AT&T increases voice mail security

AT&T increases voice mail security Password meant to deter hackers

By Hiawatha Bray Globe Staff / August 6, 2011

AT&T Inc. is changing the default method by which cellular customers check their voice mail, after reports that the company's policies made messages more vulnerable to hackers than on other cellphone carriers.

The giant telecommunications company said yesterday it will start requiring users to enter a password to access their voice mails from their own cellphones. Until now, AT&T users calling from their own phones would immediately get access to their voice mails without entering a password.

...

formatting link

Reply to
Monty Solomon
Loading thread data ...

formatting link
This is very interesting because it's the first time I have seen in print (as it were) that the News International voicemail intercepts were achieved by using the "handset's own CLI" exploit rather than guessing at the PIN.

I have been saying on the UK telecom newsgroups since the story broke, that this is a likely scenario.

None of the UK mobile networks have issued guidance to the general public about activating PIN protection for voicemail retrieval *from the actual handset*, and they certainly haven't imposed this as the default condition.

Reply to
Graham

Where in the article did it say that this is how these hackers did it? I wouldn't be surprised if that's what they did, but there was no confirmation of it.

I'm surprised that this works on a cellular network. Can't they identify cellphones by their SIM cards?

Reply to
Barry Margolin

Sure they can. But they can't identify the *owner* of the hand that's holding the cellphone they've identified the SIM card in.

Cheers, -- tlvp

-- Avant de repondre, jeter la poubelle, SVP

Reply to
tlvp

formatting link
So I wonder, has Sprint fixed theirs yet? They did the exact same thing which made it REALLY easy to hack into someones voicemail.

I clued a friend about MagigJack and a little PERL script proxies the MJ connection and lets you set your Caller ID to that of the cell phone. Then dial the phone via MagicJack and voila, you're in!

Reply to
T

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.