• TV
  • MOVIES
  • MUSIC
  • SHOWBIZ
  • SOAPS
  • GAMING
  • TECH
  • FORUMS
  • Follow
    • Follow
    • facebook
    • twitter
    • google+
    • instagram
    • youtube
Hearst Corporation
  • TV
  • MOVIES
  • MUSIC
  • SHOWBIZ
  • SOAPS
  • GAMING
  • TECH
  • FORUMS
Forums
  • Register
  • Login
  • Forums
  • Gadgets
  • Mobile Phones
EE & Three voicemail hacking 'trivial' without PIN
flagpole
06-05-2014
http://www.theregister.co.uk/2014/04..._easy_to_hack/

EE and Three are very easy to access the voicemail. apparently. the problem stems from the fact that they use the caller ID as part or full authentication when calling the voicemail number.

Caller ID is easy to spoof, especially over VoIP. so you call the voicemail number with your caller ID set to the same as the victims and as far as it is concerned you are the victim. so it lets you straight in to the voicemail.

Vodafone was secure and O2 crapped out.
Dan 8t1
06-05-2014
EE have apparently fixed the issue since that original article.

I'm currently using Lycamobile, who claim that you can only access your voicemail from your Lycamobile SIM. After reading The Reg's article the other week I set my Skype caller ID as my mobile number, and sure enough, got straight into my Lycamobile voicemail. In the case of Skype you do have to verify that you have that mobile number before you can start using it as your caller ID, but I don't think some VOIP providers are that fussy.

Weirdly, Lycamobile enable you to set a voicemail PIN, yet there doesn't seem to be any way to switch PIN prompt on.
flagpole
06-05-2014
^ interesting.

lycamobile i think are just being sloppy. they are saying from your sim. but they mean your number.

i'm a little more forgiving of MVNOs, but for the main networks, given all the stuff that has been happening, it is a pretty poor state of affairs.
qasdfdsaq
06-05-2014
It's been the case for 15 years or more, not sure why there's suddenly a fuss about it now.

Any company with any sense refuses to leave confidential information in a voicemail anyway.
japaul
06-05-2014
Yes it always used to work like this for all of them but when the newspaper phone hacking stuff became news they tightened up (obviously not so much in the case of EE/Three).
flagpole
06-05-2014
Originally Posted by qasdfdsaq:
“It's been the case for 15 years or more, not sure why there's suddenly a fuss about it now.

Any company with any sense refuses to leave confidential information in a voicemail anyway.”

what has been the case for 15 years?

in 1999 i could use voip to spoof the caller ID and access voice mail on Three and EE?

i think possibly all the fuss is post leveson
qasdfdsaq
06-05-2014
In 1999 you could use any method of caller ID spoofing to access voicemail on any network, yes. First time I used a free VOIP provider to spoof a caller ID personally was around 2002, but who's to say it wasn't possible before... Indeed I was able to spoof the sender address in SMS messages since/using my first ever mobile phone.
flagpole
06-05-2014
Originally Posted by qasdfdsaq:
“In 1999 you could use any method of caller ID spoofing to access voicemail on any network, yes. First time I used a free VOIP provider to spoof a caller ID personally was around 2002, but who's to say it wasn't possible before... Indeed I was able to spoof the sender address in SMS messages since/using my first ever mobile phone.”

excellent. so the story is that post leveson, vodafone and O2 have managed to stop this practice, and three and EE haven't.
qasdfdsaq
06-05-2014
Yeah, what japaul said.
VIEW DESKTOP SITE TOP

JOIN US HERE

  • Facebook
  • Twitter

Hearst Corporation

Hearst Corporation

DIGITAL SPY, PART OF THE HEARST UK ENTERTAINMENT NETWORK

© 2015 Hearst Magazines UK is the trading name of the National Magazine Company Ltd, 72 Broadwick Street, London, W1F 9EP. Registered in England 112955. All rights reserved.

  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Complaints
  • Site Map