Cyber Security Articles & News

Can Australian voicemail be hacked? Optus, Telstra and Vodafone respond

The News International scandal over voicemail hacking may have focused on Britain so far, but it made us wonder whether Australian voicemail is safe.

It's especially relevant in the context of business travel, where voicemail to people in different timezones or undertaking negotiations could yield all sorts of risky and confidential information.

Travellers get messages indicating the locations of executives; staffers may comment on unannounced company strategies with the reasonable expectation of privacy, and for travellers living it up, "what happens on the trip" may not "stay on the trip" if someone leaves a voicemail about it and it is hacked.

Hacker Kevin Mitnick's explanation of how easy it is to get into someone's voicemail highlights just how easy it is to hack into someone's voicemail.

Put simply, someone just needs to set up an internet telephony service that can fake the caller ID, so a call to a mobile phone company's voicemail retrieval service appears to be coming from someone's mobile phone number.

As the caller appears to be calling in from their handset, most voicemail services won't ask for a PIN number, and a hacker will have full access to listen to the voicemails.

We asked Optus, Telstra and VHA (Vodafone/3) what their thoughts on the risk of voicemail hacking in Australia was.

All the carriers denied any knowledge of any voicemail hacking having taken place on their networks.

Optus

"Optus takes the privacy of our customers very seriously. Customers must set a unique PIN to activate their voicemail system. When their PIN is reset by a customer service representative, they are advised to reset their PIN to something that only they will know.

"With regards to spoofing, we are looking at multiple options to address this emerging industry-wide threat, including technical solutions and customer education."

Vodafone

"If a customer is accessing their voicemail account from another handset or fixed line, they will be prompted to enter their PIN before they can proceed to their voicemail inbox.

"If a customer calls our customer care team to request a voicemail PIN reset (or if they call us and are unsure about their existing PIN code) we initiate a three-point identification process that all customers must go through to make any changes or access account information.

"We believe the processes we have in place for voicemail PIN protection offer an appropriate level of security."

Telstra

"As we understand it, the News of the World ‘hacking’ used both caller ID spoofing and remote retrieval via services still using a default PIN.

"Caller ID spoofing is not possible on either our mobile or fixed networks.

"We do not use default voicemail PINs on our mobile network. Activating your mobile voicemail requires you to set up a unique PIN before the service can be used.

"The default PIN used for initiating a fixed line voicemail service cannot be used for remote retrieval. Customers using remote retrieval for fixed voicemail have to set their own unique PIN."

For this original article and other relevant business news please refer to the source.

Source: Australian Business Traveller

Topics: smartphones, three-point identification, Vodafone, spoofing, Chief Security Officer, computer security expert, hacking, keynote speaker, mobile networks, KnowBe4, Telstra, Three, voicemail, Optus, Kevin Mitnick

Latest Posts

Kevin offers three excellent presentations, two are based on his best-selling books. His presentations are akin to technology magic shows that educate and inform while keeping people on the edge of their seats. He offers expert commentary on issues related to information security and increases “security awareness.”

Times Your Company May Need a Cyber Security Expert Witness

Expert witnesses are commonplace in the legal world to provide well…expert… insight into cyber scenarios. Because the Average Joe may not know the tec..

Read more ›

What Is a Security Vulnerability Assessment?

When it comes to online security, you want to find the issues before cyber criminals figure it out for you. Penetration tests, or pentests, are annual..

Read more ›

The Growth of Ransomware Attacks

“Ransomware” is a buzzword that’s undoubtedly been splashed all across the news in the past two years. The cyberattack gets its name for the financial..

Read more ›
tech-texture-bg