How mobile voice mail secrets are just a PIN away By David Derbyshire, Consumer Affairs Editor (Filed: 10/08/2006) Daily Telegraph
Eavesdropping on a live mobile telephone conversation requires immense technical know-how and equipment costing hundreds of thousands of pounds. However accessing confidential voice messages left on a mobile telephone usually involves getting hold of a four-digit personal identification number (PIN) and making a two-minute call. According to some security experts, the ease with which outsiders can listen to voice mail is one of the biggest flaws of mobile telephones. All mobile telephone companies provide customers with an answering service that allows callers to leave a voice message if a handset is switched off or engaged. Usually people listen to these messages by dialling a number on their handset or by waiting for the telephone to call them back and play the recordings. However, it is also possible to access voice messages remotely from another telephone using a PIN. A few years ago, all new telephones came preprogrammed with the manufacturer's default PIN - often a memorable four-digit number such as 6666 or 0000, printed in the instruction book. Although owners who read their instructions properly were told to change the PIN, many did not bother. For years that left voice mail vulnerable to eavesdroppers - a weakness that could be exploited by less scrupulous news outlets, private detective agencies and suspicious spouses. Over the past few years, telephone companies have tightened up voicemail security. Today remote accessing is usually possible only once the owner of the telephone has registered a new PIN with their network. Anyone wanting to listen in to voice messages must find this number. They can try trial or error - no easy task given that there are 10,000 possible numbers with the typical four-digit number. They can also ring the mobile telephone company posing as the owner and ask for a new PIN. To succeed they will need personal details of the owner to convince the company that they are genuine. Another option is to pay an employee within the mobile telephone network to provide the PIN. Justin King, the managing director of the security specialists C2i International, believes that this is the most likely route for anyone trying to listen in to telephone messages. It is also possible to use a computer programme to try out all the possible PINs, but that would be complicated, time-consuming and involve repeated calls. Today live mobile telephone calls are digitally encrypted, and, according to Mr King, the sort of equipment that is needed to listen in and decode mobile telephone calls costs between £300,000 or £400,000, is the size of a suitcase and is extremely difficult to obtain. [Non-text portions of this message have been removed] -------------------------- Want to discuss this topic? Head on over to our discussion list, [EMAIL PROTECTED] -------------------------- Brooks Isoldi, editor [EMAIL PROTECTED] http://www.intellnet.org Post message: osint@yahoogroups.com Subscribe: [EMAIL PROTECTED] Unsubscribe: [EMAIL PROTECTED] *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtml Yahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> To unsubscribe from this group, send an email to: [EMAIL PROTECTED] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/