Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


jnimmo

What does this tag do
1027 posts

Uber Geek

Subscriber

#148799 1-Jul-2014 12:32
Send private message

Did anyone see this on 3 News last night and have a bit of a laugh?
http://www.3news.co.nz/Phone-hack-leaves-man-with-26k-bill/tabid/423/articleID/350806/Default.aspx


When I heard the headline I thought about the thousands of unsecured VoIP devices which will be running in the country, but it turned out to be one of the oldest tricks in the book- logging into voicemail with no PIN number. Maybe we will start to hear about VoIP hacking in 10 years time.

Of course you need a PIN number on your voicemail account. Not just to prevent this, but to prevent people listening to your voicemail, changing the greeting, changing your auto attendant, etc etc.

I really shouldn't even bring it up, it is such non-news but I just don't know how this still gets past news editors.

Create new topic
hio77
'That VDSL Cat'
12533 posts

Uber Geek

Trusted
Spark
Subscriber

  #1077781 1-Jul-2014 12:45
Send private message

it seems like flawed logic from a software point of view, to allow access without a pin...

ild expect no pin would lead to the service outright not responding..



from the same logic, could the pin not be brute-forced over time? 




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 


jnimmo

What does this tag do
1027 posts

Uber Geek

Subscriber

  #1077792 1-Jul-2014 12:49
Send private message

It could be as simple as pin of 0000 or 1234. I know PBXs I manage don't respond unless a PIN is set, but they are new compared to most out there.

 
 
 
 


old3eyes
8454 posts

Uber Geek

Subscriber

  #1077798 1-Jul-2014 12:54
Send private message

The the guy had been on Telecom it would have been picked up within 15 minutes after it started.   We got hacked  last year  buy a hacker coming in via port 5070 which had been opened the  day before for some remote testing.  Telecom  Intl toll bared our trunks  as soon as it started which was about 12.05 am on a Sunday morning..




Regards,

Old3eyes


jnimmo

What does this tag do
1027 posts

Uber Geek

Subscriber

  #1077812 1-Jul-2014 13:05
Send private message

old3eyes: The the guy had been on Telecom it would have been picked up within 15 minutes after it started.   We got hacked  last year  buy a hacker coming in via port 5070 which had been opened the  day before for some remote testing.  Telecom  Intl toll bared our trunks  as soon as it started which was about 12.05 am on a Sunday morning..


I'd be glad if VoIP hacking was making the headlines so people were more aware of the risks there, but this article appears to be about a plain old telephone system, dialling into people's voicemail box and setting up call forwarding.

Props to Telecom for their quick detection of your toll fraud though, good to hear

freitasm
BDFL - Memuneh
68384 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #1077817 1-Jul-2014 13:10
Send private message

You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?






 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure


wasabi2k
2092 posts

Uber Geek


  #1077833 1-Jul-2014 13:19
Send private message

The news channels really need someone with a little bit of nous to fact check when they do "technology" related stories.

The shear amount of utter bollocks spouted on national news is depressing.

jnimmo

What does this tag do
1027 posts

Uber Geek

Subscriber

  #1077854 1-Jul-2014 13:29
Send private message

Intergr8's wholesaler, Vodafone, says it is aware of Mr Bray's case and revealed up to 200 customers a year are affected, which has prompted a warning from an IT expert.

 

"Probably in excess of 50 percent of companies may have ineffective protection of their internal networks," says technology consultant Phil Strang.


It seems like someone in the story has the wrong end of the stick as well, 'ineffective protection of their internal networks' doesn't quite imply 'have your own security PIN on your voicemail'

 
 
 
 


sbiddle
29208 posts

Uber Geek

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  #1077858 1-Jul-2014 13:33
Send private message

My understanding is that this issue was nothing to do with VoIP and that it was a POTS based PBX that was compromised.

I also took great exception to 3news claiming they'd got the bill waived because they intervened. Why should the customer get any part of the bill waived?



Andib
1113 posts

Uber Geek

Trusted

  #1077862 1-Jul-2014 13:36
Send private message

freitasm: You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?





AFAIK You're required to have a pin enabled to access your voicemail from a number that isn't your own

freitasm
BDFL - Memuneh
68384 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  #1077863 1-Jul-2014 13:38
Send private message

Andib:
freitasm: You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?



AFAIK You're required to have a pin enabled to access your voicemail from a number that isn't your own


As if number spoofing wasn't easy...





 

 

These links are referral codes

 

Geekzone broadband switch | Eletricity comparison and switch | Hatch investment (NZ$ 10 bonus if NZ$100 deposited within 30 days) | Sharesies | Mighty Ape | Backblaze | Amazon | My technology disclosure


bagheera
395 posts

Ultimate Geek


  #1077864 1-Jul-2014 13:38
Send private message

wasabi2k: The news channels really need someone with a little bit of nous to fact check when they do "technology" related stories.

The shear amount of utter bollocks spouted on national news is depressing.


so what is bollock and not true about the news item - it is true that lots of business have insecure VM system, it is also true that lots of business get large bills to do with this "hack"  - is it high tech? No, but it still a problem that been around for a long time that has not been fix by a lot of business, and hopefully some more business will do a audit of their phone system after that news item. The only bollocks thing in the news item is that they want to get off the bill because they was to lazy / did not pay someone that know what they doing to secure their system - telco should not be left with the bill for the customer setup issue.

Create new topic




News »

HP unveils new innovations for businesses adapting to rapidly evolving workstyles and workforces
Posted 17-Sep-2020 15:36


GoPro launches new HERO9 Black camera
Posted 17-Sep-2020 09:45


Telecommunications industry launches new 5G Facts website
Posted 17-Sep-2020 07:56


New Zealand ranks 3rd in world in GSMA index
Posted 15-Sep-2020 10:13


Trend Micro Security Suite adds web monitoring to prevent identity theft
Posted 14-Sep-2020 15:37


NVIDIA to acquire Arm for US$ 40 billion
Posted 14-Sep-2020 12:27


Epson launches its next gen A3+ colour EcoTank multi-function printer
Posted 10-Sep-2020 16:08


Sony launches three new native 4K SXRD home cinema projectors
Posted 9-Sep-2020 18:00


Catalyst Cloud brings Kubernetes-based open-source web hosting solution to market
Posted 9-Sep-2020 17:54


Verizon Connect eyes further growth in New Zealand
Posted 8-Sep-2020 09:26


PNY launches XLR8 gaming NVIDIA GeForce RTX 30 series powered by the all-new NVIDIA Ampere architecture
Posted 3-Sep-2020 16:39


NVIDIA delivers greatest-ever generational leap with GeForce RTX 30 Series GPUs
Posted 3-Sep-2020 16:17


Weta Digital advances visual effects and animation in the cloud with AWS
Posted 2-Sep-2020 17:09


Kiwrious lab-in-the-pocket kit designed for schoolchildren
Posted 28-Aug-2020 09:03


Fitbit introduces Sense, its most advanced health smartwatch
Posted 26-Aug-2020 10:14



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.