Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Flaw threatens T-Mobile voice mail leaks

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Flaw threatens T-Mobile voice mail leaks
Date: Fri, 25 Feb 2005 03:48:09 -0600 (CST) 
http://news.com.com/Flaw+threatens+T-Mobile+voice+mail+leaks/2100-1002_3-5589608.html

By Robert Lemos 
Staff Writer, CNET News.com
February 24, 2005

A convenient voice mail feature has likely opened up many T-Mobile
subscribers' voice mail boxes to unauthorized attackers armed with a
simple hack, the embattled cellular service provider acknowledged on
Thursday.

The attack, publicized by wireless security firm Flexilis, could be
used to download a person's voice mail or take control of the victim's
voice mail functions, provided the attacker knew the subscriber's
phone number.

"The attacker would be able to listen to the victim's voice mail,
record the voice mail to a file on a remote server, and also make
calls out from the system posing at the victim," said John Hering,
director of business development for Flexilis. "This can all be done
from a public pay phone, which is extremely difficult to trace."

While Flexilis did not give details of the flaws, at least one
Internet site has pointed out that T-Mobile's voice mail system can be
accessed by anyone who uses a service to spoof caller ID. T-Mobile
acknowledged the problem, but said that the solution is simple: Users
should set their voice mail to require passwords.

"By default, customers are not required to put a password on their
voice mail," said spokesman Bryan Zidar. "If you enable the password
protection, it solves the problem."

Zidar said the issue has no relation to the high-profile privacy hits
suffered by Paris Hilton and other celebrities or a previous incident
where an online intruder had access to the mobile phone system.  
T-Mobile is still investigating that case and has not released how the
information was stolen.

"The silver lining of this Paris Hilton thing, is it is an opportunity
for customers to take further steps to protect their data," Zidar
said.

Flexilis also advised T-Mobile subscribers to change their voice mail
setting to require a password from the mobile device.



_________________________________________
Bellua Cyber Security Asia 2005 -
http://www.bellua.com/bcs2005
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Flaw threatens T-Mobile voice mail leaks, InfoSec News <=
Previous by Date:  [ISN] Spy fears spook IBM-Lenovo deal, InfoSec News
Next by Date:  [ISN] Q&A: Rep. Davis on latest federal IT security report card, InfoSec News
Previous by Thread:  [ISN] Spy fears spook IBM-Lenovo deal, InfoSec News
Next by Thread:  [ISN] Q&A: Rep. Davis on latest federal IT security report card, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]