Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




What does this tag do
862 posts

Ultimate Geek
+1 received by user: 161

Subscriber

Topic # 148799 1-Jul-2014 12:32
Send private message

Did anyone see this on 3 News last night and have a bit of a laugh?
http://www.3news.co.nz/Phone-hack-leaves-man-with-26k-bill/tabid/423/articleID/350806/Default.aspx


When I heard the headline I thought about the thousands of unsecured VoIP devices which will be running in the country, but it turned out to be one of the oldest tricks in the book- logging into voicemail with no PIN number. Maybe we will start to hear about VoIP hacking in 10 years time.

Of course you need a PIN number on your voicemail account. Not just to prevent this, but to prevent people listening to your voicemail, changing the greeting, changing your auto attendant, etc etc.

I really shouldn't even bring it up, it is such non-news but I just don't know how this still gets past news editors.

Create new topic
'That VDSL Cat'
6758 posts

Uber Geek
+1 received by user: 1280

Trusted
Spark
Subscriber

  Reply # 1077781 1-Jul-2014 12:45
Send private message

it seems like flawed logic from a software point of view, to allow access without a pin...

ild expect no pin would lead to the service outright not responding..



from the same logic, could the pin not be brute-forced over time? 




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.




What does this tag do
862 posts

Ultimate Geek
+1 received by user: 161

Subscriber

  Reply # 1077792 1-Jul-2014 12:49
Send private message

It could be as simple as pin of 0000 or 1234. I know PBXs I manage don't respond unless a PIN is set, but they are new compared to most out there.

 
 
 
 


7683 posts

Uber Geek
+1 received by user: 738

Subscriber

  Reply # 1077798 1-Jul-2014 12:54
Send private message

The the guy had been on Telecom it would have been picked up within 15 minutes after it started.   We got hacked  last year  buy a hacker coming in via port 5070 which had been opened the  day before for some remote testing.  Telecom  Intl toll bared our trunks  as soon as it started which was about 12.05 am on a Sunday morning..




Regards,

Old3eyes




What does this tag do
862 posts

Ultimate Geek
+1 received by user: 161

Subscriber

  Reply # 1077812 1-Jul-2014 13:05
One person supports this post
Send private message

old3eyes: The the guy had been on Telecom it would have been picked up within 15 minutes after it started.   We got hacked  last year  buy a hacker coming in via port 5070 which had been opened the  day before for some remote testing.  Telecom  Intl toll bared our trunks  as soon as it started which was about 12.05 am on a Sunday morning..


I'd be glad if VoIP hacking was making the headlines so people were more aware of the risks there, but this article appears to be about a plain old telephone system, dialling into people's voicemail box and setting up call forwarding.

Props to Telecom for their quick detection of your toll fraud though, good to hear

BDFL - Memuneh
59176 posts

Uber Geek
+1 received by user: 10412

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1077817 1-Jul-2014 13:10
Send private message

You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?






2090 posts

Uber Geek
+1 received by user: 848


  Reply # 1077833 1-Jul-2014 13:19
Send private message

The news channels really need someone with a little bit of nous to fact check when they do "technology" related stories.

The shear amount of utter bollocks spouted on national news is depressing.



What does this tag do
862 posts

Ultimate Geek
+1 received by user: 161

Subscriber

  Reply # 1077854 1-Jul-2014 13:29
One person supports this post
Send private message

Intergr8's wholesaler, Vodafone, says it is aware of Mr Bray's case and revealed up to 200 customers a year are affected, which has prompted a warning from an IT expert.

 

"Probably in excess of 50 percent of companies may have ineffective protection of their internal networks," says technology consultant Phil Strang.


It seems like someone in the story has the wrong end of the stick as well, 'ineffective protection of their internal networks' doesn't quite imply 'have your own security PIN on your voicemail'

25669 posts

Uber Geek
+1 received by user: 5415

Moderator
Trusted
Biddle Corp
Subscriber

  Reply # 1077858 1-Jul-2014 13:33
Send private message

My understanding is that this issue was nothing to do with VoIP and that it was a POTS based PBX that was compromised.

I also took great exception to 3news claiming they'd got the bill waived because they intervened. Why should the customer get any part of the bill waived?



812 posts

Ultimate Geek
+1 received by user: 536

Trusted

  Reply # 1077862 1-Jul-2014 13:36
Send private message

freitasm: You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?





AFAIK You're required to have a pin enabled to access your voicemail from a number that isn't your own

BDFL - Memuneh
59176 posts

Uber Geek
+1 received by user: 10412

Administrator
Trusted
Geekzone
Subscriber

  Reply # 1077863 1-Jul-2014 13:38
Send private message

Andib:
freitasm: You laugh but... Vodafone prepay users don't have an option to set PIN Required on voicemail access and On Account users need to call customer services to have this activated instead of having a flip-flop option in the voice menus. How bad is this?



AFAIK You're required to have a pin enabled to access your voicemail from a number that isn't your own


As if number spoofing wasn't easy...





276 posts

Ultimate Geek
+1 received by user: 59


  Reply # 1077864 1-Jul-2014 13:38
Send private message

wasabi2k: The news channels really need someone with a little bit of nous to fact check when they do "technology" related stories.

The shear amount of utter bollocks spouted on national news is depressing.


so what is bollock and not true about the news item - it is true that lots of business have insecure VM system, it is also true that lots of business get large bills to do with this "hack"  - is it high tech? No, but it still a problem that been around for a long time that has not been fix by a lot of business, and hopefully some more business will do a audit of their phone system after that news item. The only bollocks thing in the news item is that they want to get off the bill because they was to lazy / did not pay someone that know what they doing to secure their system - telco should not be left with the bill for the customer setup issue.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UAV Traffic Management Trial launching today in New Zealand
Posted 12-Dec-2017 16:06


UFB connections pass 460,000
Posted 11-Dec-2017 11:26


The Warehouse Group to adopt IBM Cloud to support digital transformation
Posted 11-Dec-2017 11:22


Dimension Data peeks into digital business 2018
Posted 11-Dec-2017 10:55


2018 Cyber Security Predictions
Posted 7-Dec-2017 14:55


Global Govtech Accelerator to drive public sector innovation in Wellington
Posted 7-Dec-2017 11:21


Stuff Pix media strategy a new direction
Posted 7-Dec-2017 09:37


Digital transformation is dead
Posted 7-Dec-2017 09:31


Fake news and cyber security
Posted 7-Dec-2017 09:27


Dimension Data New Zealand strengthens cybersecurity practice
Posted 5-Dec-2017 20:27


Epson NZ launches new Expression Premium Photo range
Posted 5-Dec-2017 20:26


Eventbrite and Twickets launch integration partnership in Australia and New Zealand
Posted 5-Dec-2017 20:23


New Fujifilm macro lens lands in New Zealand
Posted 5-Dec-2017 20:16


Cyber security not being taken seriously enough
Posted 5-Dec-2017 20:13


Sony commences Android 8.0 Oreo rollout in New Zealand
Posted 5-Dec-2017 20:08



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.