The recent blow-up in the UK over the tabloid media accessing people’s cellular voicemail is certainly interesting. Endless media outlets are reporting the crime as “hacking” cell phones or cell phone voice mail. Here are just a few examples:
- PC World: News of the World Cell Phone Hack: How it’s Done
- New York Times: British Tabloid Hacked Missing Girl’s Voice Mail, Lawyer Says
- MSNBC: Police talk with more parents about cellphone hacks
I find that the use of the term “hacking” in this context rests uneasily with me. In my mind hacking implies that there’s an appreciable skill involved. The most basic of the techniques described I consider to be trivially simple. It requires no particular skill at all, just a little devilishness.
Of course the matter is offensive, even criminal, but nowhere am I seeing an outcry about how ridiculously easy the mobile carriers make this process. Surely the situation that they have created could be considered in some ways negligent? Should they not force the users to setup a reasonably secure PIN code on initialization of the service?
Further, isn’t the basic 4 digit PIN code more than a little antiquated? Most smart phones have more than enough processing power to brute force crack a simple PIN code in just a few moments. All it would take is one mischievous Android or iOS developer to publish such a utility then no voicemail would ever be safe.
The weakness of the voicemail system surely cannot be viewed as the sole flaw in an otherwise strong system? Imagine what a really skilled hacker can do to such poorly considered systems? Beyond merely being a club with which to bash the tabloid media, let’s hope that this escapade becomes the call-to-arms that makes people start to take issues of security around voice services more seriously.