Phone hacking is likely to be far more widespread than anyone has acknowledged, The Economist
reports.
Many corporate telephone systems and answering machines allow for the remote collection of voicemail. Voicemail passwords are often set to match the voicemail extension, or are set to the easy-to-guess codes. And brute-force attacks to reveal a PIN may also be possible in some circumstances.
In America it appears it is trivially easy for anyone who knows a little about phone systems to access someone else's voicemail by "spoofing" the caller ID. From
AT&T:
We are aware of companies that offer “spoofing” technology, which enables others to gain unauthorized access to wireless voicemail accounts that are not protected by a password. If you are concerned about unauthorized access to your wireless voicemail account, we recommend you add a password to your voicemail account.
The Economist on how they do it:
You can either call a central number and key in the mobile phone number, or you can tie up the mobile phone on one call while a second call is diverted to voicemail. The four-digit personal identification number (PIN) is then easy to guess, or trick out of the phone companies.
The New York Times reports that often, all it took was a simple four-digit PIN, such as 1111 or 4444, which many users did not bother to change after buying their mobiles. But even if PINs were changed, there is a short list of very frequently used codes which are easy enough to guess. Users prefer numeric passwords such as 1234, 4321, 2345, 3456 (etc), 0000, 1111, 2222 (etc), 369 or 741 (which form vertical lines on a telephone keypad).
No comments:
Post a Comment