Sign up to our newsletter
The latest security news direct to your inbox
The former Royal Editor of the now-defunct News of the World tabloid newspaper has admitted that he hacked into Kate Middleton’s mobile phone voicemail a staggering 155 times in order to snoop upon private messages.
And Clive Goodman didn’t stop there. He has also told a court in London that aside from intercepting the future Duchess of Cambridge’s private messages, he also hacked Prince William on 35 occasions and Prince Harry nine times.
It can’t have been a barrel of laughs and festive fun at Goodman’s house over Christmas 2005, as the News of the World‘s Royal Editor first accessed Kate Middleton’s voicemail on 21st December, and then continued to do so on Christmas Eve, Christmas Day and Boxing Day in his search for tabloid stories.
The first hack by Goodman against Prince William’s voicemail, meanwhile, took place at the end of January 2006.
Presumably driven by the tabloid’s thirst for news about Prince William’s then girlfriend, Goodman continued to regularly hack Miss Middleton’s mobile phone voicemail until the day before his arrest in August 2006.
Unlawful access to voicemail messages was made possible by many mobile phones using well-known default PINs as their solitary defence.
Chances are that you don’t even realise that your mobile phone voicemail has a PIN, because most mobile phone networks recognise that it is your phone ringing the voicemail service, and therefore skirts around the request for a PIN to make life more convenient for you.
However, many phone operators provide a number that you can ring to access your voicemail remotely. If your voicemail was protected by an easy-to-determine default PIN, or if operators could be tricked into resetting a PIN, then the voicemail messages could be unlocked.
Thankfully, default PINs for mobile phone voicemail systems are no longer used in the United Kingdom, making life that little more difficult for journeys hungry for a celebrity scoop.
But that doesn’t mean the problem has completely disappeared.
Another way of breaking into a mobile phone’s voicemail system might be to fake the phone number you are ringing from, tricking the voicemail system into believing it was the genuine handset collecting the messages.
As recently as last month, a journalist with The Register showed that at least two UK mobile networks remained vulnerable to having their customers’ voicemail inboxes hacked, without the attacker needing to guess a PIN.
For the highest level of security, set your voicemail up to always ask for PIN whenever you access it. Yes, it’s a pain – but it’s only four digits worth of nuisance for a greater level of privacy.
Clive Goodman, of course, was jailed in 2007 on charges of hacking royal aides. But up until now he has never claimed that the snooping was also being conducted against the Duchess of Cambridge and the royal princes.
When Goodman was asked why he had not previously told police or prosecutors about the true extent of the hacks, he said that he was simply never asked about it:
“I’ve never been asked before. The Metropolitan police, Crown Prosecution Service did not ask me these questions in 2006 and 2007. I’ve never been asked by any inquiry any time about this”
Which makes me think, maybe someone should now ask him about other Royals, and individuals romantically associated with the Royal Family.
Chelsy? Cressida? Are you confident your mobile phones’ voicemail systems are properly secured?
Author Graham Cluley, We Live Security