Feeds

Reg probe bombshell: How we HACKED mobile voicemail without a PIN

Months after Leveson inquiry, your messages are still not secure

5 things you didn’t know about cloud backup

What Three and EE must do next

There is a lot that the two networks could do. Using CLI, or at least CLI alone, is shoddy. As a telco, they get all the necessary signalling information to know if the call is coming from their network or another one. This is true even if the handset is roaming, not least so that they can charge you for the call. Networks are never shy of charging for calls. They can also look at the Home Location Register (HLR) and see if the phone calling them is actually in a call.

By using these techniques they don’t have to resort to the Vodafone system of always asking you for your number and a PIN when you call the long voicemail collection number, but they could be sure that you are who you say you are. The network also gets the cell tower ID and IMEI of the incoming call. Now these are different systems, but linking the two together would be belt and braces.

We approached Three about this, and a spokesman said: "The advice we've always given customers about security is to mandate their PIN. This is particularly so for people who worry that if a phone is stolen, it might be used to access their voicemail. This advice is given under the voicemail security pages of the Three website."

Meanwhile, EE wanted to reassure its customers that it is investigating and systems are being updated to mitigate this technical issue. EE also gave us this statement"

First and foremost it’s illegal to access a voicemail account without the owner’s permission. If any customer has concerns about voicemail security we would advise them to follow a few simple steps on their device and set up PIN entry.

Comment

The mobile phone networks are more than missing a trick. While they complain about how the over-the-top players, such as WhatsApp and Skype, are stealing their lunch money, they do have one thing no one else can offer: complete control over the signalling and voice path. They could offer security at a level that would command a significant premium and yet they leave the door keys under the flower pot. ®

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.