Hacking into mobile phone voicemail systems

The big story in the British press today revolves around accusations that newspapers have been repeatedly hacking into the mobile phones of public figures in their hunt for stories.

The Guardian newspaper claims that Rupert Murdoch’s news empire has paid out more than a £1 million to settle law suits that threatened to reveal evidence of dodgy dealings by journalists.

The allegation is that journalists working for papers such as the News of the World have employed private investigators to hack into the voicemail systems of the rich and famous. Actress Gwyneth Paltrow, former deputy Prime Minister John Prescott, London Mayor Boris Johnson, pop star George Michael, and smouldering celebrity chef and domestic goddess Nigella Lawson, are just a handful of the well-known names said to have been targeted.

How did they do this? Well, my guess is that the intended victim’s mobile phone company is contacted, and the PIN which protects their voicemail is reset back to default (Some users may not have changed their passwords in the first place, making it potentially easier for hackers to gain access).

Sign up to our free newsletter.
Security news, advice, and tips.

This wouldn’t be the only way, of course. You could also bribe someone who works at the cellphone company (maybe in the call centre) to share information with you from their databases. But my guess is that they got in by resetting the person in the public eye’s voicemail PIN code.

Once you have the voicemail PIN of your target, you call their mobile phone and enter their voicemail system by entering the PIN. Once you’re in, you can trawl through their voicemail messages hoping to fish something plump and juicy out – which can then be turned into a tabloid news story.

The story that journalists have been breaking into mobile phone voicemail systems isn’t actually news – or shouldn’t be. In 2007, Clive Goodman, the News of the World’s royal editor and private investigator Glenn Mulcaire, were jailed after they were found guilty of accessing voicemail systems connected to (amongst others) the Prince of Wales’s household, publicist Max Clifford, and supermodel Elle Macpherson.

What is news is that it now appears that the phone hacking was much more widespread than previously thought, and involved more journalists. It wasn’t just celebrities and royalty who were on the hackers’ hitlists, but also senior government ministers.

The Metropolitan police is now said to be investigating the phone-hacking claims.

There will undoubtedly be calls for a higher standard of ethics amongst journalists, but maybe this is also time for the mobile phone operators to take a look at their own systems – and ask themselves if they are doing enough to prevent these kind of security breaches happening again in future.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.