8

With the News of The World Phone Hacking scandal spreading globally amidst allegations that as well as celebrities, victims of September 11 and other major events in the news have had their phone voicemails hacked into.

With this in mind, many people are wondering: How can I stop my phone being hacked?

This being security.SE, I'll have to be a bit more pragmatic, but any steps, controls or other hints that improve the security of mobile and home voicemail.

There is already a question on securing your Android phone

I have added another question on iPhone security while this one is focusing more on the voicemail side)

Rory Alsop
  • 61,474
  • 12
  • 117
  • 321

2 Answers2

1

Only end-to-end encryption as pepe suggests can offer something significant - and still won't save you in cases like voice messages etc.

Also 'rooting/jailbreaking' the phone or not may be an important question if concerned about illegal client-side software installations. Rooting the phone can lead to opening it up to exploitation if not careful (it sometimes leaves the ssh daemon open with default password) - but then again you may be able to install security software only after rooting it. The recent iPhone/iPad exploit demonstrates this: it takes advantage of a fault in a font parsing routing in the iPhone software while opening a carefully constructed PDF file, and uses this fault to get root access. The thing is that after exploitation, you can apply a patch for the fault so that no one can exploit your device without your knowledge if you happen to open a malicious PDF. Without jailbreaking the device you can't install the patch (it's not official yet).

Phone operators (or secret agencies) have the authority and means to push and install software on your device without your knowledge. But it's not only them, look here and here for example. Pushing software and firmware updates can be done to any phone - no need for it to be 'simple' or 'not smartphone'.

Another interesting factoid: The chat logs between Bradley Manning and Adrian Lamo that Wired recently released contain multiple references to phone tapping by secret agencies, for example that it took NSA 50 people and 6 months to figure out how to tap the iPhone. The most interesting part is that wiretapping is something commonly done and they don't have to get a warrant or think about privacy rights while doing it because they do not present the wiretapping data as evidence in court to be challenged - they only use the data to obtain leads to other evidence.

Mark Davidson
  • 9,427
  • 6
  • 45
  • 61
john
  • 10,998
  • 1
  • 36
  • 43
  • 1
    can you move this answer to http://security.stackexchange.com/q/5324/485 as it probably is more appropriate there – Rory Alsop Jul 15 '11 at 14:52
1

It depends on who you're trying to protect yourself from:

In the case of victims of some tragedy, or really any "civilian" who wants to prevnt journalists from accessing your voicemail in the event you become 15-minutes famous - it is probably enough to simply change your passcode from the default. And not to something equally as guessable, like 1234 or your birthdate.

For celebrities avoiding APP (advanced persistent papparazi), corporate executives combatting competitors, or high-placed DoD/military officials, it would be more involved than that (though thats a good place to start), and it would likely depend a great deal on your telco provider, and the backend systems that they use. The phone itself would likely be irrelevant here, though of course the usual caveats would apply (dont install rootkits, etc etc)

AviD
  • 72,708
  • 22
  • 137
  • 218