Your cellphone voicemail is easily hacked, if you don't use a password.

Breaking into someone’s voice mailbox is done using a readily available online service known as “caller ID spoofing,’’ which can make a call appear to be coming from any phone number. Hackers can use it to access someone else’s voice mail messages by fooling the system into thinking the call is coming from the owner’s cellphone.

To make a spoof call, you go to one of the Web-based spoof services, type in your actual phone number, the number you want to call, and the number you want to appear on the target’s caller ID. Hit enter, and the website calls your phone. On the other end of the line, the number you chose shows up on the caller ID.

If the mailbox is not protected by a password, as is often the case, the attacker can hear and even delete messages in the target’s voice mailbox.

There are numerous spoofing services in the United States; all you need to do is Google them. Although these services are used by hackers to commit crimes, they’re also used legitimately by, for example, battered women who do not want their calls traced, or law enforcement agents operating undercover.

Three of the four major US cellphone carriers - AT&T, T- Mobile, and Sprint - do not require customers who call voice mail on their own phones to use a password to listen to messages, making them vulnerable to malicious spoofers. That is a serious shortcoming, said Meir Cohen, president of Teltech Systems Inc., a caller ID spoofing company in Toms River, N.J., who is aware of how easily the service he provides can be misused.

“They should require a password every time a customer calls in to check their voice mail,’’ Cohen said, adding that unless every cellphone company makes voice mail passwords mandatory at all times, they’re giving customers “a false sense of security.’’


Link:
http://www.boston.com/business/technology/articles/2011/07/13/most_cellphone_voice_mail_is_vulnerable/?p1=News_links