Movatterモバイル変換

[0]ホーム
URL:

Jump to content
WikipediaThe Free Encyclopedia
Search

Phone hacking

Page semi-protected
From Wikipedia, the free encyclopedia

Surveillance or computer investigation
This article is about the use of telephone technology to steal information. For the manipulation of telephone call routing, seePhreaking.

Phone hacking is the practice ofexploring amobile device, often usingcomputer exploits to analyze everything from the lowestmemory andCPU levels up to the highestfile system andprocess levels. Modernopen source tooling has become fairly sophisticated to be able to "hook" into individual functions within any runningapp on an unlocked device and allow deep inspection and modification of its functions.

Phone hacking is a large branch ofcomputer security that includes studying various situations exactly how attackers usesecurity exploits to gain some level of access to amobile device in a variety of situations and presumed access levels.

The term came to prominence during theNews International phone hacking scandal, in which it was alleged (and in some cases proved in court) that the British tabloid newspaper theNews of the World had been involved in the interception of voicemail messages of theBritish royal family, other public figures, and murdered schoolgirlMilly Dowler.[1]

Victims of phone hacking

Although mobile phone users may be targeted, "for those who are famous, rich or powerful or whose prize is important enough (for whatever reason) to devote time and resources to make a concerted attack, it is usually more common, there are real risks to face."[2]

Techniques

Voicemail hacking

Motorola L7 mobile phone
Phone hacking often involves unauthorized access to thevoicemail of amobile phone

The unauthorized remote access tovoicemail systems, such as exposed by theNews International phone hacking scandal, is possible because of weaknesses in the implementations of these systems bytelephone companies.[3]

Mobile phone voicemail messages may be accessed on alandline telephone with the entry of apersonal identification number (PIN).[4] Reporters for News International would call the number of an individual's mobile phone, wait to be moved to voicemail, and then guess the PIN, which was often set at a simple default such as 0000 or 1234.[5]

Even where the default PIN is not known,social engineering can be used to reset the voicemail PIN code to the default by impersonating the owner of the phone with a call to acall centre.[6][7] During the mid-2000s, calls originating from the handset registered to a voicemail account would be put straight through to voicemail without the need of a PIN. A hacker could usecaller ID spoofing to impersonate a target's handset caller ID and thereby gain access to the associated voicemail without a PIN.[8][9][10]

Following controversies over phone hacking and criticism of mobile service providers who allowed access to voicemail without a PIN, many mobile phone companies have strengthened the default security of their systems so that remote access to voicemail messages and other phone settings can no longer be achieved even via a default PIN.[4] For example,AT&T announced in August 2011 that all new wireless subscribers would be required to enter a PIN when checking their voicemail, even when checking it from their phones.[11] To encouragepassword strength, some companies now disallow the use of consecutive or repeat digits in voicemail PINs.[12]

Handsets

An analysis of user-selected PIN codes suggested that ten numbers represent 15% of alliPhone passcodes, with "1234" and "0000" being the most common, with years of birth and graduation also being common choices.[13] Even if a four-digit PIN is randomly selected, thekey space is very small (104{\displaystyle 10^{4}} or 10,000 possibilities), making PINs significantly easier tobrute force than most passwords; someone with physical access to a handset secured with a PIN can therefore feasibly determine the PIN in a short time.[14]

Mobile phone microphones can be activated remotely by security agencies or telephone companies without physical access as long as the battery has not been removed.[15][16][17][18][19][20] This "roving bug" feature has been used by law enforcement agencies and intelligence services to listen in on nearby conversations.[21]

Other techniques for phone hacking include tricking a mobile phone user into downloadingmalware that monitors activity on the phone.Bluesnarfing is an unauthorized access to a phone viaBluetooth.[7][22]

Other

There are flaws in the implementation of theGSM encryption algorithm that allow passive interception.[23] The equipment needed is available to government agencies or can be built from freely available parts.[24]

In December 2011, German researcher Karsten Nohl revealed that it was possible to hack into mobile phone voice and text messages on many networks with free decryption software available on the Internet. He blamed the mobile phone companies for relying on outdated encryption techniques in the2G system, and said that the problem could be fixed very easily.[25]

Legality

Phone hacking, being a form ofsurveillance, is illegal in many countries unless it is carried out aslawful interception by a government agency. In theNews International phone hacking scandal, private investigatorGlenn Mulcaire was found to have violated theRegulation of Investigatory Powers Act 2000. He was sentenced to six months in prison in January 2007.[26] Renewed controversy over the phone-hacking claims led to the closure of theNews of the World in July 2011.[27]

In December 2010, theTruth in Caller ID Act was signed intoUnited States law, making it illegal "to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value."[28][29]

