U.K. Voice Mail Hack Reveals Danger of Weak, Lazy Password Choices

 
 
By Wayne Rash  |  Posted 2011-07-13 Email Print this article Print
 
 
 
 
 
 
 

News Analysis: The reason the British tabloids were able to hack into so many cell phone voice mail accounts is because it was insanely easy. But it doesn't have to be.

By now you've heard about the scandal in the U.K. in which employees of Rupert Murdoch's News of the World, Sunday Times and other publications obtained illegal access to a wide variety of people's voice mail accounts. Some of those affected were former Prime Minister Gordon Brown, a wide variety of celebrities, a kidnapped teen and soldiers killed in combat in Afghanistan. As a result of this reprehensible activity, the News of the World has been shut down.

Now, it appears that the scandal goes beyond the U.K. Recent revelations include the possibility that the same organizations hacked into the phones of victims of the 9/11 terror attacks on New York City and the Pentagon. Some of the reporters alleged to be responsible for the hacking have been arrested, although the editor of each of the publications at the time the hacking took place, Rebekah Brooks, unaccountably remains free.

This voice mail hacking apparently was a sort of open secret-many of the victims apparently knew that their phone passwords had been compromised. Brown, for example, reported that he was called by Brooks, who confronted him with the fact that his child had cystic fibrosis, information that could only have been obtained from voice mail.

For reasons that remain obscure, few of the people affected did anything about the voice mail hacking. But just because they didn't do anything to increase the security of their voice mail doesn't mean you shouldn't. It's actually fairly easy to secure your phone, your voice mail and your cell phone account, but you have to actually do it.

T-Mobile, the only mobile phone carrier that would discuss security with eWEEK, sent over a list of suggestions. The first suggestion is to set a password for your voice mail and your phone. T-Mobile requires a password on voice mail before it will let you use it. You can also set a password or PIN for the phone itself in most cases, and the company requires a PIN before you can access your account. T-Mobile suggests you not use the same password or PIN for any of these items.

Part of the problem is that people tend to be really lazy when it comes to security of their phones. One study suggests that about 1 in 7 phones can be hacked with one of the top 10 lame mobile PIN codes.  



 
 
 
 
Wayne Rash Wayne Rash is a Senior Analyst for eWEEK Labs and runs the magazine's Washington Bureau. Prior to joining eWEEK as a Senior Writer on wireless technology, he was a Senior Contributing Editor and previously a Senior Analyst in the InfoWorld Test Center. He was also a reviewer for Federal Computer Week and Information Security Magazine. Previously, he ran the reviews and events departments at CMP's InternetWeek.

He is a retired naval officer, a former principal at American Management Systems and a long-time columnist for Byte Magazine. He is a regular contributor to Plane & Pilot Magazine and The Washington Post.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel