Friday, December 18, 2009

Voicemail Hackability

Voicemail Hackability

If you haven’t noticed, cell phone voicemails have changed dramatically over the years. It went from calling your direct mailbox and entering your entire phone number and a password, to entering a simple five digit code, to calling directly from your phone without any authorization besides for the cell phone number checks, to even storing messages directly to your phone. Still, many mobile phones' have voicemail systems that are based on the caller ID of the incoming caller. This is how it works: If the owner of a cell phone decided to check his voicemail directly from his cellular phone, the caller id would recognize his number and give him direct access to his voicemails, no questions asked. There was only one problem with this, if anyone could spoof your caller ID, they could access your voicemail. After a few high profile voicemail attacks through this vulnerability, mobile operators have began urging customers to change their voicemail preferences to require a pass code. Still, there were some operations out there that went under names like SpoofCard, Love Detect and Liar Card, that would spoof a caller ID to get access to a voicemail box. The company behind them has been fined, but what may be more interesting is that T-Mobile and AT&T were also both fined for apparently being misleading about their susceptibility to the hack.

I always wonder about the security of voicemails. I remember times when I would be able to call my friends’ or family’s cell phones, push the pound key, and then enter the generic 9999 pass code and gain access to all of their voicemails (they knew of course). Thinking back to my discovery, I wondered if others discovered this same “hack and took it further. I was not surprised to see find a hack used to enter voicemail boxes but I was surprised to see AT&T and T-Mobile being fined over it. My only logical explanation for this is the fact that AT&T and T-Mobile did not take the necessary precautions to maintain the integrity and confidentiality of their customers.

Posted by italian at 12/18/2009 02:08:00 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)