Apr 27, 2012

How Do You Hack Into a Phone?

This week, Rupert Murdoch testified before a British judicial inquiry on media ethics that he was unaware that his employees at the now-defunct British tabloid News of the World allegedly hacked into an estimated 4,000 victims’ voicemail systems. The hacking occurred between 2003 and 2007, and as the investigation widens to other news-gathering organizations, that number may continue to rise.

Murdoch has admitted that he didn't dig deeper into the problem when evidence of the hacking began to surface in 2006. It wasn't until the scandal exploded last summer with proof that journalists had tapped into the cellphone of a kidnapped girl, who had been murdered, that he finally shut down the paper, which had been in business for 168 years.

So, just how did these reporters-turned-hackers break into the cellphones and voice mail boxes of celebrities, politicians and ordinary citizens?

They likely used the low-tech approach of merely guessing someone’s four-digit voice mail PIN number or password. To access that PIN, some reporters may have employed pretexting (or blagging in British parlance), which involves contacting mobile operators and impersonating victims to obtain their information.

The invention of caller ID more than 20 years ago also opened up another common avenue for phone hacking: caller ID spoofing.

First discovered in the ‘90s, caller ID spoofing allows an unscrupulous sort to choose whatever number he would like for his caller ID. For instance, pioneer caller ID spoofer Lucky255 used it to switch his caller ID to 867-5309/Jenny from the bygone pop band Tommy Tutone.

If you call your own cellphone number from your cellphone, the mobile service provider will typically route you straight to your voice mail. By using caller ID SpoofCard apps and programs, voice mail thiefs can switch their caller ID display numbers to a victim's display number, dial up the victim’s phone number and gain access to the voice mail. All they have to do next is decipher the four-digit PIN.

The easiest way to hack a smartphone without having physical access to it is much more reminiscent of computer hacking, says Darren Kitchen, hacking expert and co-host of the tech show, "Hak5."

“Send an enticing link via SMS, email, Twitter; if the target follows from their phone, you've got a chance at using one of many remote exploits for iPhone and Android to install a rootkit,” which is software designed to grant internal access to a device, Kitchen explained.

“From there, you can have phone book data, voice mail, text message logs, browser history or anything covertly sent to you.”

Which smartphone you have does make a difference, since some operating systems are more vulnerable to hacks than others.

“Older versions of Android are easiest to hack,” Kitchen said. “Recent versions of iOS [are easy to hack] too, though both Apple and Google have been quick to release patches.”

Read more at Discovery News

No comments:

Post a Comment