Howard


(Howard) #1

Is your voicemail safe? New proof of concept able to break PINS on voicemail to access other accounts like Linkedin, What’s App, PayPal. Those vendors have been informed of the hack and have taken measures to secure the PINS. The concept is not new and of course “pretexting is one way to try to grab a PIN. Early phreakers were on to :touch tones (DTMF)” years ago to make free phone calls and access old land line systems. Maybe a good idea to empty your inbox of those old messages!

Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services.

Threatpost has the story on this proof of concept;

Martin Vigo, a mobile security expert who presented his research here on Thursday at 35C3, warns that PINs that protect voicemail systems are far easier to crack than traditional passwords are a weak link that can lead to hacked-account results.

“Automated phone calls are a common solution for password resets, account verification and other services,” Vigo said. “These can be compromised by leveraging old weaknesses and current technology to exploit this weakest link – voicemail systems.”
“Automated phone calls are a common solution for password resets, account verification and other services,” Vigo said. “These can be compromised by leveraging old weaknesses and current technology to exploit this weakest link – voicemail systems.”