Far easier is to work for a cell phone carrier or bribe someone who does or pay a service provider for your own access to the global Equipment Identity Register (EIR) database carriers use to identify all those mobile devices.
Access is normally used to track stolen phones, but that process can be reversed to find the phones you'd like to steal, or at least break in to.
The hard way
The old-fashioned telecom-engineer approach – according to a BBC story written in 2002, not long before the first wave of phone-hack scandals began at NOTW – is to spoof the victim's cell phone number and authentication data, dial in to the voice mail system, and fake your way to the v-mails.
Ways to do that vary from the nicely hands-on techy to the embarrassingly commercial.
The key is to be able to convince the voice-mail server that you are calling from the cell phone of your victim – an identification they make using the.
In 2002 the BBC described techniques requiring special cable connections and hardware for "chipping" the phone – directly changing the ID number within your phone, which would require knowing the victim's identifier as well.
Highly specialized hardware designed to analyze and, often, clone cell phones, can pick up the ID numbers and image everything on the phone at the same time.
That may be a trick, but once you have it, you could be home free.
In 2005, when Paris Hilton made news after her phone was hacked, U.S. carriers allowed customers to bypass the PIN requirement and access voice mails directly, relying on the IMEI or ESN, with no PIN necessary.
The easier way
It's not even necessary to change your phone anymore. Using any of a dozen Caller ID Spoofing services – which are designed, they say, to protect the privacy of callers, not abet invasions of privacy – you can make calls that appear to come from someone else.
Those services only change the Caller ID number that shows up on the phone, however, not the IMEI or ESN the voice-mail servers use to verify the identity of the hardware itself.