Voicemail Hacking Leaves Ears Ringing
from the pay-for-it-yourself dept
The LA Times (registration required – I’ll post a non-reg req’d version if it’s found) is reporting that there’s a growing trend of
“voicemail hacking”, where some scammers trick certain phone numbers into accepting third-party billed calls. The way it works is fairly simple. First, a hacker breaks into a voicemail account by using easily guess PIN numbers (or using the “default” PINs from certain phone companies). Then they record a message approving changes to their phone plan, set up in a specifically timed way to sound as though they are responding to an automated, voice-activated, call from the phone company to make sure the changes are correct. Since it’s basically two recorded systems talking to each other, it’s easy to set it up so that the phone companies are duped. Now, the scary part is that the phone companies don’t seem to care. Most of them haven’t changed their procedures for checking to make sure you want to change your phone preferences – and (much worse!) they say that they still expect the customers to foot the bill (which often runs into the tens of thousands of dollars). If they can’t create a more secure system, then I don’t see why they shouldn’t be forced to wipe out these charges. Update: Wired News is running their own version of the story.
Comments on “Voicemail Hacking Leaves Ears Ringing”
No Subject Given
“PIN numbers” should be “PIN”. A Personal Identification Number Number could never be guessed as it does not exist.
Re: No Subject Given
are we bored now that our taxes are done, or what?
Bell South
A friend of mine has had her business line and associated DSL cut off twice now because someone (my wife’s ex’s stepson if you need to know) called in, and talking to a person got it done. The second time despite “security” matters that were put into effect. The best part of it was Bell South wanting to take two months to get things back on, with a new number no less! Needless to say, it was two hours, and she had her old number back.
And in Columbus, Ohio it was possible to turn off phones and turn on and off features by knowing the phone number and address only. Maybe you need the name as well, it’s been awhile. You could call from any phone, not the phone that the changes would be made on. A friend decided to “give” me caller ID. I found out when the caller ID box that I connected started working. I had been too lazy myself to call the phone company to get the service turned on.