How are mobile phones hacked?
Updated on 09 July 2009
Phone networks spend millions on mobile security, but methods still exist for extracting data.
Mike Hawkes, director of mobile security at the Mobile Data Association, outlines the techniques used to intercept mobile phones calls and messages:
"There are several ways of getting into phones – running from quite simple stuff through to much more technical methods.
"One of main methods used is via software called FlexiSpy. It sits on your handset without you really knowing it’s there. What it does is transfer recordings of messages and voicemails to a separate website where someone can pick them up.
"This software can be downloaded to the phone via WiFi or Bluetooth – but you have to have physical access to the phone that is being targeted to agree to download it. But it very discreet, you would not know it is on there once it’s downloaded.
"Some networks have banned it, although it is marketed as a technique for parents to keep track of their children’s calls so it’s debatable whether it should be banned.
"Another more advanced technique is one used by people such as Blackhat.com; this involves getting into the network chain. Just like Channel 4 is broadcast through the air, so is mobile phone data.
"Blackhat.com works by decrypting this data. It claims to be able to decrypt this information – messages and phone calls – within about five minutes.
"Unlike FlexiSpy, this does not require initial physical access to the phone, it can be picked up within a certain radio range of the targeted phone.
"For example, you could be outside a famous person’s house. But this is very specialised kit, not everyone could do it.
"Cloning of handsets is another method. So when the real handset is off the cloned phone picks up the messages and calls by default.
"The cloning of a phone, again, requires specialised kit. You use the kit to take an image of the phone, get the phone re-chipped – and then put that on the chips. You do the same with the SIM card. It is not easy but it can be done.
"Accessing voicemails is another method – and one that the News of the World reporters seem to have been using.
"That just involves calling the phone's number from another phone – and going to voicemail. Very often the default pin-code will just allow access, or you can request for it to return to default setting.
"Many people don’t know about these codes because they call voicemail from the actual handset, so the phone recognises that and doesn’t ask for a security code.
"Of course, one technique is good old-fashioned bribery – someone that works within the network.
"I’m not aware of anyone doing this in the UK, but there have been some reported cases in Greece, I think. The police can request such information, so it can just be a case of finding someone within the network to pass on the same data to you."
