eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
By now you’ve heard about the scandal in the U.K. in which employees of Rupert Murdoch’s News of the World, Sunday Times and other publications obtained illegal access to a wide variety ofpeople’s voice mail accounts. Some of those affected were former Prime Minister Gordon Brown, a wide variety of celebrities, a kidnapped teen and soldiers killed in combat in Afghanistan. As a result of this reprehensible activity, the News of the World has been shut down.
Now, it appears that the scandal goes beyond the U.K. Recent revelations include the possibility that the same organizations hacked into the phones of victims of the 9/11 terror attacks on New York City and the Pentagon. Some of the reporters alleged to be responsible for the hacking have been arrested, although the editor of each of the publications at the time the hacking took place, Rebekah Brooks, unaccountably remains free.
This voice mail hacking apparently was a sort of open secret-many of the victims apparently knew that their phone passwords had been compromised. Brown, for example, reported that he was called by Brooks, who confronted him with the fact that his child had cystic fibrosis, information that could only have been obtained from voice mail.
For reasons that remain obscure, few of the people affected did anything about the voice mail hacking. But just because they didn’t do anything to increase the security of their voice mail doesn’t mean you shouldn’t. It’s actually fairly easy to secure your phone, your voice mail and your cell phone account, but you have to actually do it.
T-Mobile, the only mobile phone carrier that would discuss security with eWEEK, sent over a list of suggestions. The first suggestion is to set a password for your voice mail and your phone. T-Mobile requires a password on voice mail before it will let you use it. You can also set a password or PIN for the phone itself in most cases, and the company requires a PIN before you can access your account. T-Mobile suggests you not use the same password or PIN for any of these items.
Part of the problem is that people tend to be really lazy when it comes to security of their phones. One study suggests that about 1 in 7 phones can be hacked with one of thetop 10 lame mobile PIN codes.
Dont Become a Victim of Laziness
If you’re using one of those codes, you should change it immediately. Even if News of the World is closed, the rest of Murdoch’s employees are out there.
Craig Mathias, principal analyst at Farpoint Group, told eWEEK that it’s important to pick a password or PIN that’s not easily guessed, which means don’t use your birthday or a relative’s birthday, your children’s names or other easy-to-find-out names or numbers. He also suggest using a PIN longer than four digits. T-Mobile suggests the same thing, and also suggests changing PINs every 60 days. The company has a Web page thatprovides help for keeping your password secure, and the advice doesn’t just apply to T-Mobile customers.
Mathias also suggested that you set your voice mail so that a password is required even when you call from your mobile phone. While some voice mail systems will let you turn off passwords when calling from the phone itself, Mathias said that this is a security risk.
T-Mobile notes that hacking into your cell phone voice mail is a criminal act and suggests that if you know this has happened, you should call the police. Of course, you should also immediately change your PIN or password.
If all of this sounds familiar, it should. It’s basically the same advice I gave in my eWEEK column years ago when I wrote about securing your WiFi access point. Far too many people simply plug in the AP and go, meaning that it’s remarkably easy to find open access points with SSIDs of “Linksys” or the like near virtually any office building or apartment complex. The reason is that people don’t like to take the time to set up even minimal security.
The same basic laziness affects mobile phone users who apparently are in far too much of a hurry to protect themselves, or who must believe such hacking will never happen to them. The truth is, of course, that it does happen and you don’t have to be a target of News Corp for it to happen. You could be the target of other types of cyber-criminals, people who are angry with you, who want something you have (like information from your office) or who are part of a relationship gone wrong.
The bottom line is simple. Create a password or PIN for your voice mail. Don’t make it the same as your other passwords or PINs. Make it hard to guess. Don’t tell anyone what it is. Change it from time to time. It’s that simple.