Phone hacking according Q762 on the ask the police website (https://www.askthe.police.uk/content/Q762.htm) is where people gain unauthorised access to information that is held on a mobile telephone, in most cases these are voicemail messages. It goes onto explain that mobile phone companies set up a default voice mail service for all mobile telephones. This service can then be accessed from other telephones (both mobile and land-line) by dialling your mobile telephone number. Once the voicemail service message begins, all a hacker has do is dial * and enter a PIN number, which is a default PIN number unless it has been changed. It is this type of hacking that the newspapers in the UK have been accused and admitted to doing. This type of hacking can be stopped by changing the default PIN and not giving the PIN to anyone.
However phone hacking is more than this simple example of almost social engineering, for example I would identify the following as phone hacking activities
- Phreaking
- VoIP hacking
- Voice mail hacking
- Mobile phone network hacking
- Insecure wifi usage
- Smart phone app security
All of these can result in an unintended opportunity, ranging from free phone calls to intercepting and retrieving information.
- Phreaking involved manipulating the plain old telephone system that used to tones to control switching and functionality. By reverse engineering the tomes pheakers could route long distance calls for example.
- VoIP involves the transfer of voice within the data packets on an internet protocol (IP) network. The hacking of VoIP allows eavesdropping, control of VoIP based private branch exchanges (PBX), the routing of phone calls and other activities.
- Voice mail hacking allows the retrieval of voice messages often by using default PIN numbers
- Mobile phone networks use a number of telecommunication protocols that have been hacked allowing interception of mobile phone calls and other malicious activities
- A lot of mobile devices including phones can make use of WiFi networks and in some instances route phone calls over WiFi connections using VoIP and related technologies. WiFi is difficult to secure and data can be intercepted.
- The top of the range phones now all come with apps, insecure doing practice and in cases malicious programming allows data leakage from phones due to the vulnerabilities in apps installed on the phone, or the apps can take control of the phone causing it to make premium rate connections via voice, data and sms.
I will be looking at some of the phone hacking techniques and countermeasures over the next few months as I prepare a talk on the topic.
No comments:
Post a Comment