You Are in:   Home  »  Blog  »  Voicemail “Hacking” isn’t new, it isn’t hard, isn’t clever
Loading...

SD Tabletwear iPad 2 / iPad 3 LuxFolio Case [REVIEW]

The moment I received my new iPad I was in awe. This is the device I’ve dreamed about since seeing the handheld tablets on Start Trek:TNG when I was a kid. As beautiful as the naked iPad is, having upgraded from the iPad 1 I’m very aware of how easy it is to scrape, dent [...]

More  » 

1 and 1 iOS Apps sloppy coding allows domain theft and email hijacking

In many ways this is much worse than the LinkedIn and Facebook Plist vulnerability exposed last week. Both social apps exposed plain text OAuth Tokens which enable a large amount of personal information to be snaffled from accounts, and in the case of Facebook, access any website or application you’ve authorised via Facebook. What makes [...]

More  » 

Using iOS Keychain for Data Protection and Migration

Given the number of requests I’m currently recieving re using the keychain following my post regarding the use of plain text credientials in plists I’ve decided to reprint an excellent series of articles from Use Your Loaf which helped me get to grips with Keychain access and permissions. Hope this helps out! Remember for maximum [...]

More  » 

AgileBits 1Password Updated OAuth Tokens Moved to Keychain

1Password, a cross platform passwords management solution  by Agile Bits snatched the crown for the first app developers to publicly test their own iOS app, own up to having, and subsequently fix the plist vulnerability discussed on my April 3rd Post Re Facebook Credential Theft Not only is their blog post oozing with professionalism and [...]

More  » 

LinkedIn also Vulnerable to Plist Theft

[UPDATED] LinkedIn update on 26-4-2012 appears to resolve this vulnerability, though no statement or reference to the vulnerability has been made by LinkedIn. Still, they have fixed it, which is a heck of a lot more than Facebook has done! Further testing on popular social apps has revealed that LinkedIn also suffers from the plist [...]

More  » 

Facebook Plist Mobile Security Hole Allows Identity Theft [Updated]

I’ve made posts about various iOS games and the fact that developers, rather than encode add to keychain or save values in the binaries, choose to save those values in plain text plists. The majority of traffic to this site is to the pages relating to using these oversights for cheating in iOS games, but [...]

More  » 

Scramble With Friends Cheats

A week ago I expressed my distaste with Zynga games charging to play games you had already purchased. In doing so, I showed how you could modify configuration files to bypass these charges and play free. Today I’m going to the same to scramble with friends. Scrabble with friends is a boggle type game just [...]

More  » 

Orange 3G and Data Down Nationwide #orangefail

Orange can’t tell me when it’ll be back up. Check out http://orangefail.co.uk for live tweets to see when it comes back up. Use hashtag #orangefail in tweets (if you can get online to tweet) wifi ftw!

More  » 

Dream Heights Cheats Zynga

Need extra coins, fater elevators or free floors?

More  » 

Voicemail “Hacking” isn’t new, it isn’t hard, isn’t clever

This is really starting to wind me up! There’s no hacking involved here at all. The voicemail “hack” is a well known shortcoming of cell voicemail services. When calling your voicemail number from your mobile your caller id is used to put you in the right mailbox, but if you call that voicemail number from [...]

More  » 

Remote CCTV Monitoring

IPM have just launched their new CCTV remote monitoring service from their newly built £20K operations centre in Derbyshire. For more info goto IPM Remote CCTV Monitoring

More  » 

Rather mad google maps directions

Some clever (bored) peeps spotted some rather strange google directions

More  » 

Gone in 60 Seconds Part 1: Your Online Identity on a Platter

Preconfigured Routers, Open WiFi and Session Hacking: In this two parter I hope to explain the dangers of and why most of us are effected though little fault of our own.

More  » 

OrangeFail.co.uk Orange 3G Outage Map Published

Throughout August Orange mobile cellular data suffered a huge loss in connectivity. Initial Orange Customer Service responses stated that outages were limited and service would resume shortly. It became quickly apparent from social network postings that the issue was not limited (unless one counts UK wide as limited). I set up http://orangefail.co.uk to raise awareness [...]

More  » 

OrangeFail

After 3 days of Orange Data failures I’ve set up #OrangeFail at http://orangefail.co.uk to bring together the collective frustrations of our twitter users and hopefully give some idea of where there are still problems occurring. Remember to user hashtag #orangefail to appear on the site!

More  » 

Simultaneous browser testing

Just a quick post as I’ve been sitting on this idea for a while and would like some quick feedback from other designers. As all web designers will tell you, it’s a pain in the proverbial to do any structured testing of sites in multiple browsers, noticing the nuances in each page as they render [...]

More  » 

A Quick Look At The New BBC News iPhone and iPad Apps

The long awaited and much disputed BBC News application is available on your iPod Touch, iPhone and iPad free of charge via the Apple AppStore.
As you would expect from Auntie, I was quickly impressed with the overall user experience.
Those familiar with the Pulse news application will recognise the familiar carousel allowing a simple swipe to reveal other stories in each section.

More  » 

Inception Movie Review – No Spoilers

Sadly it’s not often I feel the urge to post about a movie. In the case of Inception I find it hard not to. There is a good reason this film is seeing a lot of buzz in social media circle. Director Christopher Nolan made his name with the unforgettable Memento (no pun intended) though [...]

More  » 

PHP for Android Development

It’s almost here! For all us Javaphobes out there the PHP for Android project (PFA) was launched on 13/7/2010, the driving force behind which are the Linux specialists IronTec Although you can download and install a build, as of this articles publishing you can’t package your php based app as an APK. PFA say they’re busy [...]

