Randomness (r_ness) wrote,
Randomness
r_ness

Useful blog post on the methods used in the UK voicemail intrusions.

David Rogers has a long post on how voicemail accounts were compromised:
A few people have asked me to explain what the whole phone hacking thing means. The first thing to mention is that the phone hacking episode has nothing at all to do with actual 'phone' hacking. It is actually illicit voicemail access. Access can be gained by using some technical knowledge and or tools, but on the whole it is through system and process weaknesses.
He also summarizes in a shorter post:
In brief, there are three main mechanisms for illicitly accessing voicemail: firstly social engineering the call centre to reset or change the PIN for you as precursor to one of the following 1) call the remote voicemail number and access it using the default (or acquired PIN), 2) ringing the actual phone, going into the voicemail menu by pressing the * key or 3) using an advanced mechanism to fool the phone into opening up the voicemail. There are some loopholes still existing and as technology evolves new ones will emerge.

This is not 'phone hacking'. It is illicit or illegal access to voicemail.
Finally, Sophos asked him to do an article on how it worked and to protect your voicemail:
I’m going to explain a bit about what exactly is behind this, how it works and what you can do to protect yourself from people wanting to access your voicemails.
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 0 comments