Phone hacking is the practice of manipulating or gaining unauthorized access to mobile phones - such as by intercepting telephone calls or accessing voicemail messages. When the unauthorized access is to the phone user's conversation, it is more commonly referred to as phone tapping.
The term came to prominence during the News International phone hacking scandal, in which it was alleged (and in some cases proved in court) that the British tabloid newspaper the News of the World had been involved in the interception of voicemail messages of the British Royal Family, other public figures, and a murdered schoolgirl Milly Dowler.
Although many mobile phone users may be targeted, "for those who are famous, rich or powerful or whose prize is important enough (for whatever reason) to devote time and resources to make a concerted attack, it is usually more common, there are real risks to face."
The unauthorised remote access to voicemail systems, such as exposed by the News International phone hacking scandal, is possible because of weaknesses in the implementations of these systems by telcos.
A weakness of some PABX systems lies in the distant voicemail feature, which is accessed by entering a password when the initial greeting is being played. A hacker can call a direct dial number with voicemail, and then try to use the default password or guess it, or then select the "call back" function, and enter a premium rate number for the call back. The PABX calls back the premium rate line, confirming the password for the hacker. To stop this form of hacking, it is important to turn off the call back feature on the PABX, or to use a strong password.
Mobile phone companies usually allow access to associated voicemail messages using a landline telephone. This requires the entry of a Personal Identification Number (PIN). Many mobile phone companies use a system that sets a well-known four digit default PIN that is rarely changed by the phone's owner, making it easy for a hacker who knows both the phone number and the service provider to access the voicemail messages associated with that service. Even where the default PIN is not known, social engineering can be used to reset the voicemail PIN code to the default, by impersonating the owner of the phone with a call to a call centre. Many people also use weak PINs that are easily guessable; to prevent subscribers from choosing PINs with weak password strength, some mobile phone companies now disallow the use of consecutive or repeat digits in voicemail PIN codes.