Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Cellphones News

Hack AT&T Voicemail With Android 242

Posted by kdawson from the who-needs-social dept.
An anonymous reader writes "It is shockingly easy to gain access to an AT&T customer's voicemail using caller ID spoofing techniques. What's worse is that AT&T knows about it. On your Android phone, download one of the two caller ID spoofing programs. Input the number of your target as the destination number and then enter the same number as the spoofed caller ID. Then connect your call. If the target has not added a voicemail password (the default is no password), you will be dropped into a random menu of their voicemail and eventually can drill up or down to get what you want. You can change greetings, erase messages, send voicemails out of the target account, and much more. How many politicians up in arms about Google Wi-Fi sniffing will want to know more about this?"
This discussion has been archived. No new comments can be posted.

Hack AT&T Voicemail With Android More

Hack AT&T Voicemail With Android

Comments Filter:

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Tuesday June 29, 2010 @09:19PM (#32739316)
    Comment removed based on user account deletion

  • Re:Placing blame (Score:5, Interesting)

    by pushing-robot ( 1037830 ) on Tuesday June 29, 2010 @09:53PM (#32739570)

    Yeah, this is how I always understood voicemail to work. Blame users for not having proper passwords, and blame phone companies for being hopelessly inept at security. Caller ID is useless for authentication; it dates to the early 1970s, when AT&T still assumed the entire phone network was trusted (and thus black/blue boxes were becoming the rage).

    Of course, now Google has to play whack-a-mole locking out these apps for much the same reason Apple locks their handhelds: No matter who's really at fault, they get the bad press.

  • Re:passwords.. (Score:5, Interesting)

    by tomhudson ( 43916 ) <barbara.hudson@b ... m ['son' in gap]> on Tuesday June 29, 2010 @10:04PM (#32739642) Journal

    1-2-3-4-5

    Local police station used that, a guy spent months messing around with informants, cops girlfriends (awkward when you can hear both the girlfriend and the wife leaving messages for the same cop), etc.

    Arrested, charged, convicted, probation ... does it again!

    The cops never changed the password.

  • AT&T hardware has the same loophole (Score:3, Interesting)

    by tompaulco ( 629533 ) on Tuesday June 29, 2010 @10:31PM (#32739828) Homepage Journal
    I had an AT&T answering machine which you could access remotely. I, of course, had set the pin. However, someone still managed to get in and hack it and changed my greeting to something about sucking male genitalia. I was not amused. I ended up disabling the remote access completely since apparently any old idiot can call in and figure out how to get into the menus.

  • Re:Who cares? (Score:3, Interesting)

    by ColdWetDog ( 752185 ) on Tuesday June 29, 2010 @10:59PM (#32740000) Homepage

    Who cares about locking down their voicemail? What is a "hacker" going to do to me with my voicemail messages?

    Dear Mr. / Ms. Politico: I talked to my boss and he's cool with the plan. We will wire you your 1 million dollars into the account of your choice, you just have to push our bill through. Let me know what you want to do.

    Thanks,
    Your local lobbyist

    Or somesuch similar conversation. Not everybody's life is as boring as ours is.

  • Re:Placing blame (Score:3, Interesting)

    by QuantumRiff ( 120817 ) on Tuesday June 29, 2010 @11:06PM (#32740040)

    does it have to be on ATT's network? What if I spoof the Caller ID of my home phone using asterisk? (or something else?)

  • Precisely (Score:3, Interesting)

    by baileydau ( 1037622 ) on Tuesday June 29, 2010 @11:13PM (#32740084)

    callerid is not the same as the ANI number on the call. The ANI is what is used to bill.

    I think that was exactly the GPs point.

    If they used the ANI rather than the caller ID, there wouldn't be a problem.

  • Re:Who cares? (Score:4, Interesting)

    by wembley fraggle ( 78346 ) on Tuesday June 29, 2010 @11:28PM (#32740200) Homepage

    I had heard of a scam wherein hackers change your outgoing voicemail message to be "I accept the charges", and then call you collect from one of those strange high-priced calling codes. Effectively, you end up responsible for a huge phone bill, some percentage of which goes to the hackers.

    This could be one of those urban legends too- it's late and I'm too tired to confirm it right now, but one can at least see how this isn't necessarily a non-issue.

  • Re:Who cares? (Score:3, Interesting)

    by PinkyGigglebrain ( 730753 ) on Wednesday June 30, 2010 @12:56AM (#32740670)
    A couple things I could think of off the top of my head that might make this an issue for you if somebody hacked your VM;
    Lock you out of your VM for laughs. Sure, no biggie to fix but a hassle.
    Plant some messages on your phone and then attract the attention of the police by calling someone I knew was being monitored by the DEA and spoofing your number to them. Have fun deneying that you don't know "Jose" or anything about a drug deal
    Change your message to something threatening against the Pres., VP or PM depending where you live (a properly worded greeting would be easy) and then maybe call the Feds to report it. Have fun explaining it.

    If you don't care that's fine, just try to remember that things that are "non-issue" to you may be very big issues to someone else.

Slashdot Top Deals

Math is like love -- a simple idea but it can get complicated. -- R. Drabek

Close