Ask the Expert

The British tabloid phone-hacking scandal has led to a tabloid shutdown, high-profile arrests and endless intrigue. It also raises important questions about mobile phone security. Phone hacking, or voicemail spying, can happen to anyone. To protect your data, follow these security practices from Ondrej Krehel, CyberScout chief information security officer.

Thursday, August 11, 2011
Q: I’ve been reading a lot about phone hacking. What is it, and how can I protect my mobile phone?

A:  Phone hacking conjures up images of sophisticated high-tech espionage, and it is. The British scandal, however, involves what is more accurately described as voicemail spying, which really isn’t as complicated or as sinister as it sounds. Voicemail spying simply entails breaking into someone else's voicemail.

It’s easier to do than you’d think. Many cell phone providers don’t require a PIN to access voicemail, and few people bother to add one. Although users are given a default PIN, many of them don't change it. Either way, it's an invitation to thieves who know how to "spoof" a phone number, that is, to appear to call from a victim’s personal phone so that a PIN isn’t required to gain access to voicemail.

Fortunately, it’s not hard to protect your mobile device. Follow these 10 tips:
  1. Password-protect your mobile device and voicemail with a PIN.
  2. Memorize your PIN. Don't record it on anything you carry with you. Change your PIN periodically.
  3. Use “strong” PINs that are hard to guess. These will have upper- and lowercase letters, numbers, and at least one symbol. For example, "3Dog$" is better than "1006." You may be limited in PIN selection by the type of phone that you use but do the best you can to create a strong PIN.
  4. Never use a PIN (or password) with the last four digits of your Social Security number, your date of birth, your middle name or anything else that's easily guessed or subject to ready access via other sources.
  5. Encrypt smartphones used for sensitive business communications, activate a time-out password and install an updated antimalware program and on-device personal firewall.
  6. Don't open unfamiliar attachments, emails or text messages from unknown sources. They’re likely to be harmful.
  7. Be judicious about the type of applications that you download. Many apps come with spyware or other malicious software. Consider using a more secure computer for sensitive tasks such as online banking.
  8. Delete voice and text messages with financial or personal information.
  9. Data-wipe mobile devices. Use programs to destroy a device's data if the password is entered incorrectly a certain number of times—say 10. Take advantage of software that locks the phone or erases the data remotely if the phone is lost or stolen.
  10. Before throwing away or recycling a mobile device, delete the information on it. The website provides a deletion guide for most cell phones.

Ondrej Krehel, Chief Information Security Officer, CyberScout
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.

© CyberScout, LLC. All Rights Reserved.
If you need identity theft assistance, call your provider organization to be put in touch with the CyberScout Resolution Center. More information for individual consumers.