The techniques at the heart of the current UK phone hack scandal are extremely basic, despite the use of the term 'hacking' conjuring up all sorts of evil geniuses.
Breaking into supposedly secure GSM networks is now, as one researcher recently showed , certainly possible.
But what's at the centre of it is gleaning information from voicemail messages accessed without authority, much of which occurred in the first half of the last decade.
At the centre of the scandal, Private Investigator Glen Mulcaire was no IT expert, rather proficient in a few tricks and some social engineering: one of his tricks was getting into voicemail accounts without the owners' permission.
News that makes sense
Your trusted source for staying up-to-date with the world around you. Get free daily news updates and analysis, straight to your inbox.
In the UK, it's possible to access your voicemail from any phone by calling a set number, which may be based on the mobile number in question, or may be generic to the network.
Once through, you need to put a PIN in. But as the Guardian reports, only a minority of the 'hacking' victims approached by police bothered to change their PIN from the default given by their manufacturer.
The New Scientist reports that some telcos have since changed their practices to force customers' to change from the default PIN, but the magazine also details some of the social-engineering techniques investigators can deploy when faced with a PIN they don't know.
These can be as basic as saying you're forgotten the PIN, forgetting your password and password prompter, but having the first line of an address and date of birth to hand. Not hard work for either an investigative journalist or a private investigator.
In his book Flat Earth News, journalist Nick Davies outlines many of the ways in which hired PIs and the journalists they worked for were able to con call centre staff into thinking the person they were speaking to was the owner of the voicemail account, with surprising ease.
But when phone hacking didn't suffice for the scoop, he alledges that cash payments often would. He shows that newspapers and their staff are not only guilty of phone hacking, but of a whole range of illegal news gathering activities from bribing civil servants to going through mounds of a target's rubbish.
WHAT YOU CAN DO
The Australian Mobile Telecommunications Association advises Australian users that the jumber one lesson is changing the PIN number
"Do not leave PINs on the factory default settings because it leaves yourhandset vulnerable as has been graphically shown in the UK events", spokesman Randal Markey said.
Since the information breaches occured in the UK, however, times have changed. These days, smartphones contain a whole host of our personal information.
"Mobiles have security features to help protect them and prevent misuse. Set a Personal Identification Number (PIN), which must be entered beforeanyone can use it", Markey said.
"Smartphones can contain confidential and personal data and you should use PIN code security for the handset and SIM card."
Do not leave PINs on the factory default settings because it leaves your handset vulnerable as has been graphically shown in the UK events.
Vodafone customers, who can access their messages from overseas, are advised to set a unique PIN code using a combination of numbers and avoid repeating digits.
Vodafone also advised customers to avoid using milestones, such as birthdays or anniversaries, in their PIN codes, and to use different PIN codes for all accounts.
The company reiterated that PIN codes must never be shared with anyone.
A statement from Optus in response to the issue read:
"Customers who wish to reset their voicemail passwords need to accurately and sufficiently identify themselves to an Optus customer service representative before being able to reset their voicemail PIN".
"Should a customer service representative doubt the validity of a customer's identify, that customer may be required to visit an Optus retail outlet and present physical forms of identification".
"Optus takes the privacy of our customers very seriously. Any customers who believe they have had their account details compromised should contact Optus customer service immediately".
For more advice head to the ACMA website.
