How phone hacking works
As Rupert Murdoch’s News Corp. prepares to shut down News of the World, the public is coming to grips with what, for many, is a new term: phone hacking.world Updated: Jul 08, 2011 23:38 IST
As Rupert Murdoch’s News Corp. prepares to shut down News of the World, the public is coming to grips with what, for many, is a new term: phone hacking.
It’s a bit of a misnomer: Hacking implies that a company’s computer systems are breached, often when someone exploits a security problem in a system, as with Apple’s security flaw in its PDF iOS. But in the case of phone hacking, the perpetrators intercept messages by breaking into a particular voice-mail account. Phone hacking, then, is not so much hacking as it is lying.
According to Hemanshu Nigam, a security expert at SPP Blue, one way to hack phone messages is by impersonating users and claiming to have forgotten or lost their passcodes.
Mobile providers can deter this by having their customer service departments ask tougher security questions, said Nigam, whose company trains firms and service representatives how to protect consumer data.
“It’s a message to phone companies and the like who have to increase security training and awareness for call center employees to ask more critical questions,” he said. To better screen out impersonators, Nigam suggested more complicated questions such as the names of streets where the caller has lived in the last five years.
At many U.S. companies, when a customer calls to reset their passcode, the new code is sent to a user’s handset. That’s a good practice, Nigam said, because it requires hackers to have not only information on a user but also the physical phone.
Even with good security, however, it’s hard to predict and prevent targeted attacks. And as technology advances, companies and governments are going to run into more problems over how to deal with digital attacks, said Glenn Manishin, a technology lawyer at Washington law firm Duane Morris.
( In exclusive partnership with The Washington Post. For more, log on to www.washingtonpost.com )