The recent News of the World phone hacking scandal in the United Kingdom has revealed just how easy it can be for someone to gain access to mobile phone messages.
Celebrities and people thrust into the public eye found themselves being targeted by unscrupulous elements within the newspaper who used hacking to gain access to personal information. The scandal led to the closure of the News of the World, as well as resignations in other sections of society including the police force.
The techniques used by the hackers were quite simple and exploited well-known weaknesses inherent in mobile phone systems. According to local telecoms providers, these weaknesses exist on all phone systems and local users should take note on how to protect their personal information.
“When you look at a lot of what took place in the UK it was primarily voice mail boxes. One of the problems that you find with voice mail boxes is unfortunately a lot of people leave the default password. If anyone knows your phone number and you don’t change your password, that is an issue that can come up,” said Donnie Forbes, head of service support and delivery with LIME Cayman Islands.
Many people are not even aware that they have a voice mail password, as this is usually only required when dialing in from another phone to access your voice mail. This means that most PIN codes are still set to a network default, which made it very easy for the hackers to guess. Once access had been gained to voice mail accounts, hackers could listen to new voice mails as well as any messages that had been saved through dialling in to the voice mail retrieval system from another phone.
“It is very important that the user changes his or her default pass code, especially for voice mails. The default pass code is the same for each mobile handset on the network. If the default pass code is left as it is, it makes it very easy for someone to gain access to secure information held on your mobile device,” said Victor Corcoran, CEO of Digicel Cayman.
“We encourage all users to change their default setting the first time they use their handsets to something they can personally remember which makes it much more difficult for someone to hack or gain access to sensitive information.”
However, even those who do change their codes from the standard often employ numbers that are easy to guess, so it is best to select a numbers that will not be easy for someone else to guess based on public information related to you.
“It comes down to common sense and the fact is that we are constantly looking at how we can encourage our customers not to use a password that is easily recognisable. We encourage people to make passwords no less than six characters long, and also include the alphabet, numbers and use it in combination. Don’t use your birthday, don’t use your kid’s birthday, don’t use your house number,” Mr. Forbes said.
Of more concern to most people will be preventing anyone who steals a phone or mobile device from gaining access to the information stored on it or using the phone to make calls.
When it comes to mobile devices, security becomes a definite issue. Unlike desktop computers that tend to kept under lock and key, mobile devices are out in public and can easily be misplaced or stolen. Unless these devices are password protected, the data on them can be accessed by anyone.
“All mobile handsets come ready with security features such as password and PIN numbers. A user may opt to enable a password on his or her handset which allows only the user to make calls, send text messages or emails. If the user turns off his or her handset, the pass code will be required once turned on, which makes it harder for anyone else to gain access to the information on the phone,” Mr. Corcoran said.
More advanced devices like BlackBerry smart phones have even more advanced protection built in.
“BlackBerry Protect for example, is a free application available from BlackBerry App World that allows you to wirelessly backup, restore and locate you BlackBerry smart phone. If your BlackBerry smart phone is lost or stolen, it allows you to remotely wipe or lock the device, view a ‘Lost and Found’ screen, locate your device on a map, remotely activate the loud ringer, and wirelessly backup and restore your device,” Mr. Corcoran said.
Some other smart phone brands have similar location software and data erase functionality available, with many devices also offering data encryption, rendering any data stored on the device or a removable memory card useless unless the correct password is entered.
However in spite of these features, users are still advised to avoid storing banking details including credit card information and passwords on their mobile devices in case of theft.