Archives

‘Phone hacking’ and why everyone’s to blame

The outrage over the illegal accessing of mobile phone messages in the UK has failed to expose the full list of those to blame in the scandal.

Revelations  about the practice of remotely listening to other people’s voice messages – erroneously labelled ‘phone hacking’ by the media – has already accounted for a number of high-profile casualties but has conspicuously failed to include technology companies and the public at large in the list of the culpable.

So far that list includes: News of the World royal correspondent Clive Goodman, former editor Andy Coulson, News International’s former chief executive Rebekah Brook, the 168 year old paper itself while Rupert Murdoch has apologised in a private meeting to the family of murdered school-girl MIlly Dowler .

No mention has been made of the role the technology companies have played in releasing equipment to the public which has been enabled to allow people to access it from the outside, or of the responsibility that the public have to familiarise themselves with the functions of the technology that it buys.

The media, already rightly shouldering the bulk of the responsibility for the practice, is also committing another disservice by describing the practice as ‘phone hacking’, a term which allows the public to think that there has been an element of complexity to the technique.

A misconception that allows the public to remain largely complacent about what has gone on, a complacency in an information age, for which the public , very like James Murdoch, is becoming dangerously close to being complicit  through negligence.

Despite the widespread coverage of the fallout from the ‘phone hacking’ affair, there has been very little mention of what the practice involves, which is essentially using the remote answer phone function provided by all mobile phone companies as part of their service.

The system, which has until recently been provided by the mobile phone companies by default, allows someone to dial a mobile phone number and listen to any messages left on that number from another phone.

To use the service the caller waits until the mobile phone’s answer phone message plays and then pushes a button sequence that each mobile operator provides in its instruction manual.

Once the remote access is started, the person dialling in is asked to enter a four digit code to gain access to the messages held on the mobile company’s server.

Unless this is changed, the code is left at the default settings – often 0000, 1111 or 1234 – these default settings and the key series needed to initiate the process can be obtained on the internet from the mobile service provider’s website.

So unless the phone’s owner has read the manual and listened to the options on their mobile phone before they access their answer phone messages and changed the default settings to a password of their own the remote retrieval system is set at the default.

This means that it can be accessed by anyone who has a vested interest in doing so; a situation that partially places the blame for the situation on the phone’s owner and the mobile phone company.

Because if James Murdoch was negligent and therefore culpable – as is being suggested – for not knowing the full extent of the use of illegally obtained answer phone messages by News International journalists then there is also a degree of negligence on the part of mobile phone companies for enabling remote access to answer phones and not telling the phone’s owners about it.

There is also a degree of negligence on the part of the phone’s owners about not finding out exactly what the technology that they bought does – a failing that is now at the heart of many of the issues that we now face with technology.

Because there is an expectation from us that our technology works like any other electronic consumer device that we buy, whether it is a washing machine or a car, we expect to be able to use it and not to understand it, nor to even bother reading the manual.

The result is now an alarming reliance on technologies that we do not even half understand with the result that we are not aware of the risks that they hold for us.

And while the public at large is relaxed about the fact that as a result of the outrage over the remote accessing of answer phone messages that celebrities and the victims of tragedy will now be safe from eavesdropping by journalists, businesses should be aware that they could quite easily become the victims of eavesdropping by a competitor unless they take the appropriate measures.

Protecting yourself against ‘phone hacking’

There is no particular order in which you should do this as both courses should serve your purpose but it will not do any harm to do both.

  • Log onto your mobile answer phone and play the options. If it offers you an option to change the pass code on the mobile answer phone do so. Choose something memorable and also something that is not the pass code to something else like your cash-card as criminals work on the basis that people use the same code for everything. Do not use a date of birth from a family member as social networks mean that these can frequently be obtained.
  • Ring your mobile phone company and ask if the mobile answer phone system can be accessed remotely and ask if it is enabled by default, ie turned on whether you asked for it to be or not and whether it is password protected. If it is not password protected, demand that it be turned off.
This article printed courtesy of our sister organisation the Cyber Security Research Institute  www.csri.info