Fact-checked by Grok 2 weeks ago

Phone hacking

Phone hacking is the unauthorized interception and retrieval of voicemail messages from mobile phones, typically achieved by dialing the target's voicemail access number and exploiting default or easily guessed personal identification numbers (PINs) to listen to unheard messages before the legitimate owner does.^[1] This technique, which violates privacy laws such as the UK's Regulation of Investigatory Powers Act 2000 prohibiting unlawful interception of communications, was systematically used by journalists and private investigators to obtain exclusive information on celebrities, politicians, and ordinary individuals for sensational stories.^[2] The practice achieved widespread notoriety through the News International phone-hacking scandal, centered on Rupert Murdoch's News of the World tabloid, where reporters and hired investigators intercepted thousands of voicemails from the early 2000s until at least 2006.^[3] Initial exposure occurred in 2006 when royal editor Clive Goodman and investigator Glenn Mulcaire were arrested and convicted in 2007 for hacking voicemails of royal household staff, including those of Prince William, revealing a pattern of industrial-scale intrusions justified internally as competitive necessities in a cutthroat media environment.^[4] Despite corporate denials that the activities were isolated, further investigations uncovered evidence of hacking extending to high-profile victims such as actors Hugh Grant and Jude Law, politicians, and even families of deceased soldiers and crime victims, including the voicemail of 13-year-old murder victim Milly Dowler in 2002, whose messages were deleted to free up space, falsely suggesting activity and prolonging parental anguish.^[2]^[3] The 2011 escalation, triggered by Guardian reporting on the Dowler case, led to the abrupt closure of the 168-year-old News of the World after its final edition, massive civil settlements exceeding £1 billion across affected publishers, criminal convictions including those of former editors for related offenses like perjury, and the Leveson Inquiry into media ethics and police-media relations, which exposed instances of corrupt payments to officers for tip-offs.^[4]^[5] Subsequent lawsuits, such as Prince Harry's successful 2023 claim against Mirror Group Newspapers for hacking and unlawful information gathering in dozens of articles, affirmed judicial findings of "widespread" and "habitual" practices at multiple outlets, resulting in damages awards and underscoring long-term institutional failures in oversight despite repeated warnings.^[6]^[7] These events highlighted causal links between aggressive journalistic incentives, lax technological safeguards in early mobile networks, and inadequate enforcement, eroding public trust in tabloid media and prompting reforms in voicemail security protocols by carriers.^[8]

Definition and Scope

Core Definition and Mechanisms

Phone hacking refers to the unauthorized access and interception of mobile phone communications, primarily voicemail messages, texts, and call data, without the knowledge or consent of the device owner. This practice exploits vulnerabilities in telecommunications infrastructure or user authentication to retrieve stored or transmitted information. In prominent cases, such as those involving British tabloids in the 2000s, hackers targeted voicemail systems to uncover personal details for journalistic purposes.^[9]^[10] The core mechanism centers on breaching voicemail access controls, where mobile operators often employ the subscriber's phone number as the primary identifier combined with a weak personal identification number (PIN). Many systems retain factory-default PINs like 0000 or 1234, which attackers systematically test by dialing the carrier's voicemail retrieval line, either remotely or by simulating the victim's device. Social engineering tactics, such as impersonating the target to carrier support for PIN resets, further enable entry without technical exploits.^[11]^[12]^[10] Once accessed, intercepted voicemails reveal not only spoken content but also metadata, such as call logs indicating unretrieved messages, allowing hackers to infer ongoing events. Remote access features exacerbate risks, as some carriers waive PIN requirements when calls originate from the registered phone, enabling interception via SIM cloning or device compromise. These methods rely on the causal chain of inadequate default security and user oversight, rather than sophisticated malware, distinguishing early phone hacking from broader device intrusions.^[13]^[12] Phone hacking specifically targets the interception or unauthorized access to voice calls, SMS messages, or stored voicemails on mobile devices, often exploiting telecom network vulnerabilities or weak authentication mechanisms without requiring physical access to the target device or user interaction.^[14]^[15] This contrasts with spyware or malware infections, which involve installing malicious software directly on the device to enable broader surveillance, such as keystroke logging, camera activation, or data exfiltration from apps; phone hacking typically operates at the carrier or protocol level, bypassing the endpoint device entirely.^[16]^[17] Unlike SIM swapping, which relies on social engineering to convince carriers to reassign a victim's phone number to an attacker's SIM card—effectively hijacking incoming calls and texts through account takeover—phone hacking does not alter service subscriptions or require impersonating the victim to the provider.^[18]^[19] SIM swaps exploit human elements in carrier customer service rather than technical flaws in signaling protocols like SS7, and they enable control over two-factor authentication codes but not retroactive access to prior communications unless combined with other methods.^[20] Phone hacking also differs from phishing attacks, where attackers use deceptive messages or websites to trick users into revealing credentials or installing malware, as it does not depend on victim compliance or error; instead, it leverages inherent weaknesses in mobile network architecture for passive or active intercepts.^[21] In contrast to general mobile surveillance techniques like location tracking via cell tower pings, phone hacking prioritizes content interception (e.g., call audio or message payloads) over metadata alone, though overlaps exist in advanced state-sponsored operations.^[22] While IMSI catchers represent a hardware-based variant of phone hacking by mimicking base stations to force device handovers, they are distinct from software-free voicemail exploits, highlighting phone hacking's spectrum from low-tech PIN guessing to protocol manipulations.^[23]^[24]

Historical Context

Early Analog and Pre-Digital Instances

Wiretapping of analog telephone lines originated in the late 19th century, soon after the invention and commercialization of the telephone in 1876 by Alexander Graham Bell. Early instances involved physical interception of electrical signals carrying voice communications over copper wires, often by law enforcement or private parties seeking evidence in legal disputes. In Connecticut during the 1880s, wiretaps were employed in a high-profile divorce case, prompting the state to enact the first known U.S. ban on the practice in 1889, reflecting early concerns over privacy invasion.^[25] By 1895, the New York Police Department under Mayor William L. Strong had institutionalized wiretapping as a routine investigative tool, targeting criminal activities almost immediately after local telephone service expanded in urban areas. Methods typically required technicians to locate and splice into the target's line, either by scraping insulation to attach parallel wires or bridging at central office switchboards, allowing real-time eavesdropping or rudimentary recording on wax cylinders or wire recorders. Such taps exploited the inherent vulnerability of analog systems, where voice was transmitted as continuously varying electrical currents without encryption, enabling undetected monitoring over distances up to several miles. Unofficial uses proliferated as well, including by criminals; in 1899, operators in London and New Orleans used wiretaps to feed false cotton price information, triggering market panic.^[25] During the Prohibition era (1920–1933), wiretapping surged in scale for combating bootlegging syndicates, with federal agents and local police installing thousands of taps on suspected gangsters' lines, often without warrants. Techniques evolved to include "bridge taps" at exchanges to avoid physical line access, minimizing detection risks, though signal degradation over long runs limited effectiveness. These analog intercepts laid foundational precedents for surveillance, prioritizing evidentiary gains over privacy, as courts frequently admitted tapped evidence despite ethical debates. Concurrently, in the mid-20th century, "phone phreaking" emerged as a non-interceptive but exploitative analog hacking variant, where individuals like Joe Engressia in 1957 discovered that whistling a 2600 Hz tone mimicked supervisory signals to seize control of trunk lines for free long-distance calls or unauthorized conferences. Phreakers built tone generators to emulate switching tones, circumventing billing in electromechanical systems like those of AT&T's Bell network, marking early cultural experimentation with phone system vulnerabilities before digital safeguards.^[26]^[27]

Emergence in the Mobile Era (1990s-2000s)

The proliferation of mobile phones in the 1990s created new opportunities for unauthorized access to communications, as global cellular subscriptions surged from approximately 11 million in 1990 to 738 million by 2000.^[28] Early digital mobile networks, such as GSM introduced in 1991, incorporated voicemail services with basic authentication mechanisms that proved vulnerable to exploitation. These systems often allowed remote retrieval by dialing a carrier-specific access code (e.g., 121 in the UK), using the target's mobile number as the identifier, followed by a PIN that defaults were commonly unchanged or predictable, such as sequential digits like 0000 or 1234.^[29] This simplicity stemmed from design priorities favoring user convenience over security in an era when mobile penetration was low and awareness of privacy risks minimal.^[30] Voicemail hacking techniques relied on social engineering and brute-force guessing rather than sophisticated software, with perpetrators obtaining target phone numbers from public directories, leaks, or surveillance. Once accessed, hackers could listen to unread messages, and a critical exploit involved deleting voicemails to trigger notifications of "new messages" on the victim's device, enabling ongoing monitoring without alerting the owner if their mailbox filled or their phone was switched off.^[31] Carriers like Vodafone and O2 in the UK had implemented these systems by the mid-1990s, but lax enforcement of PIN changes—coupled with operators not always prompting users to update defaults—facilitated widespread abuse.^[10] Unlike analog landline tapping, which required physical intervention, mobile voicemail interception was remote and low-barrier, marking a shift toward scalable, individual-level surveillance.^[32] The practice gained traction among private investigators and journalists seeking competitive edges in the tabloid press, particularly in the UK, where demand for celebrity and political scoops incentivized shortcuts. By the late 1990s, firms like those hired by News International reportedly employed specialists to conduct hacks, though initial incidents remained under the radar due to limited legal scrutiny and victim unawareness.^[30] The first major exposure occurred in 2005, when royal aides' voicemails were intercepted, leading to arrests of News of the World royal editor Clive Goodman and investigator Glenn Mulcaire in 2006 for conspiring to access messages left for Prince William.^[9] Investigations later revealed hacking dated back to at least 2000, with evidence suggesting routine use from the mid-1990s onward, though carriers began tightening access—such as requiring full phone number and PIN entry—only after early 2000s complaints.^[32] This era's lax standards contrasted with emerging awareness of digital vulnerabilities, setting the stage for broader scandals as mobile usage exploded into the 2000s.^[10]

Journalistic Scandals and Peak Visibility (2000s-2010s)

The phone hacking practices employed by journalists at the News of the World, a British tabloid owned by News International, first gained public attention in 2006 when Scotland Yard arrested royal editor Clive Goodman and private investigator Glenn Mulcaire for unlawfully intercepting voicemails on royal aides' mobile phones.^[4] On November 29, 2006, both pleaded guilty to charges under section 1(1) of the Regulation of Investigatory Powers Act 2000 and the Data Protection Act 1998, leading to Goodman's four-month imprisonment and Mulcaire's six-month sentence on January 26, 2007.^[33] News International executives, including editor Andy Coulson who resigned in 2007, maintained that the incidents involved only a single rogue reporter, despite evidence from seized notebooks indicating Mulcaire had targeted over 4,000 potential victims, including celebrities and politicians.^[4] The scandal subsided amid legal settlements and limited media scrutiny until renewed investigations in 2010 uncovered broader patterns of voicemail interception for scoops on public figures.^[34] Peak visibility erupted on July 4, 2011, when The Guardian reported that News of the World journalists had accessed and partially deleted voicemails on the phone of murdered 13-year-old Milly Dowler shortly after her 2002 disappearance, potentially misleading her family and police by creating the illusion she was still alive and checking messages.^[35] Further disclosures revealed hacking of phones belonging to relatives of 7/7 London bombings victims, deceased soldiers, and other tragedy-affected individuals, amplifying ethical outrage over the intrusion into private grief for commercial gain.^[4] This triggered over 5,000 civil claims against News Group Newspapers, resulting in settlements exceeding £100 million by 2012, alongside criminal probes like Operation Weeting that identified thousands of hacking incidents.^[36] The revelations prompted the abrupt closure of the News of the World on July 10, 2011, after 168 years of publication, as owner Rupert Murdoch sought to contain reputational damage amid parliamentary hearings and public protests.^[37] Prime Minister David Cameron established the Leveson Inquiry on November 13, 2011, to examine press ethics and culture in light of the scandal, with hearings exposing how hacking was facilitated by private investigators and tolerated within newsrooms for competitive advantage.^[38] The inquiry's 2012 report criticized systemic failures in self-regulation but stopped short of recommending statutory press controls, influencing subsequent debates on media accountability without evidence of equivalent scandals dominating U.S. journalism during the period, where legal barriers under the Wiretap Act deterred similar voicemail practices.^[39]

Modern Evolution and State Integration (2010s-2025)

