San Diego, CA (PRWEB) September 1, 2004
A security advisory posted on Bugtraq demonstrates how hackers can compromise nation-wide customers of T-mobile wireless and Verizon (landline) voicemail boxes. The advisory demonstrates that by Caller-ID spoofing the customers number, it enables bypassing of the PIN code request due to the voicemail network being tricked into assuming that the customer is calling to check their own messages. According to Secure Science Corporation there has been no response from the vendors. Comments have been posted that T-Mobile has optional PIN code protection off by default.
The sudden abundance of Voice-over-IP products on the market grant hackers the ability to take what was once proprietary telephone technology and bring it to their own IP networks. This opens a whole new door for telecommunication security, including Caller-ID block screening and Caller-ID spoofing trivially by hackers with a VOIP phone and some packet-modification tools.
The advisory, posted on Securityfocus.com, illustrates that Caller-ID, similar to e-mail, is now a questionable communication protocol and has already affected the telecommunications companies. With the onslaught of spam, scams and phishing, this may be a new territory of exploitation for the bad guys as well.
# # #