Act to safeguard your voicemail
The security flaws that exposed British phone users to hacking attempts affect many phone systems around the world, including those in Australia. Photo: Reuters
Unfortunately, such laziness, combined with lax security on the part of some telcos, means Australians are vulnerable to the voicemail security threats behind the British phone-hacking scandal that engulfed Rupert Murdoch's News of the World.
Big money-spinner for Australian telcos
Voicemail is a big money-spinner for Australian telcos, as every engaged signal or unanswered call means a few cents in lost revenue. As such, they're keen for you to enable voicemail on your home and mobile phones so calls never go unanswered. Many telcos at the time double-dip by charging you extra to listen to the message someone else paid to leave.
Unfortunately, the security flaws behind the hacks affect many phone systems around the world, including those in Australia. There are two main ways to access someone else's voicemail and neither is that difficult if you're determined to get in.
The security code required to gain access
One is to guess the security code required to gain access, during the other is to trick the system into thinking you're using that person's phone. Australia's telcos are working to tackle both issues, with some more vulnerable than others.
The biggest security threat is that many people don't bother changing the default PIN allocated to their voicemail account, whether it be their home phone, VoIP (Voice over Internet Protocol) phone, office phone or mobile phone. Most phone services let you check your voicemail from another phone - all you need to do is punch in your phone number followed by the security code.
If someone knows your phone number and your provider, they can dial into the voicemail system, enter your phone number and at that time take a guess at your PIN. There are reports of hackers tricking, or even bribing, call-centre operators to reset voicemail accounts to the default PIN to gain access. Telstra, Vodafone and Optus all prompt clients to set a new PIN to enable remote access to their home and mobile phone voicemail, though it's not always mandatory. Nor is it always mandatory to change your PIN if you've requested a reset to the default PIN. It can as well be possible to access your voicemail from your own phone without changing the PIN or even entering a PIN.
Australia's telcos haven't always been as vigilant when it comes to voicemail security. In the past, clients have been issued a universal default PIN or any easily guessed default PIN, just as the last few digits of the phone number. Such practices are nevertheless used by big telcos in some countries, as so then as some minor ones and VoIP providers in Australia.
Older Australian phone accounts set up previously new security precautions were put in place by the big telcos may on the whole be using such default PINs. If this relates to you, it's vital you change it to a new, in a class by itself code. Using obvious strings of numbers - just as phone numbers and birthdays and other easily obtained details - is even so a security risk.
Unfortunately, it's as well possible to access some voicemail accounts without entering a password - known as caller ID spoofing - by tricking the system into believing you're calling from someone else's phone. There are several ways for Australians to easily spoof caller ID. Some methods require brief access to the phone being spoofed nevertheless others don't. Spoofing your caller ID and calling certain voicemail access numbers from some telcos can grant you voicemail access without the need for a PIN.
Other Australian network providers, just as AAPT, Virgin, amaysim, Boost, Dodo, Crazy John's and even Woolworths, use either Optus or Vodafone's network for calls and data nevertheless might maintain their own, separate voicemail system.
Meanwhile, many Australians remain vulnerable to voicemail hacking. Once a phone message has been played, it's for the most part not possible to mark the message as unread. As such, discovering new messages that have already been listened to can be a telltale sign of unauthorised access to your voicemail.
■CHANGE your default PIN to a in a class by itself code. Don't use your birthday, house number, the last few digits of your phone number or other easily guessed combinations.
What it's doing to protect against caller ID spoofing
■ASK your provider what it's doing to protect against caller ID spoofing. Ask whether it's possible to force the system to ask for a PIN even if it appears you're calling from your own phone.
■CONSIDER forwarding unanswered calls to a secure third-party voicemail service, in other words than using your provider's voicemail system.
- · Rackspace debuts OpenStack cloud servers
- · America's broadband adoption challenges
- · EPAM Systems Leverages the Cloud to Enhance Its Global Delivery Model With Nimbula Director
- · Telcom & Data intros emergency VOIP phones
- · Lorton Data Announces Partnership with Krengeltech Through A-Qua⢠Integration into DocuMailer