Millions of Telco Customers Face Privacy Breach

Share Article

VOIP is enabling telephone hackers to spoof Caller-ID, allowing illicit access to confidential voicemail. Wireless and Landline customers Nationwide are vulnerable, and so far no comments from the vendors.

A security advisory posted on Bugtraq demonstrates how hackers can compromise nation-wide customers of T-mobile wireless and Verizon (landline) voicemail boxes. The advisory demonstrates that by Caller-ID spoofing the customers number, it enables bypassing of the PIN code request due to the voicemail network being tricked into assuming that the customer is calling to check their own messages. According to Secure Science Corporation there has been no response from the vendors. Comments have been posted that T-Mobile has optional PIN code protection off by default.

The sudden abundance of Voice-over-IP products on the market grant hackers the ability to take what was once proprietary telephone technology and bring it to their own IP networks. This opens a whole new door for telecommunication security, including Caller-ID block screening and Caller-ID spoofing trivially by hackers with a VOIP phone and some packet-modification tools.

The advisory, posted on Securityfocus.com, illustrates that Caller-ID, similar to e-mail, is now a questionable communication protocol and has already affected the telecommunications companies. With the onslaught of spam, scams and phishing, this may be a new territory of exploitation for the bad guys as well.

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Lance James
Visit website