AT&T And T-Mobile Pay Up For Not Being Truthful About Voicemail Hackability
from the caller-id-spoofing dept
Many mobile phones' voicemail systems have worked on the basis of checking the caller ID of the incoming caller -- and if it matched the number of the voicemail box, it would automatically push the caller through to the admin interface. The idea was that if the owner of the box was calling, he or she shouldn't have to put in the passcode to get to the messages. The only problem with this was that, if anyone could spoof your caller ID, they could access your voicemail. After a few high profile such voicemail attacks, many mobile operators urged customers to change their voicemail preferences to require a passcode, no matter what. Still, there were some operations out there, that went under names like SpoofCard, Love Detect and Liar Card, that would spoof a caller ID to get access to a voicemail box. The company behind them has been fined, but what may be more interesting is that T-Mobile and AT&T were also both fined for apparently being misleading about their susceptibility to the hack.That seems a bit strange, and the article is woefully short on details, unfortunately. Pretty much anything is hackable given certain circumstances, and it always seems a bit odd to totally blame a hacking victim for being hacked. So it would be good to know why T-Mobile and AT&T, in particular, were fined in this case. Did they not even allow passcodes to be enabled for those who wanted to avoid this potential hack?
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Maybe it's the sim cards?
This is also why stolen Sprint / Verizon phones have little to no value on the black market, where ATT phones fetch a nice premium. Slip in a SIM card and you're free to go, no matter who the device came from. Verizon / Sprint track phones based on ESN and owner, so you can't activate a phone that's been reported stolen.
[ link to this | view in thread ]
misleading about their susceptibility to the hack
Nice precedence to set...
[ link to this | view in thread ]
Re: Maybe it's the sim cards?
[ link to this | view in thread ]
Re: Re: Maybe it's the sim cards?
[ link to this | view in thread ]
Ever notice...
[ link to this | view in thread ]
Re: Maybe it's the sim cards?
[ link to this | view in thread ]
odd
[ link to this | view in thread ]
Re: odd
It's kinda like when Microsoft included a firewall in Windows XP but left it off by default, then turned around and made it on by default in SP2.
I have been using T-mobile for a few years now. I like not having a passcode set. I have no interesting voicemails, so I'm not worried about someone hacking them. LOL
[ link to this | view in thread ]
Re: Re: Maybe it's the sim cards?
[ link to this | view in thread ]
Re: Re: Re: Maybe it's the sim cards?
[ link to this | view in thread ]
The real problem is the CID is insecure
The telcos made an insecure system and they should be prohibited from delivering calling party data that is not correct. If there were a fine for delivering false Caller ID data they would have to either secure those systems or stop selling Caller ID at all. Either solution would be appropriate.
[ link to this | view in thread ]
Re: Re: Maybe it's the sim cards?
[ link to this | view in thread ]
Cingular/ATT statement
I remember reading a statement from Cingular/AT&T that their voicemail always required a passcode--which was totally incorrect as, at that time and now, I was able to get into my voicemail without entering a passcode.
[ link to this | view in thread ]