{"id":345,"date":"2011-08-12T16:50:34","date_gmt":"2011-08-12T16:50:34","guid":{"rendered":"http:\/\/dmitri.vitaliev.info\/?p=345"},"modified":"2021-02-08T14:45:53","modified_gmt":"2021-02-08T14:45:53","slug":"protect-yourself-from-phone-hacking","status":"publish","type":"post","link":"https:\/\/dmitri.vitaliev.info\/?p=345","title":{"rendered":"Protect yourself from phone hacking"},"content":{"rendered":"<p>As the &#8216;phone hacking&#8217; news wave reaches far and wide, not much<br \/>\nattention is paid to the methods used by hackers &#8211; nor are there<br \/>\nprecautions for readers worried about the privacy of their mobile<br \/>\ncommunications, bank accounts and other private data.<!--more-->The easiest and least technically challenging way to break into a<br \/>\nperson&#8217;s history of mobile conversations would be to guess their voice<br \/>\nmailbox PIN. Most people never change the default &#8216;0000&#8217; common to many<br \/>\nmobile operators or would use their date of birth, year of graduation,<br \/>\nor a clever combination of 1234 or perhaps even 2580.<\/p>\n<p>Many mobile operators allow landline telephones to reach a subscriber&#8217;s<br \/>\nvoicemail system. As the pre-recorded message is played to the caller,<br \/>\npressing the # or * key would direct them to the voicemail&#8217;s login<br \/>\noption. A correct pin will let them in. Failed attempts are logged (and<br \/>\nsome systems will lock the voicemail service after 3 or 10 incorrect<br \/>\nattempts) however these logs are usually reset if the caller hangs up<br \/>\nand tries again.<\/p>\n<p>Some voicemail systems can be tricked by spoofing the caller ID. Once<br \/>\nyou are in possession of the target&#8217;s mobile number it is possible to<br \/>\nset up VoIP services to imitate it and initiate a call to the mobile<br \/>\nprovider&#8217;s voicemail system or customer support. Then by answering a few<br \/>\ndefault identification questions, or as already mentioned, guessing the<br \/>\nPIN, access to recorded messages or even the opportunity to reset the<br \/>\nPIN code is available.<\/p>\n<p>There is a way to reduce the success of such rather rudimentary and<br \/>\nprobably quite successful hacking methods. Mobile operators should<br \/>\ngenerate random passwords as the standard default for new accounts and<br \/>\nensure that common PIN combinations should not be accepted (such as<br \/>\nrepeated or sequential numbers, nor anything beginning with 19** or<br \/>\n20**) should the user wish to change it. The user in turn, should exceed<br \/>\nthe minimum 4 number combination and perhaps spell out a word on the<br \/>\nkeypad. The user should also request that a security pass-phrase be<br \/>\ndemanded of them when calling customer support. General questions used<br \/>\nby many providers to authenticate the caller, such as address and<br \/>\npost-code, should be replaced with information only the genuine caller<br \/>\nwould know &#8211; amount due on the last bill, frequently dialed\/received<br \/>\nnumbers.<\/p>\n<p>Of course there are more sophisticated methods of breaking into phone<br \/>\nsystems and snooping on telephone conversations. Social engineering<br \/>\nattacks and corrupt employees working for the mobile operator or law<br \/>\nenforcement are to be suspected. \u00a0However the sheer number of phones<br \/>\nthat were hacked and the general misconception that digital<br \/>\ncommunications and devices are private and secure by default, leads this<br \/>\nwriter to believe that the simplest solutions are those that often work<br \/>\nbest, even when it comes to hacking.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As the &#8216;phone hacking&#8217; news wave reaches far and wide, not much attention is paid to the methods used by hackers &#8211; nor are there precautions for readers worried about the privacy of their mobile communications, bank accounts and other private data.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[2],"tags":[],"_links":{"self":[{"href":"https:\/\/dmitri.vitaliev.info\/index.php?rest_route=\/wp\/v2\/posts\/345"}],"collection":[{"href":"https:\/\/dmitri.vitaliev.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmitri.vitaliev.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmitri.vitaliev.info\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dmitri.vitaliev.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=345"}],"version-history":[{"count":1,"href":"https:\/\/dmitri.vitaliev.info\/index.php?rest_route=\/wp\/v2\/posts\/345\/revisions"}],"predecessor-version":[{"id":416,"href":"https:\/\/dmitri.vitaliev.info\/index.php?rest_route=\/wp\/v2\/posts\/345\/revisions\/416"}],"wp:attachment":[{"href":"https:\/\/dmitri.vitaliev.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=345"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmitri.vitaliev.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=345"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmitri.vitaliev.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=345"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}