5% fee) Representative 18.9% APR (variable) Apply
Representative example: assumed borrowing of £1,200, representative 18.9% APR (variable). Purchase rate 19.0% PA (variable).
W3C  Thank you for using CGWEBLIV3