The enquiry was sparked off by the scandal caused by widespread hacking by journalists into the voicemail of mobile phones belonging to celebrities and private citizens. However, its remit expanded to cover the whole area of press ethics and the possible need for regulation of the press. The resulting report has been hotly discussed, as it has important implications for press freedom in the UK.
Information security firm commissum, based in Edinburgh (see http://www.commissum.com), includes mobile phone security among its specialisms. Briony Williams, a security consultant at commissum, remarks: “The Leveson report highlights the consequences of not following basic security practices – such as setting a non-default PIN number to access voicemail from a different device. Phone companies now require this, so the original method of voicemail hacking is now far more difficult. So consumers may think that all is well. Unfortunately, the picture is more complicated, as it shows that information security needs to be designed into every system from the start. Phone companies initially sold phones with an important security feature -- a personalised PIN number -- turned off by default. We need a new approach, one that turns security features on by default.”
The spectacular growth in mobile devices over the past few years has made this a particularly pressing issue. With a shift away from desktop computers and even away from laptops towards tablets and smartphones, the stakes are high and the potential for criminal behaviour is increasing all the time. Briony Williams of commissum adds: “The phone hacking scandal shows what can happen when manufacturers press ahead with innovation and feature enhancement while ignoring security. If there is one good thing to come out of the scandal and the subsequent Leveson enquiry, then it could be the fact that device designers now have no excuse for remaining unaware of security issues. But only time will tell whether they take these developments to heart and begin to design in security features from the ground up. In the meantime, users of existing mobile devices must take care to set all available security features on their device.”