One of the greatest features included in iPhone is visual voicemail; Apple has taken the nature of voicemail to the next level of user-friendliness. However, AT&T has failed to alert users to a huge security hole in their voicemail system: anyone can listen to your voicemail at their whim!

Help Net Security says this doesn’t just apply to the iPhone; apparently this exploit is based on a loophole in Cingular/AT&T’s voicemail settings that was identified over a year ago by security researcher Nitesh Dhanjani, who pointed out that basic Cingular voicemail only required users to call from their own numbers to access account voicemail.

The same researcher acquired an iPhone at launch and tested his previously proven theory on new technology, and surprise surprise…AT&T has failed to up the security of Cingular’s already-flawed voicemail system. Curious how all your bits and pieces could be listened to by anyone? Here’s how it works:

1. Obtain a Spoofcard, which allows users to simulate numbers different from that of the cell phone they call from.
2. Choose the number of a phone you would like to access, and enter it in using your spoofcard.
3. Call voicemail using the spoofed phone, and listen freely to unsecured voicemail.

What that means is anyone can access your unsecured voicemail on the AT&T network at their leisure…here’s the fix it:

Call your voicemail and go through the prompted response system for setting up a password; by doing so, users will still be able to “access” your account, however without a password, they will catch the ultimate shut-down.

Take this very, very seriously; there are too many jealous girlfriends and sketchy business associates out there to not take the necessary precautions.

Related:

Entry was posted on Monday, July 2nd, 2007 at 9:10 pm under Apple, Piracy.

Read more entries by Triston McIntyre.
Stumble It!