Phone hacking dominated the news during the Leveson Inquiry, but despite the high-profile exposure, voicemails are still at risk.
During an investigation by The Register, journalist Simon Rockman was able to use a Skype-style Voice Over Internet Protocol (VoIP) handset to access the inboxes of EE, Three and Orange customers.
EE, which owns the Orange and T-Mobile networks, has now fixed the flaw as a result of the investigation, but Three is said to still be at risk.
During an investigation by The Register, journalist Simon Rockman was able to use a Skype-style VoIP service to access the inboxes of EE, Three and Orange customers. By linking a mobile number to a VoIP handset, Rockman was able to trick the inbox into thinking it was the number's owner and access the inboxes
WHAT IS VOICE OVER INTERNET PROTOCOL (VOIP)?
Voice over Internet Protocol (VoIP) is sometimes referred to as Voice over Networks or (VoN), Voice over Broadband (VoB) and sometimes Internet Telephony.
VoIP lets people make free, or low cost, telephone calls over the web.
Popular VoIP services include Viber and Skype.
VoIP can be used anywhere in the world and can call landline and mobile numbers.
When you call voicemail from a handset registered with the account, the inbox is automatically opened because it assumes the caller is the phone’s owner.
But when calls are made from another phone, users are asked for a PIN - or denied access if no PIN has been set up.
By linking the mobile number, and therefore a voicemail account, to a VoIP handset, Rockman was able to trick the inbox into thinking it was the number’s owner on three of the major network operators.
When calling the external voicemail number on EE, the inbox was accessed immediately.
It was the same situation on Three.
On Orange, Rockman was able to not only access the voicemails but also change the voicemail greeting.
Although this access was granted intermittently - sometimes access was given automatically, while at other times it asked for a PIN.
EE, which owns the Orange and T-Mobile networks, has now fixed the flaw, but Three is said to still be at risk. Three offers advice on how to set up a voicemail PIN on its support page, and recommends its users select the option that asks for their phone number and PIN every time they access their voicemail
It is worth noting that accessing someone else's voicemail account without their permission is illegal and falls under computer misuse legislation.
EE told MailOnline: 'Our engineers have worked hard since then to identify the root fault and work on a fix.
'We can now confirm that we have urgently updated our systems and patched the issues raised in the article.'
Three offers advice on how to set up a voicemail PIN on its support page, and recommends its users select the option that asks for their phone number and PIN every time they access their voicemail to get the highest level of security.
This would effectively stop people accessing the account in the way The Register demonstrated.
Credit Mailonline.com
Read more: http://www.dailymail.co.uk/sciencetech/article-2613258/Are-voicemails-STILL-risk-hacked-Investigation-reveals-easy-access-inboxes-without-PINs.html#ixzz306d772qY
No comments:
Post a Comment