Following the high-profile journalistic phone hacking scandals of the early 2010s, such as the 2011 News International case in the UK that led to stricter media regulations and criminal prosecutions, phone hacking evolved toward more advanced, remote digital intrusions emphasizing device compromise over traditional voicemail access. Commercial spyware emerged as a dominant vector, with firms like Israel's NSO Group developing tools such as Pegasus, first deployed around 2011 for targeted surveillance by licensing to government clients ostensibly for counter-terrorism and crime-fighting.^[40] These tools enabled zero-click infections via iMessage or WhatsApp, granting full access to calls, messages, cameras, and location data without user interaction, marking a shift from labor-intensive methods to scalable, automated exploitation of smartphone vulnerabilities.^[41] State integration deepened as intelligence agencies outsourced capabilities to private vendors, bypassing domestic development constraints and leveraging commercial innovations for operational efficiency. By the mid-2010s, NSO had sold Pegasus to at least 40 governments, including Saudi Arabia, UAE, and Mexico, where it was used not only against suspected terrorists but also journalists and dissidents, as documented in 2016 investigations revealing UAE deployment against a Qatari activist.^[42] In 2015, the Hacking Team data breach exposed similar sales of remote access trojans to over 40 countries' law enforcement, highlighting how states integrated off-the-shelf spyware into national security apparatuses despite ethical risks. Network-level exploits, such as SS7 protocol flaws inherited from 2G/3G eras, were routinely leveraged by state actors for call interception and location tracking; for instance, German media reported in 2017 that intelligence services exploited SS7 to monitor foreign targets, including potentially allies, underscoring persistent vulnerabilities in global telecom infrastructure persisting into 5G transitions.^[43] The 2021 Pegasus Project, a collaborative probe by Amnesty International and media outlets, revealed over 50,000 potential targets across 50 countries, including heads of state like French President Macron and EU officials, prompting bans and lawsuits against NSO by the US in 2021 for enabling human rights abuses.^[44] Even democratic governments adopted these tools; the FBI acquired Pegasus in 2019 for testing on US persons under warrant, though deployment was limited amid internal debates over efficacy and privacy.^[45] By the early 2020s, state use expanded amid geopolitical tensions, with reports of Chinese and Russian agencies deploying custom malware akin to Pegasus for espionage, while Western allies grappled with balancing surveillance against oversight—evidenced by the EU's 2022 push for spyware export controls following scandals in Poland and Hungary.^[46] Into 2025, evolution continued with hybrid threats combining spyware and network exploits, as seen in Apple’s October 2025 alerts to users including a Western spyware developer targeted by state-sponsored iPhone intrusions, signaling ongoing arms-race dynamics between attackers and defenders.^[47] Governments increasingly integrated these into hybrid warfare doctrines, with SS7/Diameter successors in 4G/5G networks enabling real-time tracking for military and counterintelligence, though mitigations like protocol firewalls gained traction post-2020 regulatory mandates from bodies like the FCC.^[48] This state-commercial symbiosis raised causal concerns: while enhancing threat detection, it eroded accountability, as vendors' opacity and governments' denials—often justified by national security—facilitated misuse, per analyses from outlets like the Council on Foreign Relations attributing proliferation to lax export regimes.^[40] Empirical data from breaches and leaks indicate over-reliance on foreign spyware exposed even purchasers to blowback, as in the 2023 US blacklisting of NSO, yet demand persists due to the tools' precision over bulk metadata collection revealed in 2013 Snowden disclosures.^[45]

Technical Methods

Voicemail and Stored Communication Intercepts

Voicemail interception represents a foundational technique in phone hacking, targeting stored voice messages on mobile network servers as electronic communications. Hackers typically dial the victim's mobile number from an external line; if the device is powered off, busy, or unanswered, the call automatically diverts to the voicemail system. At this point, the hacker interrupts the ringing tone—often by pressing a designated key such as "#" or "*"—to reach the PIN entry prompt and inputs a default or easily guessed code, such as 0000, 1234, or 1111, which many users in the 1990s and 2000s failed to customize despite carrier prompts.^[29]^[13]^[12] This method exploits the architecture of carrier voicemail systems, which store messages on centralized servers accessible via the public switched telephone network (PSTN) without requiring advanced technical exploits like malware. Default four-digit PINs were standard for new accounts to simplify setup, but their predictability enabled brute-force attempts or dictionary attacks limited only by rate-limiting thresholds, which varied by provider. In some configurations, social engineering complemented direct access: hackers gathered personal details (e.g., birthdays or addresses) via public records or pretexting to reset PINs through customer service, bypassing forgotten-password protocols that relied on minimal verification.^[12]^[13] Advanced variants leverage caller ID spoofing, where services mimic the victim's number to trick systems that authenticate based on Automatic Number Identification (ANI) rather than true end-to-end encryption or multi-factor checks, potentially granting PIN-free entry if the network assumes the call originates from the subscribed device. Such access violates provisions like the U.S. Stored Communications Act (18 U.S.C. § 2701), which prohibits intentional unauthorized entry into facilities holding stored electronic communications, including voicemails retained beyond 180 days.^[49]^[50]^[51] Stored communications beyond voicemails, such as intercepted SMS or call logs temporarily buffered on network elements, fall under similar interception risks but were less prevalent in early phone hacking due to voicemail's persistence and ease of retrieval. Carriers' convenience-focused designs—e.g., exempting PINs for calls from the owner's phone—amplified vulnerabilities, though post-2010 reforms like mandatory PIN personalization, access alerts via SMS, and remote PIN changes restricted to the device itself mitigated widespread exploits.^[29]^[12]

Network Signaling Exploits (SS7 and Successors)

Signaling System No. 7 (SS7) is a collection of protocols developed in the 1970s to manage call setup, routing, and teardown across public switched telephone networks, including mobile variants for SMS delivery and subscriber mobility.^[52] These protocols assume trusted interconnections between carriers, lacking inherent authentication or encryption, which enables exploits when unauthorized actors gain network access via rogue nodes or compromised operators.^[53] In phone hacking contexts, attackers impersonate legitimate network elements to query or manipulate signaling data, allowing interception of voice calls and SMS without physical device access or user awareness.^[54] Exploits typically involve messages like SendRoutingInfo (SRI) for location tracking, which reveals a target's cell ID or precise coordinates by querying the Home Location Register (HLR), or MAP_ForwardSM for SMS rerouting to an attacker-controlled endpoint.^[55] Call interception occurs via InsertSubscriberData to enable call forwarding or AnyTimeInterrogation for real-time subscriber status, bypassing air-interface encryption. Access requires SS7 connectivity, often obtained through dark web services or insider leaks costing $1,000–$5,000 per target query as of 2021, though state actors leverage global interconnects for broader surveillance.^[56] Demonstrations date to 2008 when researchers like Tobias Engel exposed location tracking flaws at conferences, but public criminal use surged post-2014 after Karsten Nohl's Chaos Communication Congress reveal of SMS interception, enabling bank fraud via two-factor authentication bypass in cases reported across Europe and the U.S.^[57] By 2016, incidents included German authorities tracking journalists via SS7, highlighting persistent risks despite patches in some networks.^[58] Successor protocols like Diameter, deployed in 4G LTE cores since around 2010 for authentication, authorization, and accounting (AAA), inherit SS7's trust-based flaws despite IP-based transport via SIGTRAN.^[52] Diameter lacks mandatory mutual authentication, permitting node impersonation for exploits such as location disclosure via Diameter Location Management or SMS rerouting through S6c interface queries, with vulnerabilities demonstrated in 2018 GSMA reports showing DoS and interception risks.^[59] In 5G non-standalone deployments overlaying 4G since 2018, Diameter persists for interworking, exposing hybrid networks to similar attacks, including subscriber data leaks via unencrypted peering links.^[60] Recent analyses as of 2024 confirm ongoing Diameter exploits for tracking in LTE/5G, with attackers exploiting exposed interfaces in roaming hubs, though full 5G standalone cores introduce service-based architecture mitigations like improved firewalls that remain incompletely deployed globally.^[61] These signaling weaknesses enable phone hacking at the network layer, underscoring causal reliance on legacy trust models amid evolving threats from both cybercriminals and state entities.^[62]

Active Interception Devices (IMSI Catchers)

Active interception devices, commonly known as IMSI catchers or cell-site simulators, function by masquerading as legitimate cellular base stations to compel nearby mobile devices to connect and disclose identifying information. These portable systems transmit radio signals mimicking those of authentic towers but at higher power levels, exploiting the protocol's preference for the strongest available signal, thereby forcing handovers from real networks. Upon connection, the device captures the International Mobile Subscriber Identity (IMSI), International Mobile Equipment Identity (IMEI), and approximate location data derived from signal timing or triangulation.^[22]^[24] In operational terms, IMSI catchers operate across 2G, 3G, and sometimes 4G networks by downgrading connections to less secure protocols, such as compelling 3G/4G devices to fall back to unencrypted 2G for voice and SMS interception. This active mode enables real-time eavesdropping on calls, text messages, and metadata, though interception of encrypted data over modern LTE or 5G requires additional exploits like protocol manipulation or man-in-the-middle attacks. Basic passive variants merely log IMSIs without further interaction, but active devices sustain connections to relay traffic or deny service by blocking legitimate tower access. Range typically extends 100-500 meters in urban environments, limited by transmit power and terrain, necessitating physical proximity to targets.^[22]^[63] Historically, IMSI catchers entered surveillance arsenals in the mid-1990s, with U.S. Federal Bureau of Investigation (FBI) deployments of early models like Triggerfish by 1995 for locating suspects via triggered connections. By the early 2000s, commercial variants proliferated, enabling law enforcement to harvest IMSIs from crowds without warrants in some jurisdictions, as revealed in 2013 FBI documentation showing over 5,000 annual uses by federal agencies alone. Unauthorized applications in phone hacking emerged alongside, with criminal actors replicating low-cost DIY versions using software-defined radios and open-source tools like OpenBTS, though documented illicit cases remain sparse due to detection risks.^[64]^[24] Limitations constrain their efficacy against contemporary defenses: encrypted end-to-end services like Signal bypass interception, while carrier-grade encryption in 4G/5G VoLTE resists downgrades unless vulnerabilities like SS7 integration are exploited. Devices often fail against phones in airplane mode or with disabled roaming, and sustained use risks network anomalies alerting operators. Detection methods include signal analysis apps monitoring for suspicious base station IDs or power inconsistencies, with research demonstrating up to 90% accuracy in urban settings via drive-test data. Operator-side monitoring, such as anomaly detection in handover patterns, further mitigates widespread deployment.^[65]^[66]^[67]

Device and SIM-Level Compromises

Device-level compromises involve the installation of malware or spyware on the target mobile phone, granting attackers unauthorized access to microphone, camera, calls, messages, and other functions for interception and exfiltration. Such infections often exploit software vulnerabilities in operating systems like iOS or Android, enabling remote code execution without user interaction, known as zero-click attacks.^[44] For instance, NSO Group's Pegasus spyware, deployed since at least 2016, uses chains of exploits targeting apps such as iMessage or WhatsApp to install persistent agents that capture real-time communications and location data.^[68] Pegasus has been documented in forensic analyses of infected devices, where it evades detection by residing in memory and self-deleting traces, affecting thousands of targets including journalists and activists as revealed in 2021 investigations.^[44] Other mobile malware variants, such as those disguised in malicious apps or delivered via malvertising, similarly tap into telephony APIs to intercept SMS and voice calls, with global detections exceeding 12 million blocked instances in early 2025 alone.^[69] SIM-level compromises target the subscriber identity module's cryptographic protections or carrier provisioning processes to clone or hijack authentication credentials. Early GSM networks relied on the COMP128-v1 algorithm for SIM-network authentication, which contained flaws allowing attackers to extract the 128-bit secret key (Ki) through offline attacks using a smartcard reader; this required approximately 150,000 to 200,000 queries but enabled full SIM cloning by 2002.^[70] Security Research Labs demonstrated in 2013 that many SIMs still used vulnerable COMP128 variants, potentially exposing billions of cards to eavesdropping via key recovery in under two hours with specialized hardware.^[71] Modern SIM exploits are rarer due to upgraded algorithms like Milenage in 3G/4G, but side-channel attacks combining partitioning and timing analysis can still break COMP128 implementations on resource-constrained devices.^[72] A prevalent SIM-related tactic is SIM swapping, where attackers socially engineer mobile carriers to reassign a victim's phone number to a new SIM under their control, bypassing device locks to intercept two-factor authentication codes and calls. This method exploits weak carrier verification, such as accepting forged IDs or bribed insiders, and has risen sharply, with U.S. Federal Trade Commission reports noting over 1,000 complaints monthly by 2018, enabling cryptocurrency thefts exceeding $100 million annually.^[18] Unlike cryptographic flaws, SIM swapping requires no direct SIM access but effectively compromises the subscriber's identity, allowing redirection of all network traffic; prevention relies on carrier-implemented PINs or port-freeze protocols, though adoption varies.^[19] These techniques differ from network-level exploits by operating at the endpoint, often combining with device malware for comprehensive surveillance. Social engineering encompasses psychological manipulation tactics designed to deceive individuals into revealing credentials or granting access that enables phone hacking. Common methods include pretexting, where perpetrators impersonate authorities, telecom staff, or associates to elicit voicemail PINs, account numbers, or personal details from victims or service providers; vishing, involving fraudulent calls to extract sensitive information; and smishing, which uses deceptive SMS messages containing malicious links or prompts for verification codes.^[73]^[74] In the UK phone hacking scandals of the 2000s-2010s, journalists at outlets like News of the World routinely applied "blagging"—a pretexting variant—to impersonate targets and obtain phone records or security codes from carriers such as British Telecom, facilitating unauthorized voicemail access for thousands of victims including celebrities and politicians.^[75]^[32] These approaches exploit human trust rather than technical vulnerabilities, often yielding credentials that bypass default protections like simple PINs unchanged by users.^[73] Malware deployment augments social engineering by installing persistent software on target devices to intercept communications directly. Spyware variants, such as remote access trojans (RATs), embed deeply to capture incoming/outgoing calls, SMS texts, and even ambient audio via microphone activation, often exfiltrating data to attacker-controlled servers.^[76]^[77] Prominent examples include Pegasus, a sophisticated spyware suite from Israel's NSO Group, capable of exploiting iOS and Android zero-day flaws to access encrypted messages, record calls, and track locations without user interaction; it has been linked to state actors targeting journalists and activists since at least 2016, with infections frequently initiated via engineered links disguised as news alerts or calendar invites.^[68] Commercial tools like FlexiSPY enable similar interception of calls and texts, typically requiring initial device access or user-induced installation through phishing, and have been marketed for surveillance despite misuse in unauthorized hacking.^[78] Recent mobile malware strains further illustrate interception capabilities tailored to phones. For instance, the Android trojan FakeCall, detected in 2024, hijacks the dialer to redirect outgoing calls—such as those to banks—to attacker numbers, allowing real-time eavesdropping or fraud during voice interactions; it spreads via smishing campaigns mimicking legitimate apps.^[79]^[80] Such malware often combines with social engineering for delivery, as seen in campaigns where victims are tricked into sideloaded apps or zero-click exploits, underscoring the synergistic role of these auxiliary methods in overcoming device encryption and network safeguards.^[76] While state-grade tools like Pegasus evade detection through kernel-level persistence, consumer-facing variants rely more on user error, highlighting vulnerabilities in app vetting and awareness.^[68]

