Thousands of NZ homes and businesses at risk from international phone hackers

Forums › Off topic › Thousands of NZ homes and businesses at risk from international phone hackers

jnimmo

1098 posts

Uber Geek
+1 received by user: 255

#148799 1-Jul-2014 12:32

Did anyone see this on 3 News last night and have a bit of a laugh?
http://www.3news.co.nz/Phone-hack-leaves-man-with-26k-bill/tabid/423/articleID/350806/Default.aspx

When I heard the headline I thought about the thousands of unsecured VoIP devices which will be running in the country, but it turned out to be one of the oldest tricks in the book- logging into voicemail with no PIN number. Maybe we will start to hear about VoIP hacking in 10 years time.

Of course you need a PIN number on your voicemail account. Not just to prevent this, but to prevent people listening to your voicemail, changing the greeting, changing your auto attendant, etc etc.

I really shouldn't even bring it up, it is such non-news but I just don't know how this still gets past news editors.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#1077781 1-Jul-2014 12:45

it seems like flawed logic from a software point of view, to allow access without a pin...

ild expect no pin would lead to the service outright not responding..

from the same logic, could the pin not be brute-forced over time?

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

jnimmo

1098 posts

Uber Geek
+1 received by user: 255

#1077792 1-Jul-2014 12:49

It could be as simple as pin of 0000 or 1234. I know PBXs I manage don't respond unless a PIN is set, but they are new compared to most out there.

old3eyes

9158 posts

Uber Geek
+1 received by user: 1364

Subscriber

#1077798 1-Jul-2014 12:54

The the guy had been on Telecom it would have been picked up within 15 minutes after it started. We got hacked last year buy a hacker coming in via port 5070 which had been opened the day before for some remote testing. Telecom Intl toll bared our trunks as soon as it started which was about 12.05 am on a Sunday morning..

Regards,

Old3eyes

jnimmo

1098 posts

Uber Geek
+1 received by user: 255

#1077812 1-Jul-2014 13:05

old3eyes: The the guy had been on Telecom it would have been picked up within 15 minutes after it started. We got hacked last year buy a hacker coming in via port 5070 which had been opened the day before for some remote testing. Telecom Intl toll bared our trunks as soon as it started which was about 12.05 am on a Sunday morning..

I'd be glad if VoIP hacking was making the headlines so people were more aware of the risks there, but this article appears to be about a plain old telephone system, dialling into people's voicemail box and setting up call forwarding.

Props to Telecom for their quick detection of your toll fraud though, good to hear

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1077817 1-Jul-2014 13:10

You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

wasabi2k

2102 posts

Uber Geek
+1 received by user: 860

#1077833 1-Jul-2014 13:19

The news channels really need someone with a little bit of nous to fact check when they do "technology" related stories.

The shear amount of utter bollocks spouted on national news is depressing.

Geekzone

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

jnimmo

1098 posts

Uber Geek
+1 received by user: 255

#1077854 1-Jul-2014 13:29

Intergr8's wholesaler, Vodafone, says it is aware of Mr Bray's case and revealed up to 200 customers a year are affected, which has prompted a warning from an IT expert.

"Probably in excess of 50 percent of companies may have ineffective protection of their internal networks," says technology consultant Phil Strang.

It seems like someone in the story has the wrong end of the stick as well, 'ineffective protection of their internal networks' doesn't quite imply 'have your own security PIN on your voicemail'

sbiddle

30853 posts

Uber Geek
+1 received by user: 9996

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#1077858 1-Jul-2014 13:33

My understanding is that this issue was nothing to do with VoIP and that it was a POTS based PBX that was compromised.

I also took great exception to 3news claiming they'd got the bill waived because they intervened. Why should the customer get any part of the bill waived?

Andib

1395 posts

Uber Geek
+1 received by user: 974

ID Verified

Trusted

#1077862 1-Jul-2014 13:36

freitasm: You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?

AFAIK You're required to have a pin enabled to access your voicemail from a number that isn't your own

<#
.DISCLAIMER
Anything I post is my own and not the views of my past/present/future employer.
#>

freitasm

BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#1077863 1-Jul-2014 13:38

Andib:
freitasm: You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?

AFAIK You're required to have a pin enabled to access your voicemail from a number that isn't your own

As if number spoofing wasn't easy...

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

bagheera

544 posts

Ultimate Geek
+1 received by user: 189

#1077864 1-Jul-2014 13:38

wasabi2k: The news channels really need someone with a little bit of nous to fact check when they do "technology" related stories.

The shear amount of utter bollocks spouted on national news is depressing.

so what is bollock and not true about the news item - it is true that lots of business have insecure VM system, it is also true that lots of business get large bills to do with this "hack" - is it high tech? No, but it still a problem that been around for a long time that has not been fix by a lot of business, and hopefully some more business will do a audit of their phone system after that news item. The only bollocks thing in the news item is that they want to get off the bill because they was to lazy / did not pay someone that know what they doing to secure their system - telco should not be left with the bill for the customer setup issue.