U.K. Voice Mail Hack Reveals Danger of Weak, Lazy Password Choices

News Analysis: The reason the British tabloids were able to hack into so many cell phone voice mail accounts is because it was insanely easy. But it doesn't have to be.

By now you've heard about the scandal in the U.K. in which employees of Rupert Murdoch's News of the World, Sunday Times and other publications obtained illegal access to a wide variety ofpeople's voice mail accounts. Some of those affected were former Prime Minister Gordon Brown, a wide variety of celebrities, a kidnapped teen and soldiers killed in combat in Afghanistan. As a result of this reprehensible activity, the News of the World has been shut down.

Now, it appears that the scandal goes beyond the U.K. Recent revelations include the possibility that the same organizations hacked into the phones of victims of the 9/11 terror attacks on New York City and the Pentagon. Some of the reporters alleged to be responsible for the hacking have been arrested, although the editor of each of the publications at the time the hacking took place, Rebekah Brooks, unaccountably remains free.

This voice mail hacking apparently was a sort of open secret-many of the victims apparently knew that their phone passwords had been compromised. Brown, for example, reported that he was called by Brooks, who confronted him with the fact that his child had cystic fibrosis, information that could only have been obtained from voice mail.

For reasons that remain obscure, few of the people affected did anything about the voice mail hacking. But just because they didn't do anything to increase the security of their voice mail doesn't mean you shouldn't. It's actually fairly easy to secure your phone, your voice mail and your cell phone account, but you have to actually do it.

T-Mobile, the only mobile phone carrier that would discuss security with eWEEK, sent over a list of suggestions. The first suggestion is to set a password for your voice mail and your phone. T-Mobile requires a password on voice mail before it will let you use it. You can also set a password or PIN for the phone itself in most cases, and the company requires a PIN before you can access your account. T-Mobile suggests you not use the same password or PIN for any of these items.

Part of the problem is that people tend to be really lazy when it comes to security of their phones. One study suggests that about 1 in 7 phones can be hacked with one of thetop 10 lame mobile PIN codes.

Wayne Rash

Wayne Rash

Wayne Rash is a freelance writer and editor with a 35 year history covering technology. He’s a frequent speaker on business, technology issues and enterprise computing. He covers Washington and...