Legal Frameworks

International Standards and Treaties

The Budapest Convention on Cybercrime, formally the Council of Europe Convention on Cybercrime, adopted on November 8, 2001, and entering into force on July 1, 2004, establishes the foundational international framework for criminalizing cyber offenses, including those pertinent to phone hacking such as unauthorized access to computer systems and interception of non-public data transmissions.^[81] As of 2025, it has been ratified by over 70 countries, including non-European states like the United States (2006) and Japan (2012), requiring parties to enact domestic laws against illegal access (Article 2), data interference (Article 3), and system interference (Article 4), which apply to telecom network exploits like SS7 signaling vulnerabilities used in phone interception.^[82] A Second Additional Protocol, adopted on May 12, 2022, and ratified by parties including the United States, mandates expedited preservation and disclosure of electronic evidence for cross-border cybercrime probes, facilitating investigations into hacking but raising concerns over procedural safeguards for privacy.^[83] The United Nations Convention against Cybercrime, adopted by the UN General Assembly on December 24, 2024, extends global harmonization by obligating states to criminalize cyber-dependent crimes, including unauthorized access to and interception of information systems, directly encompassing digital phone hacking methods like IMSI catchers or malware-based intercepts. Signed by 65 nations on October 25, 2025, during a UN ceremony in New York, the treaty emphasizes international cooperation for evidence sharing and victim assistance while incorporating human rights clauses, though implementation depends on domestic ratification and has drawn criticism for potentially broadening state surveillance powers without robust oversight, as noted by organizations like the Center for European Policy Analysis.^[84]^[85] Human rights treaties provide overarching protections against unlawful phone hacking. The International Covenant on Civil and Political Rights (ICCPR), adopted in 1966 and ratified by 173 states as of 2025, mandates in Article 17 that no one shall be subjected to arbitrary or unlawful interference with privacy, including correspondence and communications, interpreting phone intercepts as violations absent strict legal authorization, proportionality, and judicial review as clarified by the UN Human Rights Committee.^[86] Similarly, the UN Special Rapporteur on the right to privacy has emphasized that international law requires states to regulate interception under principles of legality, necessity, and non-discrimination, applying to both state and non-state actors in phone hacking cases.^[87] Technical standards from bodies like the International Telecommunication Union (ITU) complement treaties by outlining secure protocols for mobile networks, such as ITU-T Recommendation X.1127 (2017) for smartphone security architectures and guidelines in the ITU-T Security Manual (2024 edition) for mitigating interception risks in telecom infrastructure, though these are non-binding recommendations rather than enforceable treaties.^[88]^[89] No dedicated global treaty exclusively targets phone hacking, with coverage instead integrated into broader cybercrime and privacy regimes, reflecting the evolution from analog wiretapping concerns to digital exploits.^[90]

Key National Laws and Regulations

In the United Kingdom, unauthorized interception of communications, including phone calls and voicemails, constitutes an offence under section 1 of the Regulation of Investigatory Powers Act 2000 (RIPA), which prohibits intentional interception without lawful authority except by warrant-holding public bodies such as intelligence agencies or police. This framework was central to prosecutions following the 2011 News International phone hacking scandal, where journalists unlawfully accessed voicemails by exploiting default PINs or guessing them, violating RIPA's interception rules.^[91] Complementing RIPA, section 1 of the Computer Misuse Act 1990 criminalizes unauthorized access to computer systems, including mobile devices and networks used in phone hacking, with penalties up to 10 years imprisonment for serious cases.^[92] The Investigatory Powers Act 2016 later consolidated and expanded RIPA's provisions, maintaining strict prohibitions on private unauthorized interception while authorizing targeted state surveillance under oversight mechanisms like judicial warrants.^[93] In the United States, the Electronic Communications Privacy Act of 1986 (ECPA) forms the primary federal prohibition against phone hacking, with Title I (the Wiretap Act, 18 U.S.C. §§ 2510–2522) barring intentional interception of wire or electronic communications in transit, such as live calls, unless one-party consent or a court order applies, with violations punishable by fines and up to five years imprisonment. Title II of ECPA, the Stored Communications Act (18 U.S.C. §§ 2701–2712), extends protections to stored voicemails and data on service providers, prohibiting unauthorized access without consent or warrant, as applied in cases involving remote voicemail retrieval.^[94] The Computer Fraud and Abuse Act (CFAA, 18 U.S.C. § 1030), enacted in 1986 and amended multiple times, further criminalizes unauthorized access to "protected computers"—including those involved in interstate communications like mobile networks—with penalties escalating based on damage caused, such as up to 10 years for accessing to defraud or obtain value over $5,000.^[95] State laws often mirror or supplement these, with all 50 states prohibiting unauthorized computer access akin to hacking.^[96] Other nations have analogous frameworks; for instance, Australia's Telecommunications (Interception and Access) Act 1979 restricts unauthorized interception of telecommunications, requiring warrants for law enforcement, while criminalizing private hacking with up to two years imprisonment. In Germany, section 202a of the Criminal Code (Strafgesetzbuch) punishes unauthorized data espionage, including phone intercepts, with up to three years imprisonment, enforced through federal investigations into commercial surveillance. These laws generally prioritize privacy protections but permit exceptions for national security, highlighting tensions between enforcement against private actors and regulated state access.^[97]

Prosecution Outcomes and Challenges

In the United Kingdom, the most prominent prosecutions for phone hacking stemmed from the News of the World scandal, where journalists and private investigators intercepted voicemails without authorization. Clive Goodman, a royal reporter, and Glenn Mulcaire, a private investigator, were convicted in January 2007 for intercepting communications in violation of the Regulation of Investigatory Powers Act 2000, receiving suspended sentences and community service, respectively.^[98] Andy Coulson, the newspaper's former editor, was convicted in June 2014 of conspiracy to intercept communications, sentenced to 18 months in prison after a trial that established widespread knowledge of the practice among senior staff.^[9] Ian Edmondson, a former news editor, pleaded guilty and received an eight-month sentence in November 2014 for similar offenses.^[99] By December 2015, the Crown Prosecution Service concluded its criminal investigations, having initiated 12 prosecutions related to phone hacking, resulting in nine convictions, primarily against journalists and investigators rather than executives who authorized or benefited from the hacks.^[100] Rebekah Brooks, the former chief executive, was acquitted on all charges in 2014, highlighting prosecutorial difficulties in proving executive culpability amid claims of compartmentalized knowledge within newsrooms.^[9] Internationally, convictions remain sparse; for instance, no major criminal trials have yielded widespread prosecutions for state-linked phone hacking via tools like Pegasus spyware, with efforts often stymied by jurisdictional barriers and lack of cooperation from implicated governments.^[101] Prosecutorial challenges include technical attribution, where forensic evidence from intercepted signals or devices degrades rapidly or requires specialized expertise often unavailable to investigators, leading to low detection rates estimated below 10% for cyber intrusions broadly.^[102] Evidentiary hurdles persist, such as proving specific intent and harm in voicemail interceptions, compounded by corporate deletions of records and reliance on civil settlements—News UK has paid over £1 billion in compensation by 2021 without admitting liability in many cases.^[103] International cases face extradition reluctance and conflicting laws, as seen in stalled probes into foreign actors, while statutes of limitations have barred later charges despite ongoing revelations.^[104] Underfunding of law enforcement forensics and the prioritization of civil over criminal remedies further limit outcomes, with only a fraction of identified victims leading to trials.^[102]^[105]

State and Institutional Involvement

Intelligence Agency Programs

The National Security Agency (NSA) conducted the DISHFIRE program, which amassed nearly 200 million short message service (SMS) texts daily from global mobile networks as of 2012, deriving metadata on user locations via roaming alerts, contact networks from "pocket dial" notifications, and financial details from transaction confirmations.^[106]^[107] This untargeted collection, processed through tools like PREFER for automated analysis, captured content and metadata indiscriminately, with documents describing it as a "goldmine" for intelligence on relationships, travel, and commerce.^[108] Revelations of DISHFIRE emerged from classified slides leaked by Edward Snowden in 2014, highlighting the program's reliance on upstream interception from international partners and commercial data buys rather than domestic warrants.^[109] Complementing DISHFIRE, the NSA's mobile location tracking initiative logged approximately 5 billion cell phone records per day by 2013, aggregating geodata from call detail records, SMS routing, and SS7 signaling to map user movements across borders without individual targeting.^[110] These efforts, also Snowden-sourced, fed into a 27-terabyte database for querying associations and patterns, often bypassing Foreign Intelligence Surveillance Act (FISA) oversight for non-U.S. persons.^[111] In collaboration with the United Kingdom's Government Communications Headquarters (GCHQ), the NSA hacked the internal networks of SIM card producer Gemalto between 2010 and 2011, compromising production systems in France and the Netherlands to extract private encryption keys for GSM networks.^[112] This operation, codenamed unspecified in leaks but involving GCHQ-led intrusions and NSA analytic support, yielded keys to decrypt billions of mobile calls and texts across multiple carriers, evading detection by bypassing network-level protections.^[113] Snowden documents analyzed by The Intercept in 2015 confirmed the breach targeted SIM authentication algorithms, enabling persistent interception of voice and data without alerting phone makers or operators.^[112] Five Eyes allies, including the NSA and GCHQ, further exploited SS7 protocol flaws for mobile surveillance, routing unauthorized queries through trusted operator nodes to reroute calls, snoop texts, and pinpoint locations in real time, as demonstrated by independent tests and inferred from leak patterns of global access.^[114] Such methods, inherent to the protocol's trust-based design from the 1970s, allowed agencies to impersonate home networks abroad, with Privacy International documenting systematic abuse in allied operations by 2014.^[115] These capabilities persisted despite known vulnerabilities, prioritizing operational efficacy over protocol upgrades.

Law Enforcement Applications

Law enforcement agencies employ phone interception techniques primarily to gather evidence in criminal investigations, such as tracking suspect locations, intercepting communications, and identifying associates. These methods include lawful interception through telecommunications carriers, which leverages network protocols like SS7 to monitor call setup, caller ID, and content under judicial warrants.^[116] For instance, carriers deploy handover interfaces compliant with ETSI standards (TS 101 671) to deliver intercepted voice, data, and signaling information to agencies upon authorization.^[117] This carrier-assisted approach ensures targeted surveillance without exploiting protocol vulnerabilities, focusing instead on mandated access points for efficiency and compliance.^[118] Active interception devices, such as IMSI catchers (also known as cell-site simulators or Stingrays), enable police to mimic cellular base stations and capture International Mobile Subscriber Identity (IMSI) numbers, approximate locations, and in advanced configurations, call metadata or content from nearby devices.^[119] These tools are deployed in scenarios like suspect apprehension or event monitoring; for example, Baltimore Police used Stingrays over 4,300 times between 2007 and 2015, often for routine crimes including theft and drug offenses, by forcing phones to connect and revealing their positions.^[120] Similarly, UK forces including the Metropolitan Police have utilized IMSI catchers since at least 2011 to harvest phone data at protests or crime scenes, capturing IMSIs from all devices in range to map movements or identify participants.^[121] While effective for real-time tracking—providing location accuracy within meters—these devices can inadvertently collect data from uninvolved parties, prompting requirements for warrants in jurisdictions like the U.S. following the 2018 Supreme Court ruling in Carpenter v. United States, which mandated probable cause for cell-site location information to avoid warrantless searches.^[122] Beyond network-level tools, law enforcement integrates phone surveillance with device compromises post-seizure, using extraction software to access stored data like texts and contacts, as upheld in Riley v. California (2014), which requires warrants for comprehensive phone searches incident to arrest.^[123] In practice, agencies like the FBI have combined these with SS7-based queries for historical call records or real-time pings, aiding investigations into organized crime or terrorism; one documented case involved tracking a kidnapping suspect via carrier-provided SS7 intercepts in compliance with Title III of the Omnibus Crime Control and Safe Streets Act.^[124] Such applications demonstrate interception's role in evidentiary chains, with success rates evidenced by thousands of annual deployments, though operational secrecy—often via nondisclosure agreements with vendors—has limited public data on total usage.^[125]

