Home Mobile Phones
Click here to check out Digital Spy's Tech section for the latest news, updates, reviews and cheap deals.
Options

EE & Three voicemail hacking 'trivial' without PIN

flagpoleflagpole Posts: 44,641
Forum Member
in Mobile Phones #1
http://www.theregister.co.uk/2014/04/24/voicemail_still_easy_to_hack/

EE and Three are very easy to access the voicemail. apparently. the problem stems from the fact that they use the caller ID as part or full authentication when calling the voicemail number.

Caller ID is easy to spoof, especially over VoIP. so you call the voicemail number with your caller ID set to the same as the victims and as far as it is concerned you are the victim. so it lets you straight in to the voicemail.

Vodafone was secure and O2 crapped out.

Comments

  • Options
    [Deleted User][Deleted User] Posts: 0
    Forum Member
    ✭✭✭
    #2
    EE have apparently fixed the issue since that original article.

    I'm currently using Lycamobile, who claim that you can only access your voicemail from your Lycamobile SIM. After reading The Reg's article the other week I set my Skype caller ID as my mobile number, and sure enough, got straight into my Lycamobile voicemail. In the case of Skype you do have to verify that you have that mobile number before you can start using it as your caller ID, but I don't think some VOIP providers are that fussy.

    Weirdly, Lycamobile enable you to set a voicemail PIN, yet there doesn't seem to be any way to switch PIN prompt on.
  • Options
    flagpoleflagpole Posts: 44,641
    Forum Member
    #3
    ^ interesting.

    lycamobile i think are just being sloppy. they are saying from your sim. but they mean your number.

    i'm a little more forgiving of MVNOs, but for the main networks, given all the stuff that has been happening, it is a pretty poor state of affairs.
  • Options
    qasdfdsaqqasdfdsaq Posts: 3,350
    Forum Member
    ✭✭✭
    #4
    It's been the case for 15 years or more, not sure why there's suddenly a fuss about it now.

    Any company with any sense refuses to leave confidential information in a voicemail anyway.
  • Options
    japauljapaul Posts: 1,727
    Forum Member
    ✭✭✭
    #5
    Yes it always used to work like this for all of them but when the newspaper phone hacking stuff became news they tightened up (obviously not so much in the case of EE/Three).
  • Options
    flagpoleflagpole Posts: 44,641
    Forum Member
    #6
    qasdfdsaq wrote: »
    It's been the case for 15 years or more, not sure why there's suddenly a fuss about it now.

    Any company with any sense refuses to leave confidential information in a voicemail anyway.

    what has been the case for 15 years?

    in 1999 i could use voip to spoof the caller ID and access voice mail on Three and EE?

    i think possibly all the fuss is post leveson
  • Options
    qasdfdsaqqasdfdsaq Posts: 3,350
    Forum Member
    ✭✭✭
    #7
    In 1999 you could use any method of caller ID spoofing to access voicemail on any network, yes. First time I used a free VOIP provider to spoof a caller ID personally was around 2002, but who's to say it wasn't possible before... Indeed I was able to spoof the sender address in SMS messages since/using my first ever mobile phone.
  • Options
    flagpoleflagpole Posts: 44,641
    Forum Member
    #8
    qasdfdsaq wrote: »
    In 1999 you could use any method of caller ID spoofing to access voicemail on any network, yes. First time I used a free VOIP provider to spoof a caller ID personally was around 2002, but who's to say it wasn't possible before... Indeed I was able to spoof the sender address in SMS messages since/using my first ever mobile phone.

    excellent. so the story is that post leveson, vodafone and O2 have managed to stop this practice, and three and EE haven't.
  • Options
    qasdfdsaqqasdfdsaq Posts: 3,350
    Forum Member
    ✭✭✭
    #9
    Yeah, what japaul said.
Sign In or Register to comment.