Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


What does this tag do
972 posts

Ultimate Geek
+1 received by user: 203

Subscriber

Topic # 148799 1-Jul-2014 12:32
Send private message

Did anyone see this on 3 News last night and have a bit of a laugh?
http://www.3news.co.nz/Phone-hack-leaves-man-with-26k-bill/tabid/423/articleID/350806/Default.aspx


When I heard the headline I thought about the thousands of unsecured VoIP devices which will be running in the country, but it turned out to be one of the oldest tricks in the book- logging into voicemail with no PIN number. Maybe we will start to hear about VoIP hacking in 10 years time.

Of course you need a PIN number on your voicemail account. Not just to prevent this, but to prevent people listening to your voicemail, changing the greeting, changing your auto attendant, etc etc.

I really shouldn't even bring it up, it is such non-news but I just don't know how this still gets past news editors.

Create new topic
'That VDSL Cat'
8689 posts

Uber Geek
+1 received by user: 1879

Trusted
Spark
Subscriber

  Reply # 1077781 1-Jul-2014 12:45
Send private message

it seems like flawed logic from a software point of view, to allow access without a pin...

ild expect no pin would lead to the service outright not responding..



from the same logic, could the pin not be brute-forced over time? 




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




What does this tag do
972 posts

Ultimate Geek
+1 received by user: 203

Subscriber

  Reply # 1077792 1-Jul-2014 12:49
Send private message

It could be as simple as pin of 0000 or 1234. I know PBXs I manage don't respond unless a PIN is set, but they are new compared to most out there.

7874 posts

Uber Geek
+1 received by user: 790

Subscriber

  Reply # 1077798 1-Jul-2014 12:54
Send private message

The the guy had been on Telecom it would have been picked up within 15 minutes after it started.   We got hacked  last year  buy a hacker coming in via port 5070 which had been opened the  day before for some remote testing.  Telecom  Intl toll bared our trunks  as soon as it started which was about 12.05 am on a Sunday morning..




Regards,

Old3eyes




What does this tag do
972 posts

Ultimate Geek
+1 received by user: 203

Subscriber

  Reply # 1077812 1-Jul-2014 13:05
One person supports this post
Send private message

old3eyes: The the guy had been on Telecom it would have been picked up within 15 minutes after it started.   We got hacked  last year  buy a hacker coming in via port 5070 which had been opened the  day before for some remote testing.  Telecom  Intl toll bared our trunks  as soon as it started which was about 12.05 am on a Sunday morning..


I'd be glad if VoIP hacking was making the headlines so people were more aware of the risks there, but this article appears to be about a plain old telephone system, dialling into people's voicemail box and setting up call forwarding.

Props to Telecom for their quick detection of your toll fraud though, good to hear

BDFL - Memuneh
61323 posts

Uber Geek
+1 received by user: 12066

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1077817 1-Jul-2014 13:10
Send private message

You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?






2091 posts

Uber Geek
+1 received by user: 848


  Reply # 1077833 1-Jul-2014 13:19
Send private message

The news channels really need someone with a little bit of nous to fact check when they do "technology" related stories.

The shear amount of utter bollocks spouted on national news is depressing.



What does this tag do
972 posts

Ultimate Geek
+1 received by user: 203

Subscriber

  Reply # 1077854 1-Jul-2014 13:29
One person supports this post
Send private message

Intergr8's wholesaler, Vodafone, says it is aware of Mr Bray's case and revealed up to 200 customers a year are affected, which has prompted a warning from an IT expert.

 

"Probably in excess of 50 percent of companies may have ineffective protection of their internal networks," says technology consultant Phil Strang.


It seems like someone in the story has the wrong end of the stick as well, 'ineffective protection of their internal networks' doesn't quite imply 'have your own security PIN on your voicemail'

27065 posts

Uber Geek
+1 received by user: 6508

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 1077858 1-Jul-2014 13:33
Send private message

My understanding is that this issue was nothing to do with VoIP and that it was a POTS based PBX that was compromised.

I also took great exception to 3news claiming they'd got the bill waived because they intervened. Why should the customer get any part of the bill waived?



910 posts

Ultimate Geek
+1 received by user: 595

Trusted

  Reply # 1077862 1-Jul-2014 13:36
Send private message

freitasm: You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?





AFAIK You're required to have a pin enabled to access your voicemail from a number that isn't your own

BDFL - Memuneh
61323 posts

Uber Geek
+1 received by user: 12066

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 1077863 1-Jul-2014 13:38
Send private message

Andib:
freitasm: You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?



AFAIK You're required to have a pin enabled to access your voicemail from a number that isn't your own


As if number spoofing wasn't easy...





320 posts

Ultimate Geek
+1 received by user: 75


  Reply # 1077864 1-Jul-2014 13:38
Send private message

wasabi2k: The news channels really need someone with a little bit of nous to fact check when they do "technology" related stories.

The shear amount of utter bollocks spouted on national news is depressing.


so what is bollock and not true about the news item - it is true that lots of business have insecure VM system, it is also true that lots of business get large bills to do with this "hack"  - is it high tech? No, but it still a problem that been around for a long time that has not been fix by a lot of business, and hopefully some more business will do a audit of their phone system after that news item. The only bollocks thing in the news item is that they want to get off the bill because they was to lazy / did not pay someone that know what they doing to secure their system - telco should not be left with the bill for the customer setup issue.

Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.