Tabloid phone-hacking scandal: Could it happen here?

Answers to your questions about the news.
July 7 2011 6:09 PM

Tabloid Phone-Hacking Scandal

Could it happen here?

How easy is it to hack a cell phone? Click image to expand.
How easy is it to hack a cell phone?

Rupert Murdoch's son James announced Thursday that News of the World, Britain's  top-selling Sunday newspaper, will close as a result of an ongoing phone-hacking scandal. As the Guardian revealed Monday, the paper's reporters  illegitimately accessed and deleted messages  from a missing girl's voice mail in 2002, one of an  estimated 4,000 targets. Could phone-hacking happen here, too?

Yes, though perhaps not quite so easily. "Hacking" is a bit of a misnomer, given how low-tech the infiltrators' methods were: It seems they broke into victims' voice mail inboxes  using the carrier's default passcode, such as 1111, taking advantage of the fact that many customers hadn't opted to change it. To do so all they needed to know was the victim's phone number, which if not handy could be obtained by bribing or deceiving customer support representatives. But after phone-hacking incidents surfaced, most if not all U.K. carriers stopped allowing new users to retain default passcodes. And while American wireless carriers are reluctant to talk about specific security protocols, they generally require customers to change their voice mail passcodes from the default immediately or within 30 days of activating the service.


That's not to say we're invulnerable—far from it. At least one of the four largest U.S. wireless carriers, Sprint, says it gives users the option (paired with a stern warning) to skip their password when accessing voice mail from their own phones, a setting that's potentially vulnerable to caller-ID spoofing. (The others—Verizon, AT&T, and T-Mobile USA—declined to comment or did not respond to the Explainer's inquiries.) In fact, Paris Hilton was accused in 2006 of doing precisely that to Lindsay Lohan.

Of course, it's also possible for a wily and unethical reporter to guess a non-default passcode. Because they are restricted to the 10 digits on a phone and typically limited to a certain length, voice mail passcodes are generally easier to crack than website passwords, which may contain letters, numbers, and symbols. Customers tend to choose similar passcodes, and crooks might be able to guess a numerical sequence from the victim's birth date or home address. After a certain number of incorrect guesses, most voice mail systems will hang up or redirect the caller to customer service. It's unclear, however, just how many incorrect guesses these systems tolerate before freezing an account. The Explainer tried 12 incorrect codes on his Verizon voice mail over the span of four calls to no detriment before giving up.

Can you tell if your voice mail has been hacked? Unlikely. Voice mail systems typically allow an infiltrator to re-mark a message as new or delete it without you even knowing. There are, however, potential solutions to the hacking issue. Wireless carriers could, with little technological effort, send you a text message each time someone accesses your voice mail remotely. Or they could use fraud-detection software similar to the systems credit card companies use to stop illegitimate purchases.

Got a question about today's news?  Ask the Explainer.

Explainer thanks Graham Cluley of Sophos, Jason Gertzen of Sprint, David Rogers of, and John Walls of CTIA-The Wireless Association.



The Self-Made Man

The story of America’s most pliable, pernicious, irrepressible myth.

Michigan’s Tradition of Football “Toughness” Needs to Go—Starting With Coach Hoke

Does Your Child Have “Sluggish Cognitive Tempo”? Or Is That Just a Disorder Made Up to Scare You?

The First Case of Ebola in America Has Been Diagnosed in Dallas

Why Indians in America Are Mad for India’s New Prime Minister

Damned Spot

Now Stare. Don’t Stop.

The perfect political wife’s loving gaze in campaign ads.

Building a Better Workplace

You Deserve a Pre-cation

The smartest job perk you’ve never heard of.

Don’t Panic! The U.S. Already Stops Ebola and Similar Diseases From Spreading. Here’s How.

Parents, Get Your Teenage Daughters the IUD

The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  News & Politics
Sept. 30 2014 6:59 PM The Democrats’ War at Home Can the president’s party defend itself from the president’s foreign policy blunders?
Sept. 30 2014 7:02 PM At Long Last, eBay Sets PayPal Free
Sept. 30 2014 7:35 PM Who Owns Scrabble’s Word List? Hasbro says the list of playable words belongs to the company. Players beg to differ.
  Double X
The XX Factor
Sept. 30 2014 12:34 PM Parents, Get Your Teenage Daughters the IUD
  Slate Plus
Behind the Scenes
Sept. 30 2014 3:21 PM Meet Jordan Weissmann Five questions with Slate’s senior business and economics correspondent.
Brow Beat
Sept. 30 2014 4:45 PM Steven Soderbergh Is Doing Some Next-Level Work on The Knick
Future Tense
Sept. 30 2014 7:00 PM There’s Going to Be a Live-Action Tetris Movie for Some Reason
  Health & Science
Medical Examiner
Sept. 30 2014 6:44 PM Ebola Was Already Here How the United States contains deadly hemorrhagic fevers.
Sports Nut
Sept. 30 2014 5:54 PM Goodbye, Tough Guy It’s time for Michigan to fire its toughness-obsessed coach, Brady Hoke.