Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


What does this tag do
954 posts

Ultimate Geek
+1 received by user: 193

Subscriber

Topic # 148799 1-Jul-2014 12:32
Send private message

Did anyone see this on 3 News last night and have a bit of a laugh?
http://www.3news.co.nz/Phone-hack-leaves-man-with-26k-bill/tabid/423/articleID/350806/Default.aspx


When I heard the headline I thought about the thousands of unsecured VoIP devices which will be running in the country, but it turned out to be one of the oldest tricks in the book- logging into voicemail with no PIN number. Maybe we will start to hear about VoIP hacking in 10 years time.

Of course you need a PIN number on your voicemail account. Not just to prevent this, but to prevent people listening to your voicemail, changing the greeting, changing your auto attendant, etc etc.

I really shouldn't even bring it up, it is such non-news but I just don't know how this still gets past news editors.

Create new topic
'That VDSL Cat'
8100 posts

Uber Geek
+1 received by user: 1693

Trusted
Spark
Subscriber

  Reply # 1077781 1-Jul-2014 12:45
Send private message

it seems like flawed logic from a software point of view, to allow access without a pin...

ild expect no pin would lead to the service outright not responding..



from the same logic, could the pin not be brute-forced over time? 




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




What does this tag do
954 posts

Ultimate Geek
+1 received by user: 193

Subscriber

  Reply # 1077792 1-Jul-2014 12:49
Send private message

It could be as simple as pin of 0000 or 1234. I know PBXs I manage don't respond unless a PIN is set, but they are new compared to most out there.

7829 posts

Uber Geek
+1 received by user: 782

Subscriber

  Reply # 1077798 1-Jul-2014 12:54
Send private message

The the guy had been on Telecom it would have been picked up within 15 minutes after it started.   We got hacked  last year  buy a hacker coming in via port 5070 which had been opened the  day before for some remote testing.  Telecom  Intl toll bared our trunks  as soon as it started which was about 12.05 am on a Sunday morning..




Regards,

Old3eyes




What does this tag do
954 posts

Ultimate Geek
+1 received by user: 193

Subscriber

  Reply # 1077812 1-Jul-2014 13:05
One person supports this post
Send private message

old3eyes: The the guy had been on Telecom it would have been picked up within 15 minutes after it started.   We got hacked  last year  buy a hacker coming in via port 5070 which had been opened the  day before for some remote testing.  Telecom  Intl toll bared our trunks  as soon as it started which was about 12.05 am on a Sunday morning..


I'd be glad if VoIP hacking was making the headlines so people were more aware of the risks there, but this article appears to be about a plain old telephone system, dialling into people's voicemail box and setting up call forwarding.

Props to Telecom for their quick detection of your toll fraud though, good to hear

BDFL - Memuneh
60788 posts

Uber Geek
+1 received by user: 11667

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1077817 1-Jul-2014 13:10
Send private message

You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?






2090 posts

Uber Geek
+1 received by user: 848


  Reply # 1077833 1-Jul-2014 13:19
Send private message

The news channels really need someone with a little bit of nous to fact check when they do "technology" related stories.

The shear amount of utter bollocks spouted on national news is depressing.



What does this tag do
954 posts

Ultimate Geek
+1 received by user: 193

Subscriber

  Reply # 1077854 1-Jul-2014 13:29
One person supports this post
Send private message

Intergr8's wholesaler, Vodafone, says it is aware of Mr Bray's case and revealed up to 200 customers a year are affected, which has prompted a warning from an IT expert.

 

"Probably in excess of 50 percent of companies may have ineffective protection of their internal networks," says technology consultant Phil Strang.


It seems like someone in the story has the wrong end of the stick as well, 'ineffective protection of their internal networks' doesn't quite imply 'have your own security PIN on your voicemail'

26596 posts

Uber Geek
+1 received by user: 6092

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1077858 1-Jul-2014 13:33
Send private message

My understanding is that this issue was nothing to do with VoIP and that it was a POTS based PBX that was compromised.

I also took great exception to 3news claiming they'd got the bill waived because they intervened. Why should the customer get any part of the bill waived?



884 posts

Ultimate Geek
+1 received by user: 575

Trusted

  Reply # 1077862 1-Jul-2014 13:36
Send private message

freitasm: You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?





AFAIK You're required to have a pin enabled to access your voicemail from a number that isn't your own

BDFL - Memuneh
60788 posts

Uber Geek
+1 received by user: 11667

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1077863 1-Jul-2014 13:38
Send private message

Andib:
freitasm: You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?



AFAIK You're required to have a pin enabled to access your voicemail from a number that isn't your own


As if number spoofing wasn't easy...





313 posts

Ultimate Geek
+1 received by user: 75


  Reply # 1077864 1-Jul-2014 13:38
Send private message

wasabi2k: The news channels really need someone with a little bit of nous to fact check when they do "technology" related stories.

The shear amount of utter bollocks spouted on national news is depressing.


so what is bollock and not true about the news item - it is true that lots of business have insecure VM system, it is also true that lots of business get large bills to do with this "hack"  - is it high tech? No, but it still a problem that been around for a long time that has not been fix by a lot of business, and hopefully some more business will do a audit of their phone system after that news item. The only bollocks thing in the news item is that they want to get off the bill because they was to lazy / did not pay someone that know what they doing to secure their system - telco should not be left with the bill for the customer setup issue.

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft Dynamics 365 Business Central launches
Posted 10-Jul-2018 10:40


Spark completes first milestone in voice platform upgrade
Posted 10-Jul-2018 09:36


Microsoft ices heated developers
Posted 6-Jul-2018 20:16


PB Technologies charged for its extended warranties and warned for bait advertising
Posted 3-Jul-2018 15:45


Almost 20,000 people claim credits from Spark
Posted 29-Jun-2018 10:40


Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.