The phone hacking scandal that led to the demise of News of the World and put News Corp. CEO Rupert Murdoch in the hot seat highlights just how easy it is for predators to break into cell phones.
Your phone can be hacked two ways: "hacking into your cellphone as you're on the phone or hacking into your voicemail," says Mark Rasch, director of cybersecurity and a privacy consulting at Computer Sciences Corp.
The first method -- breaking into your phone while you're talking on it -- is difficult, says Rasch. A hacker would need to hack into your cell phone provider or corrupt an employee who works for the company to listen in on a conversation.
The second method -- breaking into voice mail -- is not so tough. It involves installing a program that would allow the hacker to capture and intercept phone calls. "It is very easy to do, and that's typically because voicemail is secured with a short four digit number. It can be hacked, spoofed, guessed and social engineered," says Rasch.
What makes it so easy? Blame yourself. Most people choose simplistic passwords that are easy for hackers to guess. "The most common pass code is the last four digits of your phone number," says Rasch.
"People want something easy to remember and easy to type at 75 miles per hour with a cup of coffee in the hand and the cell phone in the other," says Rasch."They'll pick the same pin number for ATM, cell phone and a dozen other things. It's just human nature."
To avoid these pitfalls, some say passwords should be automated or randomly selected.
"You shouldn't be able to pick your password or pass code," says Daniel Amitay, an iPhone developer. "It should be randomized. The problem with pass codes and passwords is people pick them."
Amitay created the Big Brother application that installed a screen to allow consumers to add an additional layer for password protection. It used the Big Brother Camera security to record common user pass codes and found the 10 most common pass codes used by iPhone users. In additon to 1234 and 0000, the other most common pass codes were 2580, 1111, 5555, 5683, 0852, 2222, 1212, 1998.
All eyes have been trained on News Corp. in recent weeks, following allegations that the now-defunct News of the World hacked the phones of more than 4,000 politicians, crime victims and celebrities.
But at the center of the firestorm was Milly Dowler, a 13-year-old murder victim whose cell phone was hacked by journalists on the hunt for a big scoop. When the teenager disappeared in early 2002, reporters allegedly listened to the dead girl's voicemail and deleted messages on the system, tainting the investigation and creating false hope among the victim's family members that she might still be alive.
While it's unclear exactly how the reporters gained access to Milly Dowler's voicemail, one lesson emerges: It wasn't too hard.
Social engineering -- the art of getting people to inadvertently divulge information through seemingly innocuous questions -- is one way, and it's as simple as going on a website and tricking a system or individual. For example, Christopher Soghoian, a fellow at the Center for Applied Cypersecurity Research, in a quick email shared a website called phonegangster.com. The website can send visitors directly to a voicemail account, where they can insert a pass code by spoofing a phone number.
"If I can trick the system into thinking I'm calling from your phone, I don't even need the pin number," says Rasch.