Navigation
User login
Bear Flag League
These are fellow California bloggers and many of them are well worth your time to visit!
Huge AT&T Voice Mail Security Hole
July 6, 2007 by dave
If you have your wireless service with AT&T (was Cingular), you need to pay close attention to this post. I noticed a post on Digg about this O'Reilly ONLamp Blog post about an incredible security flaw in the way AT&T configures their wireless voice mail.
The short version, when you call your phone's voice mail, AT&T looks at the caller-id and if you're calling from a phone with that number in the caller-id, it doesn't ask you for a password. That's a great feature. It makes accessing your voice mail really fast. Unfortunately, there is this little thing called Caller-ID spoofing, which allows you to easily make your caller-id display whatever you want. Thus, by default, if I know your AT&T cell phone's number, I can listen to your voice mail messages. I can even change your greeting and delete your messages. This is bad!
Here are the instructions from the ONLamp post for fixing the problem. It forces your mailbox to ask for a password, regardless of the number your caller-id displays. I did this and it took me 10 seconds.
Here is how to protect yourself from this vulnerability:
Call your AT&T/Cingular voicemail (dial your own number from the iPhone).
Press 4 to go to "Personal Options".
Press 2 to go to "Administrative Options".
Press 1 to go to "Password".
Press 2 to turn your password "ON".
Hang-up and call your voicemail again from your iPhone. If your voicemail system asks you for your voicemail password you are all set.
Now that the story about this security hole is out, you REALLY need to make this change now, because rest assured, a ton of little script kiddies will be calling every AT&T voice mail number trying to find mailboxes that they can take over and to find interesting messages.
Important Note: Although this ONLamp post is talking specifically about the iPhone, this problem occurs with ANY AT&T wireless account, not just those for the iPhone. I have a Treo 650 and my mailbox was susceptible. This is the default behavior for AT&T's wireless voice mail. If your phone is on AT&T (was Cingular) and you haven't already done this change, your voice mail is vulnerable.
Trackback URL for this post:
http://friendsofdave.org/trackback/910
Permalink
Amazon.com
Topics
Popular content
Today's:
Recent posts
- Researchers find charter schools are segregated
- O'Connell plans to close achievement gap with workbooks?
- Quote of the Day
- Help Wanted: California Secretary of Education
- Just finished a great book.
- Scott Baugh: Our Time for Choosing - Remarks to my fellow Republicans
- An alternative viewpoint on school gardens
- School science experiment causes bomb scare
- Latest Nanny State Stupidity
- CFT is concerned about parent "lynch mobs"
Who's online
There are currently 0 users and 6 guests online.
Who's new
- Casey Percy
- bigboy792
- Trud-Lymn
- kopolzey
- DrHouseWald
Syndicate
Recent comments
3 weeks 6 days ago
4 weeks 2 days ago
15 weeks 4 days ago
18 weeks 4 days ago
22 weeks 2 days ago
23 weeks 6 days ago
24 weeks 1 day ago
26 weeks 2 days ago
26 weeks 3 days ago
28 weeks 3 days ago