Voicemail hacking and handset pinging explained

The UK is currently awash with stories about mobile phone ‘hacking’. The general public is largely confused as to how this has happened. Particularly since the ‘hacking’ we are talking about in this instance is almost certainly a reference to hacking into somebody’s voice mailbox. It isn’t a reference to actually listening in to somebody talking on the phone. On top of this, there are now reports that news journalists have also indulged in a practice called ‘pinging’ which relates to discovering somebody’s location based on where they have been using their mobile phone.

Let’s get one myth out of the way first. Practically speaking, we don’t believe you can break the encryption using on a GSM mobile phone (which is the system we now use in the UK for digital handsets). A number of hackers have, of course, claimed that they are able to break the stream cipher called A5/1 which GSM uses. There’s a report on these claims on ZDnet here.

We do, however, believe a bunch of researchers in Israel who did openly prove that it is possible to ‘crack’ the encryption used in GSM phones. There was, however, one huge snag to this breach. You actually had to be standing within range of their supercomputer for the call to be decrypted. And you can’t load up a supercomputer in a van and travel around listening into people’s calls.

There’s a much easier way to go about listening into mobile phone conversations. The government has a perfect right to ask the mobile phone network operators to let them listen into the conversation of persons they regard to be a threat to the State. It’s called a legal or lawful intercept.

The suggestion has been made that the number of these lawful intercepts requested by the police might be suspiciously high. One network alone has allegedly been asked by the police in one year nearly 4,000 times – just for calls made in London. That’s one hell of a lot of suspected terrorists. However, no-one yet seems to be claiming that journalists bribed the police to lawful intercept the calls being made by one of their targeted persons.

There’s also a degree of confusion surrounding the whole issue of phone hacking. Those with long memories might remember the Camillagate scandal when excerpts of the conversation between the UK’s Price Charles and his then mistress, Camilla Parker Bowles, were published in the tabloids. They forget that this couple were actually using analogue mobile phones which ‘could’ be listened into with a relatively inexpensive scanner. You can’t do that with a GSM phone as we explain above.

So what kind of hacking were these people doing, then? Well, it seems that the voicemail systems employed by the UK phone companies leak like sieves. The mobile phone companies don’t seem too keen on letting their customers know how to stop this. Why? Well because it could seriously impact their revenues from voice calls.

If you call somebody’s mobile handset and they don’t answer, then the mobile phone company doesn’t make any money. But, if the handset goes over to voicemail, then a call is delivered and they increase their revenues. So the operators aren’t keen on the general public discovering that – by using some very simple commands on any modern mobile phone – it is perfectly possible to turn off the voicemail facility altogether.

From the degree of success enjoyed by the rogue journalist, it seems that celebrities were unaware that it would be A) A good idea to set a password on your handset’s voice mailbox or B) to change the default password from something which is very easy to guess. Techeye’s own feeling is that the hacks had a list of known default passwords for each of the major mobile phone networks. If your voice mailbox number is 1234 or 0000 change it now.

The UK mobile phone networks provide a telephone number which you can call into to listen to your voicemail messages while you are abroad. For Orange, for example, the actual number is 07973 100123. The rogue hack could call this number and feed in the Orange telephone number of the celebrity they wish to hack. If actually set at all, the password to listen to these messages appears to have been compromised very readily.

The latest revelations about the implications of the hacking of the Milly Dowler’s mobile phone – see The Guardian’s coverage here – are deplorable. The journalist weren’t just listening into voicemails being left on Milly’s voicemail mailbox. They were deleting them because the voice mailbox had filled up. By deleting those messages, Milly’s family were given false hope that she might still be alive because somebody was obviously listening into the messages. But tragically not Milly herself.

Now we come onto the latest technique being used by rogue journalists to spy on celebrities – a practice which is apparently known as ‘pinging’. With all cellular mobile phone systems, it is relatively simple to calculate the rough location of a person’s mobile phone. It’s known as cell site triangulation because you work out from the strength of the signal being received from three different cell sites roughly where that handset is located. Remember that you don’t actually need to make or receive a phone call for this to work. You could send or receive a text message/SMS, for example. Just moving around triggers the handset into checking with the nearest cell sites which has the strongest signal.

These days there are literally hundreds of applications which legally make use of cell site location. In theory, the person who owns the handset has to give his or her permission for the location to be given out. However, Techeye would guess that it wouldn’t be too difficult to bribe some-one with knowledge of how these systems work to add in the celebrity’s mobile phone number and therefore discover where the handset is roughly located.

For example, if the handset was being used in Esher in Surrey, you could guess the celebrity is at home; drinking in the local pub or eating in his or her favourite restaurant. Of course, these days the latest smartphones are equipped with a GPS/satellite receiver. We have no idea if it is actually possible but in theory it might be feasible to send a command to the victim’s handset and get it to turn the GPS on. In which case you’d know exactly where the handset is located.

So the moral of the story is … come up with a memorable four digit password and change your voicemail right now. And if you don’t want the tabloids to know where you are … turn it off. Maybe even take the battery out just in case.