T-Mobile Says Let Them Eat Passwords

from the thanks-for-that dept

While the hack on Paris Hilton's Sidekick data got most of the attention, someone quickly used an old, but fairly well-known, hack to get into her voicemail as well. This news went around the blogworld for a bit and is now reaching the mainstream press as well. The hack isn't new at all -- it just involves spoofing the caller ID. Many mobile phones to make things more convenient for users have an option where you can listen to voicemail just by hitting the voicemail button -- rather than having to punch in a PIN. T-Mobile (and possibly others) do this just by having the phone note the caller ID of the caller. That is, it's really "calling" your own number, but if the caller ID matches the number, it automatically lets you in to voicemail. So, to break in, you just need to use one of the increasingly easy to use caller ID spoofing services. Simple. So, using this "hack" someone broke into Paris' voicemail and a few other names and numbers from her address book. T-Mobile was slow to respond -- even though this issue has been brought to their attention many times before (in fact, we pointed it out last October). Today they finally responded by saying: use a password. That's it. They don't point out that they encouraged people not to use passwords by showing them how easy it was to get into voicemail without one. Instead, they just say "hey, you should use a password." Very helpful. Random aside: Last time I used the "let them eat..." reference, John Dowdell correctly pointed out that it's usually used out of context. Indeed, I'm guilty of doing so again... but it has become the common usage for the phrase.