Revelations from Leaks and Investigations

In 2013, Edward Snowden's leaks exposed the U.S. National Security Agency's (NSA) extensive mobile phone surveillance capabilities, including the interception of calls, text messages, and location data from foreign mobile networks such as those in China, where millions of private SMS were accessed.^[126] ^[127] These disclosures revealed programs like PRISM and XKEYSCORE, which enabled bulk collection of phone metadata and content from global carriers, often without individualized warrants, prompting debates over legality and leading to a U.S. court ruling in 2020 that certain NSA bulk phone data collection violated the Fourth Amendment.^[128] Snowden's documents also highlighted NSA partnerships with telecom firms to exploit vulnerabilities in mobile protocols for real-time interception.^[129] The 2015 Hacking Team data breach, involving the Italian spyware firm, uncovered sales of remote control system (RCS) tools to over 40 governments, including repressive regimes in Ethiopia, Egypt, and Saudi Arabia, enabling phone interception, call recording, and activation of microphones and cameras without user detection.^[130] ^[131] Leaked emails confirmed U.S. agencies like the FBI and DEA purchased these tools for domestic surveillance, with capabilities targeting Android and iOS devices via exploits in apps like WhatsApp and Chrome, despite the company's claims of export controls limited to law enforcement.^[132] Investigations post-leak, including by Citizen Lab, traced RCS deployments to unauthorized targets such as journalists and dissidents, revealing minimal oversight in commercial spyware proliferation.^[133] WikiLeaks' 2017 Vault 7 publications detailed CIA tools for compromising mobile devices, including "Weeping Angel" for Samsung smart TVs that could eavesdrop via built-in microphones and malware like "Highrise" for iOS persistence post-jailbreak, allowing call interception and data exfiltration.^[134] ^[135] These leaks exposed over 300 hacking instruments developed by the CIA's Embedded Devices Branch, targeting Android and iPhone operating systems with zero-day exploits, some sourced from private firms, and highlighted risks of tool proliferation after an internal audit confirmed 91 malware variants were compromised.^[136] The revelations underscored the CIA's focus on mobile platforms for operational tradecraft, including obfuscation frameworks like Marble to mask agency origins in intrusions.^[137] The 2021 Pegasus Project, stemming from a leak of 50,000 targeted phone numbers analyzed by Amnesty International and forensic experts, revealed NSO Group's spyware infected devices of journalists, activists, and heads of state across 50 countries, often via zero-click iMessage exploits enabling full access to calls, messages, and cameras.^[138] ^[139] Clients including Mexico, India, and Hungary used Pegasus for political surveillance, contradicting NSO's assertions of terrorism-only licensing, with evidence of infections on EU lawmakers' phones prompting a European Parliament inquiry in 2022 that documented systemic abuses and called for spyware export bans.^[140] Subsequent U.S. blacklisting of NSO in 2021 cited national security risks from such tools' misuse.^[141]

Impacts and Case Studies

Profiles of High-Profile Victims

Milly Dowler, a 13-year-old girl abducted and murdered in March 2002, became one of the most poignant victims of the News of the World phone hacking scandal when journalists from the tabloid intercepted voicemails on her mobile phone after her disappearance. The hacking, which involved accessing and reportedly deleting messages from her inbox, created the false impression among her family that she was still alive and actively using her phone, exacerbating their grief during the search. This revelation, reported on July 4, 2011, triggered widespread public outrage and contributed directly to the closure of the News of the World on July 10, 2011.^[35]^[142] Actress Sienna Miller experienced severe personal trauma from phone hacking by News Group Newspapers titles, including the unlawful interception of her voicemails that led to the public disclosure of her 2005 pregnancy before she had informed close contacts. Miller described the intrusions as causing her to "black out" from stress and undergo an "absolute breakdown on every single level," prompting her to violently confront five people in her life whom she suspected of selling stories to the press. In December 2021, she settled her claim against News Group Newspapers, with the publisher admitting unlawful information gathering and paying undisclosed damages.^[143]^[144] Prince Harry, Duke of Sussex, pursued multiple lawsuits alleging extensive phone hacking by Mirror Group Newspapers (MGN) and News Group Newspapers (NGN), claiming his voicemails were intercepted over 140 times between 2003 and 2009, with articles derived from private information. A High Court ruling in December 2023 found that hacking was "widespread and habitual" at MGN, awarding him £140,600 in damages for specific instances, including stories about his girlfriends and family relationships. In February 2024, he settled the remainder of his MGN claim for additional substantial damages and costs; a further settlement with NGN in January 2025 included an "unequivocal apology" and compensation, marking a significant legal victory after years of litigation.^[145]^[146] Other high-profile victims, such as actors Jude Law, Steve Coogan, and Sadie Frost, reported profound psychological impacts including paranoia, substance abuse, and eroded trust in relationships due to repeated voicemail interceptions that fueled invasive tabloid coverage. In a 2015 High Court case, Mirror Group was ordered to pay £1.2 million in damages to a group including Frost and footballer Paul Gascoigne for hacking that invaded their privacy and caused lasting emotional distress. These cases underscore how phone hacking extended beyond mere privacy breaches to foster a decade of interpersonal suspicion and mental health challenges among celebrities and public figures.^[147]^[8]

Systemic Effects on Privacy and Society

Phone hacking scandals, particularly the 2011 News of the World revelations in the United Kingdom, exposed systemic vulnerabilities in mobile communications, prompting widespread recognition that personal conversations and data could be routinely intercepted without consent, thereby eroding expectations of privacy in digital interactions.^[38] This incident involved journalists accessing voicemails of celebrities, politicians, and ordinary citizens, including victims of crimes, which demonstrated how private information could be commodified for commercial gain, fostering a societal shift toward heightened skepticism regarding the security of everyday communications.^[103] The scandals contributed to a measurable decline in public trust in media institutions; a 2011 survey found that 58% of the UK public reported diminished confidence in newspapers following the disclosures, reflecting broader disillusionment with journalistic ethics and the unchecked power of press conglomerates.^[148] This erosion extended to institutional credibility, as revelations of collusion between media outlets and law enforcement—such as payments to police for information—undermined faith in regulatory oversight and prompted inquiries like the Leveson Inquiry, which highlighted failures in balancing press freedom with individual rights.^[149] Consequently, these events catalyzed demands for stronger privacy protections, influencing legislative responses while illustrating how breaches by non-state actors could normalize invasive practices and desensitize society to privacy incursions. State-sponsored phone hacking, exemplified by the deployment of commercial spyware like Pegasus developed by Israel's NSO Group, has amplified these effects on a global scale, transforming smartphones into persistent surveillance apparatuses capable of extracting messages, emails, and location data without user awareness.^[150] Documented uses in at least 34 countries targeted journalists, activists, and opposition figures, creating a chilling effect on free expression and association by instilling fear of retaliation through exposed private activities.^[151] A 2022 European Parliament study noted that such pervasive monitoring not only violates privacy but also indirectly suppresses democratic discourse, as affected individuals self-censor to avoid digital footprints that could be weaponized, thereby weakening societal resilience against authoritarian overreach.^[152] Overall, these systemic incursions have fostered a cultural paradigm where privacy is perceived as illusory, prompting behavioral adaptations such as reduced reliance on mobile devices for sensitive discussions and increased adoption of encrypted alternatives, though uneven access exacerbates digital divides.^[153] The United Nations has characterized spyware proliferation as an escalating human rights crisis, arguing it undermines the foundational trust necessary for open societies by enabling unchecked power asymmetries between surveillers and the surveilled.^[150]

Economic and Operational Ramifications

The phone hacking scandal, particularly involving News of the World and other UK tabloids, imposed significant financial burdens on media conglomerates, with News UK accumulating costs exceeding £1 billion by 2021, encompassing civil settlements, legal defense fees, and operational disruptions. These expenses continued into subsequent years, with £128.3 million disbursed in 2023 alone for claims and related litigation, dropping to £51.6 million in 2024 as cases resolved. Mirror Group Newspapers, facing over 100 lawsuits as of November 2024, has similarly paid out damages, including £100,000 to actor Michael Turner in a 2021 ruling that confirmed widespread hacking practices. Victims received aggregate compensation estimated in the hundreds of millions, though individual economic losses—such as foregone professional opportunities for celebrities and public figures like actor Hugh Grant—remain harder to quantify beyond awarded sums.^[154]^[155]^[156]^[157] Operationally, the scandal triggered the abrupt closure of News of the World on July 10, 2011, after 168 years of publication, halting its weekly circulation of approximately 2.7 million copies and resulting in over 200 redundancies. This decision by News International owner Rupert Murdoch aimed to contain reputational damage amid public outrage over hacks targeting figures like murdered teenager Milly Dowler. The fallout disrupted broader UK press operations, prompting internal audits, resignations of senior executives including editor Rebekah Brooks, and a shift away from aggressive investigative tactics reliant on private investigators. Legal proceedings, including convictions of journalists like Clive Goodman in 2007 and further charges in 2014, imposed operational constraints through ongoing compliance monitoring and restricted access to surveillance-derived intelligence.^[103]^[103]^[158] Institutionally, the events catalyzed regulatory shifts, including the Leveson Inquiry (2011–2012), which recommended a new press oversight body, leading to the creation of the Independent Press Standards Organisation in 2014 as an alternative to statutory regulation. Media firms adapted by enhancing ethical training and source verification protocols, though critics argue these measures have chilled legitimate public-interest journalism without fully eradicating illicit practices. For law enforcement, revelations of police complicity—such as payments to officers for tips—necessitated internal reforms, including the 2011 suspension of News International payments and heightened oversight of informant handling to prevent operational vulnerabilities.^[159]^[158]

Prevention and Mitigation

Technological Defenses and Protocol Upgrades

The Signaling System No. 7 (SS7), a legacy protocol from the 1970s used for call routing and SMS in 2G and 3G networks, lacks built-in authentication and encryption, enabling interception via unauthorized signaling messages.^[160] To mitigate these flaws without full replacement, telecom operators deploy edge firewalls to filter anomalous SS7 queries, such as location updates or SMS forwards, blocking up to 90% of malicious traffic in tested implementations as of 2021.^[161] Additional measures include SIGTRAN adaptations for IP-based transport with added monitoring, though these do not address core trust-based vulnerabilities.^[162] Fourth-generation (4G) Long-Term Evolution (LTE) networks partially address SS7 risks by shifting core signaling to the Diameter protocol, which supports optional Transport Layer Security (TLS) and IPsec for encryption and integrity, enabling mutual authentication between network elements.^[163] However, Diameter's implementation often omits full security in roaming scenarios, leaving gaps for eavesdropping or tracking, as documented in 3GPP standards up to Release 15 (circa 2018).^[164] LTE also enforces user equipment authentication via the Authentication and Key Agreement (AKA) procedure, reducing unauthorized access compared to SS7's unilateral checks, though fallback to 2G/3G during poor coverage reintroduces vulnerabilities.^[61] Fifth-generation (5G) protocols represent a structural upgrade, replacing SS7 and Diameter in standalone deployments with HTTP/2-based service-based architecture (SBA) for inter-network communication, incorporating mandatory encryption and API gateways to prevent legacy exploits.^[165] Key enhancements include the Subscription Concealed Identifier (SUCI) to obfuscate permanent subscriber identities like IMSI during transmission, thwarting passive interception, and the Security Edge Protection Proxy (SEPP) for roaming, which enforces TLS 1.3 and application-layer security to mitigate Diameter's shortcomings.^[166] 5G's 3GPP Release 15 (2018) and later introduce unified authentication frameworks with enhanced key derivation, providing forward secrecy and resistance to replay attacks, though non-standalone 5G hybrids retain some 4G/Diameter exposure until full migration.^[167] Complementary to network upgrades, end-to-end encryption (E2EE) in voice-over-IP (VoIP) applications defends call content against interception, even on vulnerable cellular links, by encrypting media streams from sender to receiver using protocols like Signal.^[168] As recommended by the U.S. Cybersecurity and Infrastructure Security Agency in December 2024 guidance, E2EE apps ensure intermediaries cannot access plaintext, though they do not shield metadata or protocol-level signaling.^[169] Device manufacturers like Apple and Google have integrated E2EE for RCS messaging and added detection for IMSI catchers via signal analysis in iOS 17 and Android 14 (2023), alerting users to anomalous base stations.^[170]

User-Level Protections and Best Practices

Users can significantly reduce the risks of phone hacking by adhering to cybersecurity best practices that address common attack vectors such as malware infection, phishing, and unauthorized physical access. These measures, drawn from guidelines by U.S. government agencies, emphasize proactive device management and behavioral caution rather than reliance on unverified third-party tools.^[171]^[172] Device Locking and Authentication: Configure a strong lock screen using at least a 6-digit PIN or passphrase, supplemented by biometric methods like fingerprint or facial recognition where available, to prevent unauthorized access.^[172] Set the device to auto-lock after no more than 5 minutes of inactivity and enable a SIM PIN to block misuse of the SIM card in case of theft.^[173] Avoid simple patterns or 4-digit PINs, as they offer insufficient protection against brute-force attempts.^[172] Software and Firmware Updates: Regularly install operating system and application updates, enabling automatic patches to close known vulnerabilities that hackers exploit for remote code execution or data interception.^[174] Delaying updates increases exposure, as evidenced by exploits targeting unpatched Android and iOS versions in state-sponsored attacks.^[171] Application Management: Download apps exclusively from official stores like Google Play or Apple App Store, reviewing developer details, user ratings, and requested permissions before installation to avoid sideloaded malware.^[173] Do not root or jailbreak devices, as these modifications disable manufacturer security controls and facilitate kernel-level exploits.^[173] Periodically audit and revoke unnecessary app permissions, particularly access to contacts, location, or microphone.^[173] Network and Communication Security: Limit use of public Wi-Fi for sensitive activities, opting for cellular data or trusted networks to evade man-in-the-middle interception of calls or SMS-based two-factor codes.^[173] For messaging and calls prone to hacking, transition to end-to-end encrypted applications such as Signal, which resists interception even on compromised networks.^[169] Enable multi-factor authentication (MFA) on accounts, preferring app-based or hardware tokens over SMS to counter SIM-swapping attacks.^[171] Phishing and Social Engineering Awareness: Scrutinize unsolicited links, attachments, or calls claiming urgency, verifying sender legitimacy through independent channels rather than responding directly, as phishing often precedes hacking via credential theft or malware delivery.^[171] Government advisories report that such tactics account for a substantial portion of mobile compromises.^[172] Data Backup and Remote Management: Back up data to encrypted cloud services or external drives regularly, ensuring backups exclude sensitive unencrypted files.^[173] Activate built-in features for remote location, locking, and selective wiping to neutralize threats from lost or stolen devices.^[172] Physical and Endpoint Security: Treat the device as a high-value asset by never leaving it unattended unlocked and using tamper-evident cases if traveling.^[175] Install reputable antivirus or endpoint detection apps from trusted vendors, configured to scan for malware, though these serve as supplements to core OS protections.^[171] Before disposing of old devices, perform a factory reset after backing up essential data to erase residual information.^[173] In cases of suspected compromise, immediately change passwords across linked accounts, monitor for unusual activity, and contact the carrier to suspend service if SIM hijacking is possible.^[173] These practices, when consistently applied, demonstrably lower individual vulnerability, as supported by federal incident response data showing reduced breach success rates among adherent users.^[171]

