David Rogers is a friend and a very clued on security person. He has an excellent, long blog on the voicemail hacking saga. David will be contributing regularly to the OpenGardens blog soon
Voicemail hacking and the ‘phone hacking’ scandal – how it worked, questions to be asked and improvements to be made
In brief, there are three main mechanisms for illicitly accessing voicemail: firstly social engineering the call centre to reset or change the PIN for you as precursor to one of the following 1) call the remote voicemail number and access it using the default (or acquired PIN), 2) ringing the actual phone, going into the voicemail menu by pressing the * key or 3) using an advanced mechanism to fool the phone into opening up the voicemail. There are some loopholes still existing and as technology evolves new ones will emerge.
This is not ‘phone hacking’. It is illicit or illegal access to voicemail.
The mobile operators are coming under some pressure from the Home Affairs Select Committee, led by Keith Vaz. Both the Police and network operators will have responsibilities in terms of their actions over the affair, although the operators took the Police lead on what to do. It is unlikely that the full list of victims will ever emerge as the data has likely been deleted after all this time.
More at ..