Is it difficult? The Telegraph’s Adrian Hon says it can be quite simple:
Many people never bothered setting a PIN code for their voicemail, meaning that it stayed as the same default code as the operator uses for everyone else; in these cases, a ‘phone hacker’ could gain access in seconds. But even if people changed their PIN codes, they’d frequently use something obvious such as 1234, 1111, 5555, or perhaps their own (or a family member’s) date of birth. Again, all very easy to guess.
Let’s assume that you chose a random number for your PIN though, something totally unguessable. In this case, the hacker would engage in a spot of ’social engineering’ by calling up your mobile operator, pretending to be you by providing such easily-obtainable information as your date of birth, mother’s maiden name, home address, etc., and asking them to reset your PIN. And then they’d have access.
And then he gives the warning we all should be reminded of over and over:
We seem to have an equally blase attitude to our other online data. Thanks to massive and repeated password leaks from sites like Sony Playstation and Gawker mean that by now, practically everyone knows how important it is to have a secure password (preferably not ‘password’ or ‘hello’) containing a mix of numbers, upper and lower-case characters, and symbols – and not just that, but unique passwords for every single website and service.