The recent allegations against British tabloid reporters accused of hacking into peoples' voicemail boxes to get a scoop on a story stunned the public.
But computer hackers have known about a surprisingly easy method to access voice mails for years. If fact, the illegal use of a perfectly legitimate business tool makes it possible for anybody to access someone else digital voicemails that are not password-protected.
One method is commonly called caller ID spoofing. It's nothing new, but the Internet has made it easy for even a technophobe to do it.
There are several companies on the Internet that offer services that essentially change your phone number into any number you want. We used one of these services to pretend that a cell phone was calling itself. If you call your cell phone's number, using your cell phone, it traditionally goes directly into the voice mail commands if its not password protected.
We used a desk phone on a traditional land line but used a caller ID spoofing service to cloak the desk phones true phone number. The number we gave the desk phone was a cell phone number. And when the desk phone called that cell phone, the cell phone thought it was calling itself and the call went directly into the voice mail commands.
Using these services, a person just needs a phone number to possibly access someone's voice mail illegally. Once in the voicemail command structure a hacker can do anything they want - listen to messages, delete messages or re-record an outgoing message.
Detecting the intrusion can be hard. The person on the other end can check their caller ID logs, but the log will only show they received a call from themselves.
Last year, Congress passed the Truth in Caller ID Act of 2010. It does not outlaw caller ID spoofing, but does make it illegal to use caller ID spoofing to "defraud or deceive." Each act is punishable by a fine up to $10,000 with a maximum total of $1 million.
The best way to prevent yourself from falling prey to a voice mail hacker is to put a password on your voicemail. The password you may have on your phone to unlock it and make calls is different than a voicemail password. The voicemail password is separate from your phone password.
And use a unique password because most default passwords that carriers set up with a new phone such as "0000" or "1234" are published on the Internet for anyone to find.
But computer hackers have known about a surprisingly easy method to access voice mails for years. If fact, the illegal use of a perfectly legitimate business tool makes it possible for anybody to access someone else digital voicemails that are not password-protected.
One method is commonly called caller ID spoofing. It's nothing new, but the Internet has made it easy for even a technophobe to do it.
There are several companies on the Internet that offer services that essentially change your phone number into any number you want. We used one of these services to pretend that a cell phone was calling itself. If you call your cell phone's number, using your cell phone, it traditionally goes directly into the voice mail commands if its not password protected.
We used a desk phone on a traditional land line but used a caller ID spoofing service to cloak the desk phones true phone number. The number we gave the desk phone was a cell phone number. And when the desk phone called that cell phone, the cell phone thought it was calling itself and the call went directly into the voice mail commands.
Using these services, a person just needs a phone number to possibly access someone's voice mail illegally. Once in the voicemail command structure a hacker can do anything they want - listen to messages, delete messages or re-record an outgoing message.
Detecting the intrusion can be hard. The person on the other end can check their caller ID logs, but the log will only show they received a call from themselves.
Last year, Congress passed the Truth in Caller ID Act of 2010. It does not outlaw caller ID spoofing, but does make it illegal to use caller ID spoofing to "defraud or deceive." Each act is punishable by a fine up to $10,000 with a maximum total of $1 million.
The best way to prevent yourself from falling prey to a voice mail hacker is to put a password on your voicemail. The password you may have on your phone to unlock it and make calls is different than a voicemail password. The voicemail password is separate from your phone password.
And use a unique password because most default passwords that carriers set up with a new phone such as "0000" or "1234" are published on the Internet for anyone to find.
No comments:
Post a Comment