Regulatory and Industry Responses

In response to the 2011 UK phone-hacking scandal involving voicemail interceptions by News of the World journalists, Prime Minister David Cameron announced the Leveson Inquiry on 13 July 2011 to examine unlawful media practices, including phone hacking, and recommend reforms for press standards.^[176] The inquiry's 2012 report proposed a new independent regulatory body with statutory underpinnings to enforce ethical guidelines, aiming to deter future abuses while preserving press freedom. This led to the creation of the Independent Press Standards Organisation (IPSO) in September 2014 as a self-regulatory entity overseeing editorial compliance, handling complaints, and imposing sanctions like fines up to £1 million for serious breaches, though critics noted its lack of full statutory enforcement as a compromise to industry resistance.^[177] UK law enforcement intensified prosecutions under the Regulation of Investigatory Powers Act 2000, which criminalizes unauthorized interception of communications; by December 2015, the Crown Prosecution Service concluded operations after convicting 10 individuals, including senior executives, with sentences including prison terms for figures like Andy Coulson, though no further journalist prosecutions followed due to evidential challenges.^[100] Telecom regulators like Ofcom reviewed operator responsibilities but focused oversight on media rather than mandating widespread technical changes, prompting voluntary industry adjustments such as default voicemail PIN activation by carriers including Vodafone and BT to block simple unauthorized access.^[13] Internationally, responses to advanced phone-hacking tools like spyware have included the US government's 2021 Executive Order 14034, prohibiting federal agencies from using commercial spyware posing national security risks, such as zero-click exploits targeting devices; this was motivated by incidents involving tools like Pegasus, with the order requiring risk assessments and vendor vetting.^[178] A 2022 United Nations report urged states to limit spyware deployment to exceptional cases under strict judicial oversight, emphasizing proportionality to human rights standards and calling for transparency in surveillance capabilities to curb misuse by both governments and private actors.^[150] These measures reflect a shift toward export controls and liability for spyware vendors, though enforcement varies, with the EU's Digital Services Act imposing fines on platforms facilitating illegal surveillance tools.^[179]

Controversies and Debates

Journalism Ethics vs. Public Interest

The phone hacking scandal, particularly involving News of the World journalists from 2000 to 2011, highlighted tensions between journalistic ethics prohibiting unauthorized intrusions into private communications and claims of overriding public interest. Under the UK's Regulation of Investigatory Powers Act 2000 (RIPA), intercepting voicemails without consent constituted a criminal offense, yet some reporters and editors defended the practice as necessary to uncover stories of societal importance, such as political corruption or public figure misconduct.^[38]^[180] However, investigations revealed that the vast majority of hacks targeted celebrities, royals, and private individuals for salacious gossip rather than exposing wrongdoing, undermining ethical justifications.^[181] The Leveson Inquiry, established in July 2011 following revelations of hacking the voicemail of murdered teenager Milly Dowler, scrutinized these defenses and concluded that phone hacking rarely, if ever, met public interest thresholds defined by press codes like the Editors' Code of Practice, which permitted privacy intrusions only for detecting crime, protecting public health, or revealing significant public benefit.^[38] Deputy Assistant Commissioner Sue Akers, leading the police probe into the scandal, testified that while a minuscule fraction of interceptions might hypothetically serve investigative purposes, the systemic use at News of the World—involving over 5,000 potential victims—prioritized commercial scoops over ethical standards or genuine public good.^[181] The inquiry's report emphasized that self-regulatory bodies like the Press Complaints Commission (PCC) failed to enforce distinctions, allowing illegal methods to masquerade as public service.^[182] Defenders of a broader public interest exemption, including some journalists like The Guardian's David Leigh, argued for rare allowances in high-stakes investigations, citing one instance where hacking exposed critical information.^[183] Yet courts in subsequent trials, such as the 2013-2014 Old Bailey proceedings against News of the World executives, rejected such rationales, convicting figures like editor Andy Coulson for conspiracy to intercept communications, with judges ruling that no public interest overrode statutory privacy protections.^[184] This exposed a causal gap: while ethical codes theoretically balanced intrusion against public benefit, the scandal demonstrated how profit-driven tabloid culture eroded that balance, prioritizing circulation boosts—News of the World sold up to 3.8 million copies weekly—over verifiable societal value.^[185] Post-Leveson reforms, including the 2013 Royal Charter for press self-regulation via IPSO, incorporated stricter public interest tests but preserved journalistic autonomy, sparking debates on whether codifying defenses encourages ethical lapses or deters vital exposés. Critics, including inquiry witnesses, noted that without empirical evidence of net public gain from hacking, reliance on vague "interest" claims risks normalizing violations, as evidenced by the scandal's disproportionate focus on trivial scandals over substantive accountability.^[186] Empirical reviews, such as those in the inquiry, affirmed that ethical journalism demands alternatives like open-source verification before resorting to illegality, underscoring that true public interest derives from transparent, lawful methods rather than covert breaches.^[187]

Surveillance State Justifications vs. Civil Liberties

Governments have increasingly employed phone hacking technologies, such as spyware capable of remotely accessing device microphones, cameras, and communications, under the banner of national security imperatives. Proponents argue that these tools are essential for countering terrorism and serious crime; for instance, Israel's NSO Group markets its Pegasus spyware explicitly for law enforcement and intelligence purposes to combat such threats, enabling governments to monitor targets without physical access.^[188] In the United States, Section 702 of the Foreign Intelligence Surveillance Act (FISA), enacted in 2008 and renewed periodically, authorizes warrantless collection of foreign targets' communications, which often incidentally captures Americans' phone data, justified by officials as vital for disrupting plots—NSA leaders have claimed it contributed to identifying over 50 threats since inception, though independent verification of efficacy remains contested.^[189]^[190] Civil liberties advocates counter that such surveillance erodes core protections against unreasonable searches, as enshrined in the Fourth Amendment, by enabling mass data acquisition without individualized warrants. The American Civil Liberties Union (ACLU) has documented how FISA Section 702 facilitates "backdoor searches" of Americans' communications, with over 200,000 such queries annually by FBI agents as of 2022, often unrelated to foreign intelligence and lacking judicial oversight, fostering potential abuse against domestic dissenters.^[191] Similarly, Pegasus has been deployed against journalists, human rights defenders, and political opponents rather than solely terrorists; a 2021 Amnesty International investigation revealed its use in 45 countries to target at least 50,000 phone numbers, including those of European Parliament members and Mexican journalists, leading to documented privacy invasions and self-censorship.^[138] The United Nations human rights office has emphasized that unchecked spyware deployment undermines the right to privacy and freedom of expression, turning smartphones into perpetual surveillance apparatuses.^[192] This tension manifests in legal challenges and policy debates, where security rationales often prevail amid claims of necessity in asymmetric threats. Post-9/11 expansions like the USA PATRIOT Act of 2001 broadened wiretap authorities, with supporters citing prevented attacks—such as the 2009 New York subway plot thwarted via metadata analysis—as empirical validation, per declassified assessments.^[193] Critics, including the Electronic Frontier Foundation, retort that bulk phone surveillance yields low intelligence value while chilling associative rights; empirical reviews, such as a 2014 Privacy and Civil Liberties Oversight Board report, found scant evidence of unique terrorism disruptions from NSA's bulk telephony program, discontinued in 2015 after revelations by Edward Snowden.^[194] In non-Western contexts, authoritarian regimes exploit these tools for suppression, as seen in Saudi Arabia's alleged Pegasus targeting of dissidents like Jamal Khashoggi's associates, prompting UK court acceptance of related lawsuits in October 2024.^[195] While government sources emphasize calibrated use under oversight, like FISA courts approving 99.9% of Section 702 applications since 2008, advocacy groups highlight systemic opacity and incidental domestic harms, advocating stricter warrants and transparency to reconcile security with liberty.^[196]^[150]

Attribution Challenges and False Narratives

Attributing responsibility for phone hacking incidents presents significant technical and evidentiary hurdles, primarily due to the obfuscation techniques employed by perpetrators, such as routing attacks through proxy servers, compromised third-party infrastructure, and anonymization tools like VPNs and Tor.^[197] In mobile-specific contexts, exploits targeting protocols like SS7 enable location tracking and call interception without direct device compromise, but tracing the originating actor requires access to global telecom signaling networks, which span multiple jurisdictions and operators often lacking unified logging or forensic capabilities.^[198] Forensic analysis of infected devices, as in cases involving advanced spyware, can identify malware signatures linking to vendors like NSO Group, yet conclusively tying deployment to a specific state or non-state actor remains elusive absent intercepted command-and-control traffic or insider admissions, compounded by plausible deniability from implicated parties.^[44] False flags exacerbate these challenges by deliberately planting misleading indicators, such as code artifacts mimicking known threat groups or IP addresses from unrelated regions, to deflect scrutiny onto adversaries or fabricate geopolitical motives.^[199] For instance, in spyware campaigns, operators may reuse modular toolkits originally associated with one nation-state, leading to erroneous attributions that serve propaganda purposes, as seen in analyses of operations where initial claims of Russian involvement were later questioned due to inconsistent tooling.^[200] In the realm of commercial phone hacking scandals, such as the News International case, initial corporate narratives minimized scope by attributing actions to isolated "rogue" individuals, a claim contradicted by internal emails and payments records revealing systemic involvement across editorial teams from 2000 onward.^[103] Disinformation campaigns further distort attribution, including pseudoscientific critiques targeting independent research on tools like Pegasus spyware, which aimed to undermine forensic evidence of government misuse by questioning methodology without peer-reviewed counter-analysis.^[201] Vendor assertions, such as NSO Group's repeated claims since 2016 that their software targets only terrorists and criminals under strict vetting, have been challenged by documented infections of journalists and activists, yet evidentiary gaps in client contracts hinder legal attribution, allowing persistent narratives of legitimate use despite U.S. blacklisting in November 2021.^[202] These dynamics underscore how attribution relies heavily on probabilistic indicators—malware IOCs, behavioral patterns, and geopolitical context—rather than irrefutable proof, often resulting in contested claims that prioritize narrative control over empirical resolution.^[203]

