Vodafone 'was warned of hacking risk in 1999'
Former customer tells Leveson inquiry he warned company of the risk of phone hacking in 1999, but was 'fobbed off'
NEWBURY-based Vodafone was drawn into the heart of the phone hacking debate on Tuesday, and was accused of ignoring warnings of the risks to security in 1999.
The Leveson Inquiry, which was set up by the Government to look into the culture, practices and ethics in the press, including the practice of listening to people's voicemail to obtain private information, heard that Vodafone was warned about the security loophole.
The loophole, which involves using a default password to access voicemail remotely allowed private investigators working for news papers to access private messages.
Giving evidence at the inquiry, Steven Nott, a former Vodafone customer, said he was ‘fobbed off' when he alerted the company of the potential security failure.
There was outrage earlier this year when evidence of widespread phone hacking came to light, including on the phones of victims of crime, such as that of Milly Dowler.
This eventually led to the closure of the News of the World and allegations against other papers.
Mr Nott said he contacted Vodafone's Newbury headquarters on several occasions in 1999 to warn that the practice of allowing access to voicemail from a different phoe using a default security number could lead to breaches of privacy.
Mr Nott claimed: “They didn't take any notice of me. They kept saying to me: ‘It's not a problem, we cannot see why there is going to be a problem. Why are you making so much of a fuss?'”
At the time, it was possible to listen to your own voicemail from another phone by dialling your own number, then pressing number nine while listening to your voicemail message, followed by entering the security code, which on Vodafone had been set to the default value of 3333. Other networks used similar processes and some still do.
Mr Nott said the process was described to him in detail when he had to access his voicemail remotely. He said: “I had a moment where I thought to myself: ‘Well, this is insecure' straight away and I then said to the lady that means I could ring everybody else's mobile and access their voicemail. She said: ‘Yes, but you could, but you are not supposed to.'”
Vodafone changed the process in 2002, making it more secure by abolishing the practice of assigning a default pin, with customers now having to set up the service manually.
Vodafone spokeswoman Jane Frapwell said: “At the time, in line with the rest of the industry, default pins were used, but we did advise customers to change these pins.
“We did take security very seriously then, as we do now.”
Ms Frapwell said: “I have no records of conversations with Mr Nott anymore, so I cannot comment on what he has said.”
“The system was not changed in response to any specific problems of phone hacking. We constantly update our systems and this was a simple progression of our security.”
She said she did not know whether the company would give evidence at the Leveson enquiry.
The enquiry – now in its 13 day – continues today.