Just Labradors banner

1 - 7 of 7 Posts

·
Registered
Joined
·
12,573 Posts
Discussion Starter #1
Got this in an e-mail forward....

I just got myself an iPhone and I’m extremely pleased with it. I think it’s the best cell phone on the market - a sheer pleasure to use.

The purpose of this post is to alert new iPhone customers about a security vulnerability in AT&T/Cingular’s Voicemail system that has not been fixed for more than a year. I first wrote about this on February 1, 2006: Exploit Cingular Voicemail Vulnerability via Caller ID Spoofing. As soon as I got my new AT&T/Cingular number, I tested for this vulnerability and I can confirm that it still exists for new AT&T/Cingular accounts (atleast for iPhone customers). I can’t force AT&T / Cingular to fix this issue, but I can tell you about it so you know what to do to protect yourself from this vulnerability.

Here is an explanation of the vulnerability in a nutshell: The AT&T/Cingular voicemail system is configured by default not to ask for a password when you check your voicemail from the handset (it asks for your voicemail password if you call your number from another cell phone and press * when your voicemail answers). Unfortunately, the AT&T/Cingular voicemail system trusts Caller ID to determine if the handset is calling it. Because Caller ID can be spoofed easily (see below), anyone can gain access into your voicemail by calling you and spoofing your phone number (it will appear as if you are calling yourself when your phone rings) - should you not answer the call, your voicemail will answer and allow the intruder full access to your messages.

Here is how to test the vulnerability:
Buy a calling card from (xxxxxx) This service lets you spoof your caller ID.
Use another phone and call your cell phone using (xxxxxx). When the Spoofcard asks you what number you want to spoof, enter your number again.
Do not pickup your cell phone. When the call goes into voicemail, if you are able to listen to your messages without being prompted for a password, then you are vulnerable.
Here is how to protect yourself from this vulnerability:
Call your AT&T/Cingular voicemail (dial your own number from the iPhone).
Press 4 to go to “Personal Options”.
Press 2 to go to “Administrative Options”.
Press 1 to go to “Password”.
Press 2 to turn your password “ON”.
Hang-up and call your voicemail again from your iPhone. If your voicemail system asks you for your voicemail password you are all set.

I sincerely hope that AT&T/Cingular gets around to fixing this huge security hole in their voicemail system.
 

·
Registered Users
Joined
·
10,466 Posts
Oh god not another iphone thread. Didn't you learn ANYTHING from the last one? :crazy: :fish: :pop2:
 

·
Registered
Joined
·
11,362 Posts
Wow. So anyone could get my 27 emails from my husband saying "Call me back" ?

Not so much an issue for me. ;)
 

·
Registered
Joined
·
11,362 Posts
I LOL!! My wife is the same - why don't you ladies answer your phones??!!
I usually don't answer my phone because:

A. I'm driving
B. I can't find the **** thing in my bag
C. I accidentally put it on vibrate and don't hear it

I hardly ever use it as an actual phone. I text, surf the web and play bejeweled with it.
 

·
Registered
Joined
·
21,715 Posts
I LOL!! My wife is the same - why don't you ladies answer your phones??!!
I'm afraid my family could/would say the same thing:redface: Phone who needs a **** phone! I listen to people talk all day at work. Seriously when I'm on the phone most of the time all I hear is:blah::blah: Pretty much every one who knows me knows they have a much better chance of getting a responce if they just text me. If its really important or an emergency then I'll pick up the phone, if not, most likely wont happen! As for the OP, all voice mails usually get deleted before I listen to them:tape2:
 
1 - 7 of 7 Posts
Top