References

[1]
PHONE HACKING Definition & Meaning - Dictionary.com
noun. an act or instance of gaining access to a phone's voicemail, email, text messages, etc., without authorization from the phone's owner.
[2]
Timeline - Key dates in Britain's phone-hacking scandal | Reuters
Jun 24, 2014 · Below is a timeline of the phone hacking scandal which has outraged the British public and shaken the political establishment. Jan. 26, 2007 - ...
[3]
UK Phone Hacking Scandal Fast Facts - CNN
Oct 24, 2013 · Journalists at British newspapers are accused of making payments to police and hacking into the phones of celebrities, law makers, royalty, murder victims and ...
[4]
Timeline: News of the World phone-hacking row - BBC
Jul 11, 2011 · This timeline looks at the chain of events in the scandal, starting with the most recent developments.
[5]
News Group settles 17 cases related to allegations of criminality at ...
Sep 7, 2017 · The 17 cases are the first tranche of 91 new claims of phone hacking and illegally obtaining personal information against the Sun and News of ...Missing: consequences notable
[6]
Harry wins hacking payout in phone-hacking case against Mirror ...
Dec 15, 2023 · A judge has ruled in his favour on almost half of the sample of 33 stories used in his claims of phone hacking and other methods. A High Court ...Missing: consequences notable
[7]
Prince Harry v Mirror Group: key findings of the phone-hacking case
Dec 15, 2023 · Prince Harry has been awarded £140,600 in damages after winning a substantial part of his phone-hacking case against the British newspaper ...Missing: notable | Show results with:notable
[8]
Daily Mirror owners must pay £1.2m to celebrity phone-hacking victims
May 21, 2015 · High court judge orders Trinity Mirror to compensate Sadie Frost, Paul Gascoigne and others for suffering caused by intrusions.Missing: consequences notable
[9]
Phone-hacking trial explained - BBC News
Jun 25, 2014 · Phone hacking was a technique used to listen to people's mobile voicemail. Reporters and a private investigator working for the News of the ...
[10]
A Variety of Methods Can Be Used to Tap Into Phone Messages
Jul 6, 2011 · The phone hacking in The News of the World case involved techniques that included taking advantage of default codes and calling cellphone ...
[11]
[PDF] Voicemail System Hacking - Federal Communications Commission
A hacker calls into a voicemail system searching for mailboxes that still have the default passwords active or have passwords with easily-guessed ...
[12]
Voicemail hacking: How easy is it? - New Scientist
Jul 6, 2011 · New Scientist takes a look at the technicalities of phone hacking – and whether you could become a hacker's prey. How can you hack into ...
[13]
Voicemail Hacking | Federal Communications Commission
Oct 6, 2022 · Hackers have been known to hijack voicemail accounts and change outgoing messages so they will accept automated international collect calls, ...
[14]
What Are Eavesdropping Attacks? - Fortinet
Eavesdropping is a form of cyberattack that enables hackers to intercept, delete, or modify data that is transmitted between devices.Missing: surveillance | Show results with:surveillance
[15]
How to tell if your phone is tapped + what to do if it is - Norton
Jun 25, 2024 · Phone tapping is a type of phone hacking that focuses on listening to your calls, like eavesdropping on a line. Hackers might steal data or even ...
[16]
How to Tell If Your Phone Is Tapped and What You Can Do About It
Dec 19, 2024 · From unusual battery drain to unexpected background noises during calls, these subtle clues can indicate someone is monitoring your device.Missing: surveillance | Show results with:surveillance
[17]
How To Tell If Your Smartphone Has Been Hacked | McAfee Blog
May 7, 2025 · Sudden data spikes: You notice a sharp, unexplained increase in your mobile data usage as spyware sends your information to a hacker. ...
[18]
What Is SIM Swapping? Attack, Definition, Prevention | Proofpoint US
SIM swapping attacks succeed because they exploit the intersection of weak technical controls and human psychology. Attackers don't need sophisticated hacking ...
[19]
Understanding and Preventing SIM Swapping Attacks | Bitsight
Jul 2, 2025 · SIM swapping, also known as SIM hijacking, is a type of identity theft in which attackers deceive or bribe mobile carriers into transferring a victim's phone ...
[20]
A deep dive into the growing threat of SIM swap fraud
This allows fraudsters to easily hijack phone numbers, highlighting the need ...
[21]
What Is a SIM Swap Attack and How Can You Prevent It? - Avast
Oct 3, 2025 · SIM swapping often starts with a phishing attack, where scammers try to steal your sensitive information by impersonating a trusted company or ...How Sim Swapping Works · 1. The Cybercriminal Gathers... · How To Prevent Sim Swapping
[22]
Gotta Catch 'Em All: Understanding How IMSI-Catchers Exploit Cell ...
Jun 28, 2019 · IMSI-catchers, which belong to the broader category of “Cell Site Simulators” (CSSs). These devices let their operators “snoop” on the phone usage of people ...
[23]
IMSI Catcher | Mobile Security Glossary - Zimperium
An IMSI catcher is an electronic device that tracks and intercepts mobile phone communications. IMSI catchers are also called Stingrays, rogue cell towers, ...
[24]
[PDF] IMSI Catchers and Mobile Security | UPenn CIS
IMSI catchers are radio devices that pose as fake cellular base stations and exploit vulnerabilities in 2G telecommunications networks on the GSM standard ...<|separator|>
[25]
A Short History of Wiretapping - The New York Times
Feb 28, 2015 · Wiretapping has been around almost since the invention of the telegraph. Union and Confederate soldiers intercepted one another's telegraph ...<|separator|>
[26]
The Listeners: A History of Wiretapping in The United States
Dec 23, 2022 · With reference to the Prohibition era, Hochman explains that some of the earliest cases of Prohibition wiretapping involved bootlegging gangs ...
[27]
Phreaking | Telecom Security, History & Techniques - Britannica
Oct 11, 2025 · The term phreak comes from a combination of the words phone, free, and freak. Phone phreaking first began in the 1960s when people ...
[28]
Mobile phone market size - areppim
Aug 8, 2018 · Chart, graph and statistics of mobile phone market size by number of subscribers worldwide 1980-2008, and forecast till 2025.
[29]
Who, What, Why: Can phone hackers still access messages? - BBC ...
Jul 6, 2011 · The answer is to drop remote access to voicemail altogether, he suggests. Few people use it so why exacerbate the risk of hacking by allowing it.
[30]
No ordinary newspaper - BBC News
Jun 25, 2014 · Phone hacking began in the 1990s because a security flaw meant that anybody could access another mobile phone user's voicemail - providing ...
[31]
Technical support: modern-day eavesdropping | News of the World
Jul 9, 2009 · Phone-hacking journalists guessed pin codes to break into mobile phone voicemail boxes.
[32]
Phone Hacking Scandal: Who's Getting the Message?
Oct 6, 2011 · While most people in the late 1990s and early 2000s (when the bulk of these 'hacks' took place) didn't know – and weren't prompted by operators ...
[33]
House of Commons - News International and Phone-hacking
May 1, 2012 · On 29 November 2006, both Clive Goodman and Glenn Mulcaire pleaded guilty to the charges, brought under section 1(1) of the Criminal Law Act ...
[34]
Timeline: New hacking revelations hit News Corp - Reuters
Jul 6, 2011 · January 2011 - British police open a new investigation into allegations of phone hacking at the News of the World. Police had said in July 2009 ...
[35]
Missing Milly Dowler's voicemail was hacked by News of the World
Jul 4, 2011 · Detectives from Scotland Yard's new inquiry into the phone hacking, Operation Weeting, are believed to have found evidence of the targeting of ...
[36]
Milly Dowler police 'amnesia' over phone hack claims - BBC News
Apr 24, 2013 · Surrey Police's handling of the Milly Dowler murder inquiry has been criticised for failing to check claims the schoolgirl's voicemail was hacked.
[37]
Phone hacking: timeline of the scandal - The Telegraph
The key events in the phone hacking scandal, which has led to the closure of the News of the World, halted Rupert Murdoch's BSkyB takeover bid, and prompted ...
[38]
Phone hacking scandal and Leveson Inquiry | ICO
Nov 18, 2024 · Phone hacking was a technique used to access people's voicemail accounts, to illicitly listen, and sometimes record, the private messages.
[39]
Timeline of the UK phone hacking scandal - CNN
Nov 19, 2012 · January 2007 - NoW royal editor Clive Goodman and private investigator Glenn Mulcaire are convicted of conspiracy to hack into phone voicemails ...
[40]
How Israel's Pegasus Spyware Stoked the Surveillance Debate
Mar 8, 2022 · Since 2011, NSO has licensed Pegasus to foreign law enforcement and intelligence agencies as a means to combat terrorism, drug trafficking, and ...
[41]
Pegasus Spyware: The Complete History | Certo Software
Aug 29, 2025 · This was unprecedented—government hackers were caught using iPhone spyware with multiple zero-day exploits. Apple responded within 10 days ...Missing: timeline | Show results with:timeline
[42]
Human Rights Watch Among Pegasus Spyware Targets
Jan 26, 2022 · Governments should ban the sale, export, transfer, and use of surveillance technology until human rights safeguards are in place. Lama Fakih, ...Missing: timeline | Show results with:timeline
[43]
Why SS7 Attacks Are the Biggest Threat to Mobile Security ...
Oct 29, 2024 · Real-World Examples of SS7 Attacks. SS7 vulnerabilities have been exploited globally, enabling cybercriminals to intercept sensitive data ...
[44]
Forensic Methodology Report: How to catch NSO Group's Pegasus
Jul 18, 2021 · This report documents the forensic traces left on iOS and Android devices following targeting with the Pegasus spyware.
[45]
How the U.S. Came to Use NSO Spyware It Was Trying to Kill
Apr 3, 2023 · As The Times reported last year, the F.B.I. purchased access in 2019 to NSO's most powerful hacking tool, known as Pegasus, which invades mobile ...Missing: timeline | Show results with:timeline
[46]
The Growing Global Spyware Industry Must Be Reined In
Mar 27, 2023 · Relatively inexpensive commercial software can remotely infiltrate the most intimate spaces of a target's digital life to steal their information and secrets.Missing: involvement | Show results with:involvement
[47]
https://techcrunch.com/2025/10/21/apple-alerts-exploit-developer-that-his-iphone-was-targeted-with-government-spyware/
[48]
[PDF] PUBLIC NOTICE - Federal Communications Commission
Mar 27, 2024 · countermeasures to prevent exploitation of vulnerabilities in the Signaling System 7 (SS7) and Diameter protocols to track the location of ...
[49]
How Do You Hack Into Someone's Voicemail? | PBS News
Jul 12, 2011 · The key to breaking into someone's voicemail is to access that person's voicemail prompt and/or management systems.
[50]
1061. Unlawful Access to Stored Communications—18 U.S.C. § 2701
Section 2701 of Title 18 makes it an offense to either (a) intentionally access, without authorization, a facility through which an electronic communication ...
[51]
Electronic Communications Privacy Act of 1986 (ECPA)
A judge may issue a warrant authorizing interception of communications for up to 30 days upon a showing of probable cause that the interception will reveal ...
[52]
[PDF] Signalling Security in Telecom SS7/Diameter/5G - ENISA
The SS7, SIGTRAN, GTP and Diameter signalling protocols are underpinning mobile telephone networks across the globe. It is widely known that these signalling ...
[53]
A Step by Step Guide to SS7 Attacks - FirstPoint
Apr 30, 2023 · SS7 attacks are mobile cyber attacks that exploit security vulnerabilities in the SS7 protocol to compromise and intercept voice and SMS ...
[54]
Location Tracking: Impersonate SS7 Nodes - MITRE ATT&CK®
Apr 5, 2022 · Adversaries may exploit the lack of authentication in signaling system network nodes to track the location of mobile devices by impersonating a node.
[55]
Location tracking attacks exploiting the SS7 Network - Enea
Enea's TIU research has detected an increasing level of sophistication in how attackers are exploiting vulnerabilities in the SS7 network.
[56]
An investigation into SS7 Exploitation Services on the Dark Web
Nov 17, 2021 · There appear to be 4 main alleged SS7 Hacking/Exploitation services on the Dark Web, with one “SS7 Hack”, a clone of a clear web website “SS7.
[57]
2FA fail; hackers exploit SS7 flaw to drain bank accounts - Bitdefender
From as early as 2014, common vulnerabilities in Signaling System 7 (SS7) have been spotlighted for allowing cybercriminals to spy on conversations and text ...<|separator|>
[58]
SS7 hack explained: what can you do about it? - The Guardian
Apr 19, 2016 · Hackers can read text messages, listen to phone calls and track mobile phone users' locations with just the knowledge of their phone number using a ...<|control11|><|separator|>
[59]
Understanding the Vulnerabilities of the Diameter Protocol in 4G ...
Nov 19, 2024 · Denial of Service (DoS) Attacks: Diameter vulnerabilities can enable DoS attacks that disrupt user access to essential network features, causing ...
[60]
[PDF] Potential Threat Vectors to 5G Infrastructure - DNI.gov
POTENTIAL THREAT VECTORS TO 5G ... System 7 (SS7) and diameter protocol vulnerabilities, because they will initially be overlaid on the existing 4G LTE.
[61]
SS7, Diameter, GTP, IMS & 5G Vulnerabilities - P1 Security
Aug 4, 2025 · Explore the most critical telecom protocol vulnerabilities—SS7, Diameter, GTP, IMS, and 5G SBA. Learn how attackers exploit signaling ...
[62]
Network Threats 2025 SS7 & Diameter Vulnerabilities - Cellcrypt
Diameter was intended to replace SS7 for 4G LTE and 5G networks, but security researchers have found it suffers from many of the same fundamental flaws, along ...
[63]
IMSI catchers: hacking mobile communications - ScienceDirect.com
An IMSI catcher, or a rogue cell as it is sometimes called, hoovers up details of callers' International Mobile Subscriber Identity (IMSI) numbers, hence the ...<|separator|>
[64]
FBI Files Unlock History Behind Clandestine Cellphone Tracking Tool
Feb 15, 2013 · The feds call them “cell-site simulators” or “digital analyzers,” and they are sometimes also described as “IMSI catchers.” The FBI says it ...
[65]
IMSI Catchers: Privacy Threats and Protection Methods
Affect Connections: Some devices can interfere with mobile service signals. IMSI catchers have limitations: They cannot intercept encrypted communications ...
[66]
[PDF] Detecting IMSI-Catchers by Characterizing Identity Exposing ...
Feb 24, 2025 · Abstract—IMSI-Catchers allow parties other than cellular network providers to covertly track mobile device users. While.
[67]
[PDF] Network Operator Based IMSI Catcher Detection
The limitation is that these indices are primarily built to search for traffic based on simple identifiers such as a specific customer, network element, ...
[68]
What is Pegasus spyware and how does it hack phones?
Jul 18, 2021 · Pegasus is the hacking software – or spyware – that is developed, marketed and licensed to governments around the world by the Israeli company NSO Group.
[69]
The rising threat of mobile malware | Cybernews
Jul 6, 2025 · Since the beginning of 2025, the number of blocked malware, adware, or unwanted apps attacks on mobile devices reached 12 million attacks.