More  » 

Apple to recall iphone4? Stock Market thinks so

There’s been much controversy about Apples latest and ”greatest” mobile offering the iPhone 4. Users (I refuse to brand every Apple user a ‘fanboi’) all over the world have reported serious antenna attenuation fluctuations when bridging the two external antenna (Gray band around the phone), causing varying degrees of signal loss. Facing growing media coverage Apple has announced a media conference this Friday 16th July [...]

More  » 

Corrupted disk

Apologies for the downtime earlier today. At about 7am one of our servers ran a routine filesystem check and found a few problems. Unfortunately/fortunately depending on your outlook,  the system insists on exclusive access to the partition when it restarts to verify all issues have been resolved. Everything is back up and running now! Any [...]

More  » 

Simple Decoding / Deobfuscating javascript with Ultraedit

Combined javascript beautifier and unpacking scripts for deans packer and javascriptobfuscator.com into one nice Ultraedit script

More  » 

Gunnery Template Sold

Many thanks for the kind comments and offers, site design has now been sold to Les Carpet and Tiles in Bromborough. I’ll update the portfolio and images as soon as I’ve complete the required customisations!

More  » 

The Gunnery Website for Sale

Despite the design being nominated for an award, unfortunately our Client doesn’t like the site. As such the design, coding and rights to the site are now up for sale. Please contact us for more information

More  » 

Get your own dynamic twitter signature

Nice eh! You can create your very own by going to our signature generator

More  » 

New Site Design

Currently under construction,please forgive any errors and omissions

More  » 
SD Tabletwear iPad 2 / iPad 3 LuxFolio Case [REVIEW] Apr 24, 2012
1 and 1 iOS Apps sloppy coding allows domain theft and email hijacking Apr 14, 2012
Using iOS Keychain for Data Protection and Migration Apr 13, 2012
AgileBits 1Password Updated OAuth Tokens Moved to Keychain Apr 10, 2012
LinkedIn also Vulnerable to Plist Theft Apr 7, 2012
Facebook Plist Mobile Security Hole Allows Identity Theft [Updated] Apr 3, 2012
Scramble With Friends Cheats Mar 17, 2012
Orange 3G and Data Down Nationwide #orangefail Mar 8, 2012
Dream Heights Cheats Zynga Feb 19, 2012
Voicemail “Hacking” isn’t new, it isn’t hard, isn’t clever Jul 20, 2011
Remote CCTV Monitoring Nov 15, 2010
Rather mad google maps directions Nov 4, 2010
Gone in 60 Seconds Part 1: Your Online Identity on a Platter Nov 2, 2010
OrangeFail.co.uk Orange 3G Outage Map Published Sep 6, 2010
OrangeFail Aug 20, 2010
Simultaneous browser testing Jul 28, 2010
A Quick Look At The New BBC News iPhone and iPad Apps Jul 27, 2010
Inception Movie Review – No Spoilers Jul 20, 2010
PHP for Android Development Jul 16, 2010
Apple to recall iphone4? Stock Market thinks so Jul 15, 2010
Corrupted disk Jul 12, 2010
Simple Decoding / Deobfuscating javascript with Ultraedit Jun 23, 2010
Gunnery Template Sold Mar 10, 2010
The Gunnery Website for Sale Dec 22, 2009
Get your own dynamic twitter signature Dec 21, 2009
New Site Design Dec 18, 2009
mouse wheel active

Voicemail “Hacking” isn’t new, it isn’t hard, isn’t clever

Written by:  Jul 20, 2011

This is really starting to wind me up!
There’s no hacking involved here at all.

The voicemail “hack” is a well known shortcoming of cell voicemail services.
When calling your voicemail number from your mobile your caller id is used to put you in the right mailbox, but if you call that voicemail number from another line you are asked for your mobile number and your pin code.
In the majority of cases users haven’t set a pin number so the default (lists available on the web) is used.
So all you have to do is find out what network they’re on by (in order of newbishness):

  • Ring the phone till you get redirected to voicemail
    • If they don’t have a personalised answer message you’ll get the default message which will say the orange/t-mobile, vodaphone etc
    • IF they do have a personalised message hit * to get to the main menu same applies as above
  • Google the phone number prefix -> different networks have different prefixes
    • Since the availbility of number porting this may not be accurate.
  • Try all the voicemail numbers till the cell number is recognised…duh
  • Send a network query message (online smsc services can provide this 99% accurate)

Once you know what network they are on just dial in, enter the mobile / cell number and the default pin.

 

If that doesn’t work fire up google / facebook etc and get the persons key dates, dob, anniversary etc and try those. “90% of the time it works every time”

If not you could just brute force the numbers, a small vb program and a skype out account makes this easy, though any decent security program would catch this I doubt there are any running, yet!

So at best that’s brute forcing or social engineering, a hacker would bypass the passcode altogether and simply setup an asterix box with a voip provider and spoof the targets caller id.

Once that’s done, send a network query message to find out the targets network, lookup the voicemail number and dial it with the spoofed caller id.

So long as the user hasn’t set up their voicemail account to require a password when called from their own mobile you’re straight into the account and can listen to messages at will.

It’s also worth noting that in current UK legislation it’s only illegal to intercept and alter communications, so as long as you only listen to old messages and don’t delete anything you aren’t actually breaking the law.

Once an email / voicemail / text has been heard or read by the intended recipient that communication has completed and cannot be intercepted thereafter.

Time for a change I think…..Food for though eh!

Categories: Blog

Leave a Reply

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Anonymous Google Search

Search the Web

Contact Us

Location

email[@]garethwright.com

Phone

07583 029 584

Info

We are generally available by phone between 9am - 7pm Mon-Sat but if you can\'t get hold of us please leave a message or email us at the above address and we will get back to you as soon as possible.