See also

References

  1. ^Davies, Nick; Hill, Amelia (4 July 2011)."Missing Milly Dowler's voicemail was hacked by News of the World".The Guardian. Retrieved13 July 2011.
  2. ^Wolfe, Henry B (December 2018)."Secure Mobile From Hackers".mdigitalera.com. Vol. 1, no. 2. p. 3. Archived fromthe original on 2019-04-02. Retrieved2018-12-12.
  3. ^Rogers, David (7 July 2011)."Voicemail Hacking and the 'Phone Hacking' Scandal - How it Worked, Questions to be Asked and Improvements to be Made". Copper Horse Solutions. Retrieved25 Jul 2012.
  4. ^ab"Who, What, Why: Can Phone Hackers Still Access Messages?".BBC News. 6 July 2011.
  5. ^Waterson, Jim (2021-07-10)."News of the World: 10 years since phone-hacking scandal brought down tabloid".The Guardian.ISSN 0261-3077. Retrieved2023-05-08.
  6. ^Voicemail hacking: How Easy Is It?,New Scientist, 6 July 2011
  7. ^abMilian, Mark (8 July 2011)."Phone Hacking Can Extend Beyond Voice Mail".CNN. Retrieved9 July 2011.
  8. ^Robert McMillan (25 August 2006)."Paris Hilton accused of voice-mail hacking".InfoWorld. Retrieved14 June 2015.
  9. ^Cell Phone Voicemail Easily Hacked,NBC News, 28 February 2005
  10. ^Kevin Mitnick Shows How Easy It Is to Hack a Phone, interview withKevin Mitnick,CNET, 7 July 2011
  11. ^Soghoian, Christopher (9 August 2011)."Not an option: time for companies to embrace security by default".Ars Technica. Retrieved25 July 2012.
  12. ^Grubb, Ben (8 July 2011)."Vulnerable voicemail: telco-issued PINs insecure".The Sydney Morning Herald. Retrieved9 July 2011.
  13. ^Rooney, Ben (15 June 2011)."Once Again, 1234 Is Not A Good Password".The Wall Street Journal. Retrieved8 July 2011.
  14. ^Greenberg, Andy (27 Mar 2012)."Here's How Law Enforcement Cracks Your iPhone's Security Code".Forbes.com. Retrieved25 Jul 2012.
  15. ^Schneier, Bruce (December 5, 2006)."Remotely Eavesdropping on Cell Phone Microphones".Schneier On Security. Retrieved13 December 2009.
  16. ^McCullagh, Declan; Anne Broache (December 1, 2006)."FBI taps cell phone mic as eavesdropping tool".CNet News. Archived fromthe original on November 10, 2013. Retrieved2009-03-14.
  17. ^Odell, Mark (August 1, 2005)."Use of mobile helped police keep tabs on suspect".Financial Times. Retrieved2009-03-14.
  18. ^"Telephones".Western Regional Security Office (NOAA official site). 2001. Retrieved2009-03-22.
  19. ^"Can You Hear Me Now?".ABC News: The Blotter. Archived fromthe original on 25 August 2011. Retrieved13 December 2009.
  20. ^Lewis Page (2007-06-26)."Cell hack geek stalks pretty blonde shocker". The Register. Archived fromthe original on 2013-11-03. Retrieved2010-05-01.
  21. ^Brian Wheeler (2004-03-02)."This goes no further..." BBC News Online Magazine. Retrieved2008-06-23.
  22. ^How easy is it to hack a mobile?,BBC News, 7 September 2010
  23. ^Jansen, Wayne; Scarfone, Karen (October 2008)."Guidelines on Cell Phone and PDA Security"(PDF).National Institute of Standards and Technology.doi:10.6028/NIST.SP.800-124. Retrieved25 Jul 2012.{{cite journal}}:Cite journal requires|journal= (help)
  24. ^McMillan, Robert."Hackers Show It's Easy to Snoop on a GSM Call".IDG News Service. Archived fromthe original on 2012-01-20. Retrieved2011-07-24.
  25. ^O'Brien, Kevin J. (25 December 2011)."Lax Security Exposes Voice Mail to Hacking, Study Says".The New York Times. Retrieved28 December 2011.
  26. ^"Pair jailed over royal phone taps ",BBC News, 26 January 2007
  27. ^News of the World to close amid hacking scandal,BBC News, 7 July 2011
  28. ^Truth in Caller ID Act of 2010, December 22, 2010, accessed 7 July 2017
  29. ^[1]Archived 2017-10-17 at theWayback Machine, 29 September 2017

External links

Events
Companies and
organisations
News Corporation
Other
People
Known victims
Metropolitan Police
News Corporation
Other
Investigations
and legal cases
In popular culture
Related topics
Retrieved from "https://en.wikipedia.org/w/index.php?title=Phone_hacking&oldid=1280996897"
Categories:
Hidden categories:
[8]ページ先頭
©2009-2025 Movatter.jp