It's a bit of a misnomer, actually. Hacking implies that a company’s computer systems are breached, often when someone exploits a security problem in a system, as with Apple’s PDF iOS security flaw.
But in the case of phone hacking, the perpetrators intercept messages by breaking into a particular voice-mail account.
Phone hacking, then, is not so much hacking as it is lying.
According to Hemanshu Nigam, a security expert at SPP Blue, one way to hack phone messages is by impersonating users and claiming to have forgotten or lost their passcodes.
Mobile providers can deter this by having their customer service departments ask tougher security questions, said Nigam, whose company trains companies and service representatives how to protect consumer data.
“It’s a message to phone companies and the like who have to increase security training and awareness for call center employees to ask more critical questions,” he said. To better screen out impersonators, Nigam suggested more complicated questions such as the names of streets where the caller has lived in the last five years.
For many American companies, when customers can call to reset their passcode, the company then sends a new code to a user’s handset. That’s a good practice that should be more common, Nigam said, because it requires hackers to not only have information on a user, but also to have the physical phone.
Even with good security, however, it’s hard to predict and prevent targeted attacks. And as technology advances, companies and governments are going to run into more problems over how to deal with digital attacks, said Glenn Manishin, a technology lawyer at Washington law firm Duane Morris .
In this case, News of the World has said that its actions were improper and, by implication, illegal, Manishin said. He said that in the United States, hacked users could probably sue any third party who had accessed their voicemails without permission.
“Even if statutes don’t apply, it’s self-evident that a subscriber...owns their voicemail,” Manishin said, “and if someone has obtained that without permission, they’ve taken something that doesn’t belong to them.”
But in the case of social media -- direct Twitter messages, Facebook messages or other online exchanges -- the law is a little fuzzier, he said. Laws such as the Electronic Communciations Privacy Act address “electronic mail,” but it’s not clear if other online messages fall under that category.
“The laws lag behind the technology,” said Manishin. “The status of a whole bunch of emerging technologies, including social media and voicemail, is unclear.”