[70]
[PDF] GSM Authentication Algorithm 'COMP128' - JUST
Aug 15, 2005 · The smartcard reader used in implementing the attack could make 6.25 queries per second to the SIM card. So the attack required about eight ...
[71]
SIM Cards Vulnerable to Hacking; Millions of Phones Possibly Affected
Outdated encryption standard may cripple millions of phones and make them vulnerable to spying, a cryptographer with Security Research Labs intends to ...Missing: exploits | Show results with:exploits
[72]
Combined side-channel attacks on COMP128 - IEEE Xplore
Authentication in GSM networks uses COMP128, which is vulnerable to side-channel attack called partitioning attack. On the device constrained in resources, ...
[73]
How phones get hacked: 7 common attack methods explained
7 ways to hack a phone. Zero-click spyware; Social engineering; Malvertising; Smishing; Fake apps; Pretexting; Physical access. Zero-click spyware.
[74]
What Is Pretexting | Attack Types & Examples - Imperva
Voice phishing (or vishing) is a social engineering technique. This type of attack uses phone calls to trick victims into disclosing sensitive information or ...
[75]
Murdoch Scandal Fallout: Consumers Make Cell Phone Hacking Easy
Jul 21, 2011 · Social engineering -- the art of getting people to inadvertently divulge information through seemingly innocuous questions -- is one way, and ...
[76]
What is Mobile Malware? Types, Methods and Examples
Jul 30, 2025 · One example of a mobile malware campaign is the “Gooligan” campaign, which was discovered in 2016. This campaign targeted Android devices and ...
[77]
Mobile spyware | Malwarebytes Labs
Mobile spyware hides in the background (no shortcut icon is created) on a mobile device and steals information such as incoming/outgoing SMS messages.
[78]
FlexiSPY - The Spyware Tool Crossing the Line Between Security ...
Nov 12, 2024 · FlexiSPY is a commercial spyware application designed to monitor activity on mobile devices and computers.
[79]
Android malware FakeCall intercepts your calls to the bank
Oct 31, 2024 · An Android banking Trojan called FakeCall is capable of hijacking the phone calls you make to your bank.
[80]
Android Trojan that intercepts voice calls to banks just got more ...
Oct 30, 2024 · FakeCall malware can reroute calls intended for banks to attacker-controlled numbers.
[81]
About the Convention - Cybercrime - The Council of Europe
The Budapest Convention is more than a legal document; it is a framework that permits hundreds of practitioners from Parties to share experience and create ...
[82]
[PDF] The Budapest Convention on Cybercrime: benefits and impact in ...
Jul 13, 2020 · The Budapest Convention provides for (i) the criminalisation of conduct ranging from illegal access, data and systems interference to computer- ...
[83]
United States Signs Protocol to Strengthen International Law ...
May 12, 2022 · The Second Additional Protocol to the Budapest Convention will accelerate cooperation among parties to protect our citizens from cybercrime and hold criminals ...
[84]
https://news.un.org/en/story/2025/10/1166182
[85]
UN Threatens Internet Freedom, Privacy, and Due Process - CEPA
Sep 3, 2024 · The treaty lacks necessary safeguards and judicial oversight to protect privacy and free expression, stifles economic growth, and threatens national security.
[86]
International and Foreign Cyberspace Law Research Guide
Jul 9, 2025 · Key treaties include the UN's Universal Declaration of Human Rights, the International Covenant on Civil and Political Rights, and the Council ...
[87]
Special Rapporteur on the right to privacy | OHCHR
The Special Rapporteur is mandated to promote and protect the right to privacy by: Reviewing government policies and laws on the interception of digital ...International standards · Annual thematic reports · Mandate · Country visits
[88]
Recommendation ITU-T X.1127
Sep 6, 2017 · Recommendation ITU-T X.1127 focuses on the functional security requirements and functional architecture for smartphone anti-theft mechanisms ...Missing: interception | Show results with:interception
[89]
Handbook ITU-T SEC-MANUAL (09/2024) - Security in ...
The manual provides an overview of telecommunication and information technology security, examines some of the associated practical issues, and indicates how ...
[90]
[PDF] Guide to International Law and Surveillance
Aug 25, 2017 · This guide discusses how international law, especially human rights law, responds to mass surveillance, and principles like legality, necessity ...<|separator|>
[91]
Unauthorised tapping into or hacking of mobile communications
The definition of the offences relating to unauthorised tapping or hacking in the Regulation of Investigatory Powers Act, and the ease of prosecuting such ...
[92]
Cybersecurity Laws and Regulations Report 2025 England & Wales
Jun 11, 2024 · Hacking is an offence under Section 1 of the Computer Misuse Act 1990 (“CMA 1990”). The CMA 1990 was introduced following a Law Commission ...
[93]
2.2 The Investigatory Powers Act 2016 (IPA) - The Open University
IPA allows certain public bodies to access communications records from communication providers, such as telephone companies and internet service providers, when ...
[94]
Cybersecurity Laws and Regulations Report 2025 USA - ICLG.com
Jun 11, 2024 · ECPA also prohibits intentionally intercepting electronic communications in transit under the Wiretap Act (Title I of ECPA), 18 U.S.C. § 2511, ...
[95]
9-48.000 - Computer Fraud and Abuse Act - Department of Justice
The Computer Fraud and Abuse Act (CFAA), codified at Title 18, United States Code, Section 1030, is an important law for prosecutors to address cyber-based ...
[96]
Computer Crime Statutes - National Conference of State Legislatures
All 50 states, Puerto Rico and the Virgin Islands have computer crime laws; most address unauthorized access or computer trespass.Hacking, Unauthorized Access... · Ransomware & Computer...Missing: United | Show results with:United
[97]
[PDF] 1 The Human Rights Act, European Convention on Human ... - LSE
Interception of mobile phones and voicemail is regulated by law under the Regulation of. Investigatory Powers Act (RIPA), passed in 2000.Missing: treaties standards
[98]
Phone hacking - BBC News
Andy Coulson sentencing. Former News of the World editor and Number 10 director of communications Andy Coulson is jailed for 18 months for conspiracy to hack ...
[99]
Ian Edmondson jailed for eight months over phone hacking | UK news
Nov 7, 2014 · “I hope after today's sentencing, and the conviction or admission of guilt by seven others including Cameron's advisor Andy Coulson, that both ...
[100]
Phone hacking: CPS calls end to prosecutions - BBC News
Dec 11, 2015 · A total of 12 prosecutions for offences relating to phone hacking were brought and there had been nine convictions, the CPS said, external.
[101]
Exploring Law Enforcement Hacking as a Tool Against ...
Apr 23, 2024 · Western law enforcement agencies have become more assertive in responding to international cyber crime, including through their own disruptive cyber operations.
[102]
Finding, Prosecuting, and Punishing Hackers
Oct 26, 2020 · Hackers rarely get caught, and only a small percentage of cybercrime is prosecuted. Law enforcement is underfunded, and international efforts ...
[103]
News of the World: 10 years since phone-hacking scandal brought ...
Jul 10, 2021 · Fifteen years after the first phone hacking conviction, tens of millions of pounds are still being spent by News UK every year settling claims ...
[104]
The Difficulties of Litigating Cyber Crime
Mar 30, 2016 · Difficulties include proving "injury in fact", difficulty in attribution and detection, international nature of crimes, and the need for " ...
[105]
The U.S. Is Less Prepared to Fight Cybercrime Than It Could Be
Aug 29, 2023 · In a recent report, we found that these efforts have limitations that have left the US less prepared to combat these crimes.<|separator|>
[106]
NSA collects millions of text messages daily in 'untargeted' global ...
Jan 16, 2014 · NSA extracts location, contacts and financial transactions 'Dishfire' program sweeps up 'pretty much everything it can'
[107]
Report: NSA 'collected 200m texts per day' - BBC News
Jan 17, 2014 · The programme, Dishfire, analyses SMS messages to extract information including contacts from missed call alerts, location from roaming and ...
[108]
NSA Dishfire presentation on text message collection – key extracts
Jan 16, 2014 · Documents provided by NSA whistleblower Edward Snowden reveal program codenamed 'Dishfire' collects up to 200 million text messages a day ...
[109]
NSA Reportedly Collected Millions Of Phone Texts Every Day - NPR
Jan 16, 2014 · The NSA's collection of text messages in the program, codenamed Dishfire, is arbitrary, The Guardian says, and the information is stored in ...
[110]
Snowden documents show NSA gathering 5bn cell phone records ...
Dec 4, 2013 · The National Security Agency is reportedly collecting almost 5 billion cell phone records a day under a program that monitors and analyses highly personal data.Missing: interception | Show results with:interception<|separator|>
[111]
Domestic Surveillance Techniques - Our Data Collection Program
Our bulk cellphone location tracking program captures almost 5 billion records a day and feeds into a massive 27 terabyte database storing information about the ...
[112]
GCHQ and NSA Collaborate to Steal the Keys to Your Cellphone
Feb 19, 2015 · That's because today, The Intercept revealed that British spy agency GCHQ led successful efforts to hack into the internal networks of Gemalto, ...Missing: SS7 | Show results with:SS7
[113]
Sim card firm links GCHQ and NSA to hack attacks - BBC News
Feb 25, 2015 · A Sim card maker at the centre of NSA-GCHQ hacking claims says it believes that the US and UK cyberspy agencies did attack it.Missing: SS7 | Show results with:SS7
[114]
German researchers discover a flaw that could let anyone listen to ...
Dec 18, 2014 · German researchers have discovered security flaws that could let hackers, spies and criminals listen to private phone calls and intercept text messages.
[115]
Five Eyes | Privacy International
Data revealed by the whistleblower, who is seeking to expose vulnerabilities in a global messaging system called SS7, appears to suggest a systematic spying ...
[116]
[PDF] Lawful Intercept - SS7 Monitoring Solutions - Aculab
SS7 signalling can be monitored to detect call placement and/or service or feature interaction, and to determine parameters such as: caller ID (CLI/ANI); ...
[117]
[PDF] TS 101 671 - V3.3.1 - Lawful Interception (LI) - ETSI
The present document is step 3 of a three-step approach to describe a generic Handover Interface (HI) for the provision of lawful interception from a Network ...
[118]
Solutions For Lawful Interception - Squire Technologies
Squire Technologies provide both an Active and Passive lawful interception architecture allowing clients to target SIP, H.323, SS7, SIGTRAN, ISDN networks.
[119]
Cell-Site Simulators/ IMSI Catchers - Street Level Surveillance
They work by plucking cellular transmissions out of the air, the same way an FM radio works. They then decode (and sometimes decrypt) those signals to find the ...
[120]
Police secretly track cellphones to solve routine crimes - USA Today
Aug 23, 2015 · Police in Baltimore and other cities used the phone tracker, commonly known as a stingray, to locate the perpetrators of routine street crimes.
[121]
Controversial snooping technology 'used by at least seven police ...
Oct 10, 2016 · Documents reveal usage of IMSI catchers, which harvest information from phones, is far higher in UK than previously known.
[122]
Carpenter v. United States | 585 U.S. ___ (2018)
Carpenter v. United States: Obtaining cell-site location information constitutes a search under the Fourth Amendment, requiring a warrant supported by ...
[123]
Riley v. California – EPIC – Electronic Privacy Information Center
In Riley v. California, the lower court ruled that a police officer can not only seize and secure a suspect's cell phone pursuant to an arrest, they can ...
[124]
Justice Manual | 28. Electronic Surveillance—Title III Applications
It must be prepared by an applicant identified as a law enforcement or investigative officer. · It must identify the type of communications to be intercepted.
[125]
Stingray: A New Frontier in Police Surveillance | Cato Institute
Jan 25, 2017 · In the 1967 case Katz v. United States, the Supreme Court ruled that a police wiretap of a phone booth was a search within the meaning of the ...
[126]
15 Top NSA Spy Secrets Revealed by Edward Snowden - Spyscape
Snowden revealed that spooks collect Yahoo webcam images in bulk through the GCHQ Optic Nerve program. GCHQ - with help from the NSA - collects images of users ...
[127]
Edward Snowden: Leaks that exposed US spy programme - BBC
Jan 17, 2014 · Edward Snowden, a former contractor for the CIA, left the US in late May after leaking to the media details of extensive internet and phone surveillance by ...
[128]
NSA surveillance exposed by Snowden was illegal, court rules ...
Sep 3, 2020 · An appeals court has found the program was unlawful – and that the US intelligence leaders who publicly defended it were not telling the truth.
[129]
NSA Documents Released to the Public Since June 2013 - ACLU
Internal NSA document outlining the agency's ability to intercept, process and discern location data from mobile phone calls. Press 2. 12/10/2013 10/01/2012
[130]
A Detailed Look at Hacking Team's Emails About Its Repressive ...
Jul 7, 2015 · Documents obtained by hackers from the Italian spyware manufacturer Hacking Team confirm that the company sells its powerful surveillance ...
[131]
A Hacker Is Hacked: Controversial Italian Cyber Espionage ... - NPR
Jul 6, 2015 · A controversial cyber espionage company called Hacking Team is reeling this morning after hackers gave it a taste of its own medicine by breaking into its ...
[132]
Documents Show FBI, DEA and U.S. Army Buying Hacking Team ...
Jul 6, 2015 · The controversial software allows users to remotely control suspects' computers, recording calls, emails, keystrokes and even activating cameras.
[133]
Mapping Hacking Team's “Untraceable” Spyware - The Citizen Lab
Feb 17, 2014 · The second in a series of posts that focus on the global proliferation and use of Hacking Team RCS spyware, which is sold exclusively to ...
[134]
Vault 7: CIA Hacking Tools Revealed - WikiLeaks
CIA malware targets iPhone, Android, smart TVs ... CIA malware and hacking tools are built by EDG (Engineering Development Group), a software ...
[135]
Wikileaks: CIA has tools to snoop via TVs - BBC News
Mar 7, 2017 · The CIA has malware to hack mobile phones and turn TVs into secret listening devices, Wikileaks says.
[136]
Wikileaks Vault 7 CIA Grasshopper, Marble Framework ... - WIRED
May 7, 2017 · Snowden added that the CIA capabilities do not show hacking in the individual apps but the operating systems on mobile devices.
[137]
WikiLeaks Vault 7 reveals staggering breadth of 'CIA hacking'
Mar 7, 2017 · One of the greatest focus areas of the hacking tools was getting access to both Apple and Android phones and tablets using “zero-day” exploits.<|separator|>
[138]
Massive data leak reveals Israeli NSO Group's spyware used to ...
Jul 19, 2021 · Agnès Callamard, Secretary General of Amnesty International. The Pegasus Project is a ground-breaking collaboration by more than 80 journalists ...
[139]
Revealed: leak uncovers global abuse of cyber-surveillance weapon
Jul 18, 2021 · The investigation by the Guardian and 16 other media organisations suggests widespread and continuing abuse of NSO's hacking spyware.
[140]
[PDF] Committee of Inquiry to investigate the use of Pegasus and ...
May 8, 2023 · In response to this growing scandal, on 10 March 2022, the European Parliament decided to set up a committee of inquiry pursuant to Article 226 ...
[141]
About the Pegasus Project - Forbidden Stories
Jul 18, 2021 · A leak of 50000 numbers surveilled by NSO Group clients reveals systematic abuse. Forbidden Stories and Amnesty accessed numbers selected ...
[142]
News of the World 'hacked Milly Dowler phone' - BBC
Jul 4, 2011 · An investigator working for the News of the World allegedly hacked into the mobile phone of murdered girl Milly Dowler, a lawyer for the family says.Missing: details | Show results with:details
[143]
Sienna Miller Was 'Traumatized' by Phone Hacking Scandal - Variety
Jun 15, 2023 · Sienna Miller says she was left “traumatized” by alleged phone hacking to the point she “blacked out.” It was in 2005 that news broke ...
[144]
Sienna Miller says Sun used 'illegal means' to find out pregnancy
Dec 8, 2021 · Sienna Miller believes details of her 2005 pregnancy were obtained by the then editor of the Sun, Rebekah Brooks, using “blatantly unlawful means”, a court has ...
[145]
Prince Harry settles phone-hacking claim with Mirror group - BBC
Feb 9, 2024 · The publishers will pay all of Prince Harry's legal costs, plus around £300,000 extra in damages, sources say.Missing: outcome | Show results with:outcome
[146]
Prince Harry claims 'monumental victory' after reaching settlement ...
Jan 22, 2025 · The duke was subsequently awarded £140,600 ($179,000) after the court ruled he was the subject of “extensive” phone hacking by the publisher ...
[147]
Phone-hacking victims: lives 'torn apart' by decade of mistrust and ...
May 21, 2015 · Davina McCall is said to be among 70 new high profile claimants. Phone hacking: seventy more high profile claimants to sue Trinity Mirror. Read ...
[148]
Phone hacking: 58% of UK public say they have lost trust in papers
Nov 14, 2011 · One in four Americans said their trust in UK media outlets had been eroded by the hacking revelations, which have been widely covered in the US.
[149]
Informing media regulation in the wake of the phone-hacking scandal
The revelations shocked the nation and the world, and sparked a call for greater scrutiny of media activity and more protection of individual privacy. Key to ...
[150]
Spyware and surveillance: Threats to privacy and human rights ...
16 Sept 2022 · The report details how surveillance tools such as the “Pegasus” software can turn most smartphones into “24-hour surveillance devices”.
[151]
How digital espionage tools exacerbate authoritarianism across Africa
Nov 19, 2021 · According to Pegasus Project revelations, politicians and government officials from 34 countries were targeted by NSO spyware. Of these ...<|separator|>
[152]
[PDF] The impact of Pegasus on fundamental rights and democratic ...
Pervasive surveillance affects people's privacy, data protection, and further individual rights —such as the rights to freedom of speech, association, and ...
[153]
Scale of secretive cyber surveillance 'an international human rights ...
Jul 23, 2021 · Pegasus severely impacts the right to privacy by design: it is surreptitious, particularly intrusive, and has the capacity to collect and ...Missing: implications | Show results with:implications
[154]
Phone-hacking scandal cost Murdoch media £1bn - Press Gazette
Jul 8, 2021 · The phone-hacking scandal and subsequent legal issues have cost Rupert Murdoch's UK publishing business more than £1bn ($1.4bn), an investigation by Press ...Missing: economic | Show results with:economic
[155]
Phone Hacking: New revelations of the Murdoch empire's ...
Sep 29, 2025 · The original scandal revealed that Murdoch's London tabloid papers engaged in phone tapping on an industrial scale, bribed police and engaged in ...
[156]
The Sun loses £66m amid costs from phone-hacking scandal
Apr 9, 2024 · Phone-hacking litigation continues to be a drain, with the Sun's parent company paying £51.6m in costs linked to the scandal, down from £128.3m ...Missing: economic | Show results with:economic
[157]
Daily Mirror publisher faces 101 phone-hacking lawsuits in UK
Nov 20, 2024 · Mirror Group Newspapers (MGN) is facing 101 phone-hacking lawsuits from public figures including actors Kate Winslet, Sean Bean and Gillian ...
[158]
Phone hacking in the British press: three key moments in the scandal
Dec 22, 2023 · In 2014 key journalists who had worked for the Rupert Murdoch-owned News of the World were charged with conspiring to hack voicemails.
[159]
News of the World: Counting the cost - BBC
Jul 7, 2011 · The hacking scandal is already proving highly damaging to the News of the World's reputation. Not to mention, to the careers of many of the ...
[160]
SS7: Securing a Legacy Protocol in a Modern Threat Landscape ...
Sep 18, 2025 · The SS7 signalling protocol, has critical vulnerabilities due to its outdated design: it lacks authentication and encryption, making it ...Missing: upgrades | Show results with:upgrades
[161]
[PDF] Technical report on SS7 vulnerabilities and mitigation measures for ...
Telecom vulnerabilities can be exploited through two attack surfaces, the SS7 network and the cellular air interface: • The SS7 network is a legacy ...
[162]
[PDF] Vulnerabilities of signaling system number 7 (SS7) to cyber attacks ...
SIGTRAN decomposes the SS7 stack and allows different layers to communicate using an IP transport layer. Instead of using MTP as a transport protocol, SIGTRAN ...<|separator|>
[163]
4G LTE Architecture and Security Explained: Protocols, Attack ...
Jun 2, 2025 · Explore the architecture, protocols, and security flaws of 4G LTE networks. Learn how Diameter, GTP, IMS, and legacy interfaces expose ...
[164]
Security challenges in the transition to 4G mobile systems in ...
Feb 8, 2023 · With higher bandwidths, better spectrum efficiency, and lower latency than legacy cellular networks, the 4 G/LTE network provides advanced ...
[165]
Why SS7 and Diameter Are Being Replaced by HTTP in 5G ...
Jul 23, 2025 · Traditional signalling systems like SS7 (Signalling System 7) and Diameter are being replaced by HTTP/2-based APIs in 5G Standalone (5G SA) ...
[166]
Securing the 5G Era - GSMA
In addition, enhanced security of the international roaming services are introduced to overcome the existing security risks linked to SS7 and Diameter usage.
[167]
A Practitioner's Take on the GSMA 5G Security Guide (July 2024)
May 27, 2025 · A Major Leap from Legacy: The introduction of the SEPP is a huge improvement over 4G/3G/2G roaming, where SS7 and Diameter vulnerabilities were ...
[168]
How to Communicate Securely on Your Mobile Device - CISA
End-to-end encryption – This prevents threat actors from accessing the contents of your communications. VoIP – This allows you to make voice calls over the app ...
[169]
[PDF] Mobile Communications Best Practice Guidance - CISA
Dec 18, 2024 · 1. Use only end-to-end encrypted communications. Adopt a free messaging application for secure communications that guarantees end-to-end.
[170]
Apple and Google Are Introducing New Ways to Defeat Cell Site ...
Sep 13, 2023 · Cell-site simulators (CSS)—also known as IMSI Catchers and Stingrays—are a tool that law enforcement and governments use to track the ...
[171]
Cybersecurity Best Practices - CISA
Using strong passwords, updating your software, thinking before you click on suspicious links, and turning on multi-factor authentication are the basics of what ...
[172]
How To Protect Your Phone From Hackers | Consumer Advice
How To Protect Your Phone From Hackers · 1. Lock Your Phone · 2. Update Your Software · 3. Back Up Your Data · 4. Get Help Finding a Lost Phone.Missing: mechanisms | Show results with:mechanisms
[173]
[PDF] Ten Steps to Smartphone Security
1. Set PINs and passwords. To prevent unauthorized access to your phone, set a password or Personal Identification. Number (PIN) on your phone's home screen ...Missing: hacking firms<|separator|>
[174]
[PDF] Mobile Security Tip Card - CISA
Keeping the software on your mobile device up to date will prevent attackers from being able to take advantage of known vulnerabilities.
[175]
Protect the Physical Security of Your Digital Devices - CISA
To protect your devices when they are not in your direct physical control, keep them locked in a secure physical area with limited access by others.Missing: hacking | Show results with:hacking
[176]
PM statement on phone hacking - GOV.UK
Jul 20, 2011 · Prime Minister David Cameron has delivered a statement to the House of Commons on the phone hacking scandal and judicial inquiry.
[177]
How is the press regulated? - The House of Commons Library
Jul 16, 2024 · Ipso and Impress are the two press regulators in the UK. Both ... response to the “phone hacking” scandal of 2002 to 2011. The current ...
[178]
Ice obtains access to Israeli-made spyware that can hack phones ...
Sep 2, 2025 · It said that the US “shall not make operational use of commercial spyware that poses significant counterintelligence or security risks to the ...Missing: regulations | Show results with:regulations
[179]
The International Regulatory Framework of Spyware Companies ...
Jan 30, 2023 · This approach might entail creating a new international legally binding treaty that includes sanctions in cases of misuse of the technologies.
[180]
The Phone Hacking Scandal: Global Implications
Jul 30, 2012 · The fallout from Hackgate shows that the unethical and illegal conduct of a few has potential to change regulatory outcomes for the entire industry.
[181]
Opinion: Why journalists need public interest defense | CNN
Apr 10, 2012 · Those are the two key aspects that seem to separate this instance from two others: the phone hacking scandal and the outing of the Night Jack ...
[182]
Phone-hacking: The upside and downside for journalism
Jul 22, 2011 · The upside of the scandal for journalism is that people will take journalism ethics seriously. There will be public scrutiny of what standards ...
[183]
Can phone hacking ever be justified in the public interest?
Dec 6, 2011 · The Guardian's investigations editor told the Leveson Inquiry today that in rare cases it could be. David Leigh said the one occasion he did ...
[184]
Phone hacking trial laid bare the dark arts of unethical journalism
Jun 25, 2014 · The scandal around phone hacking has been unfolding since the arrest of News of the World private investigator Glenn Mulcaire in August 2006.Missing: definition | Show results with:definition
[185]
Britain's Scandal, Private Media and Public Interest
Britain's phone-hacking scandal is raising questions about the power and reach of Rupert Murdoch's media empire. For Columbia University's Nicholas Lemann ...
[186]
10. UK journalists' views on ethics and the acceptability of ethically ...
Apr 23, 2025 · That inquiry, spurred by the fallout from the notorious phone-hacking scandal in the 2000s, reviewed British media ethics, highlighted ...<|separator|>
[187]
Ethics & abuses - Leveson Inquiry
The Inquiry examined issues such as the impact of phone hacking, the ... The Inquiry made three Recommendations relating to the public interest. Find ...
[188]
Limiting Government Use of Commercial Spyware | GJIA
Sep 4, 2024 · Over the past decade, to strengthen its political alliances with countries such as Saudi Arabia and the UAE, Israel has turned to the NSO ...<|control11|><|separator|>
[189]
Keynote Speech by GEN Paul M. Nakasone at the Privacy and Civil ...
Jan 12, 2023 · In the judicial branch, the Foreign Intelligence Surveillance Court plays a crucial role in overseeing NSA's activities under FISA Section 702.
[190]
Reforming Section 702 of the Foreign Intelligence Surveillance Act ...
Dec 8, 2023 · Ahead of the approaching sunset date of Section 702 of FISA, this report analyzes the statute's history, debates over privacy and civil ...
[191]
Five Things to Know About NSA Mass Surveillance and the Coming ...
Apr 11, 2023 · The Fourth Amendment guarantees the right to be free from unreasonable searches and seizures. Government agents are required to obtain a warrant ...Missing: hacking | Show results with:hacking
[192]
Pegasus: Human rights-compliant laws needed to regulate spyware
Jul 19, 2021 · The UN human rights chief on Monday said the apparent widespread use of Pegasus spy software to illegally undermine the rights of those under surveillance,
[193]
End Mass Surveillance Under the Patriot Act - ACLU
The law amounted to an overnight revision of the nation's surveillance laws that vastly expanded the government's authority to spy on its own citizens.
[194]
Civil Liberties and Law in the Era of Surveillance - Cover Story
Nov 13, 2014 · “People who realize they're being surveilled are less likely to write emails, place phone calls, and express themselves freely if they know they ...Missing: justifications hacking
[195]
Saudi Arabia: UK Court Accepts Case About Saudi Spyware Use
Oct 22, 2024 · “The Saudi government has been accused of using the NSO Group's Pegasus spyware to monitor and silence Saudi human rights defenders for ...<|separator|>
[196]
Why Congress Must Reform FISA Section 702—and How It Can
Apr 9, 2024 · Section 702 allows the government to collect foreign targets' communications without a warrant, even if they may be communicating with Americans.
[197]
Hacker Lexicon: What Is the Attribution Problem? - WIRED
Dec 24, 2016 · The attribution problem is the idea that identifying the source of a cyber attack or cyber crime is often complicated and difficult.Missing: challenges | Show results with:challenges
[198]
SS7 protocol: How hackers might find you - Infosec Institute
May 5, 2016 · SS7 protocol surveillance · SS7 flaw surveillance · SS7 attacks ukraine · Flaws SS7 protocol spy on phone · Surveillance solutions · Hackers access ...
[199]
False Flags and Mis-Direction in Hacker Attribution - SecurityWeek
Oct 13, 2016 · The unspoken danger is that if the identity of one hacking group can be misrepresented as a false flag, then so could any hacking group. ...
[200]
Examples of False Flags in Cybersecurity: Everything You Need to ...
Feb 18, 2025 · A false flag cyber attack is a deceptive tactic where a hacker or threat actor intentionally makes an attack look like it was carried out by someone else.How False Flag Cyber Attacks... · Famous False Flag Incidents... · The Next False Flag...
[201]
[PDF] Attacking NGO Research with Pseudoscience
In this paper, we studied a recent disinformation campaign targeting Amnesty International and Citizen Lab Pegasus spyware research. We analyzed seven non-peer- ...Missing: challenges | Show results with:challenges
[202]
Lessons for policymakers from the NSO Group saga | Brookings
Jan 19, 2022 · For years, NSO claimed Pegasus was provided only to “authorized governments” in the fight against “terror and crime.” Unrivaled in its ability ...<|separator|>
[203]
A survey of cyber threat attribution: Challenges, techniques, and ...
Yet attribution today faces existential challenges. Adversaries employ AI-driven obfuscation, exploit jurisdictional arbitrage, and manipulate geopolitical ...