Security Hole in IPhone with AT&T

September 5, 2009

To be more precise, the security hole is with the network (AT&T network) IPhone uses. I noticed this problem while working on a Voice-enabled application using Asterisk and surprised to see that my voicemail is wideopen to public. Then later found out that this has been reported earlier by various folks (here and here) but seems like it is not fixed yet. So if you own an IPhone (or any other phone for that matter) with AT&T network, please keep  reading and I show you how to fix the problem yourself.

So what is the problem?

Others can listen to your voice mail, change your personal greeting and other settings.   AT&T voicemail identifies user based on incoming caller ID, so if callerID matches the phone # you are calling from, it assumes that you are calling yourself to check voice mail then it simply goes to voice mail (if you don’t have password set).

Am I protected or Not?

 Call yourself with your phone (by dialing 1 or dialing your number).  If you are prompted for a password, then you are fine.  If it takes your directly to  voice mail menu, then you are NOT secured. See how to set password below.

How to protect my voice mail?

Dial 1 to call Voicemail from your phone

Press * to get to the voicemail Main Menu

  • Press 4 for Personal Options
  • Press 2 for Administrative Options
  • Press 1 for Passwords
  • Press 2 to turn password on
  • Select any random 4– to 14–digit password

 

Why I am blogging this?

 I don’t know if new AT&T users may be forced to set password or not, but when I got my phone couple of years back and my voicemail was setup without password.  It ended up that most of my friends with IPhone also don’t have password setup for voicemail because simply they are not aware of the security hole.   With easy access to Open source PBX like Asterisk or spoofing calling cards, its not hard to exploit this security hole.  So if this blog helps people to realize how important is to set password, then my job is done.

Disclaimer

The opinions expressed in this blog post are my own and not of any company. The usual standard disclaimer applies, especially the fact that I am not liable for any damages caused by direct or  indirect use of the information.  I bear NO responsibility for content or misuse of this information or any derivatives thereof.  This post is NO WAY intended  to blame anyone, especially  AT&T.  They may have already posted about this issue somewhere on their website. 

Advertisements

4 Responses to “Security Hole in IPhone with AT&T”


  1. […] The rest is here: Security Hole in IPhone and AT&T « N Rao Lakkakula's Blog […]


  2. […] Security Hole in IPhone and AT&T « N Rao Lakkakula's Blog 5Sep2009 Filed under: iPhone, network Author: Author Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.Powered by WP Greet BoxTo be more precise, the security hole is with the network (AT&T network) iphone uses.. This has been reported earlier by various folks but seems like its still not fixed. So if you own an IPhone (or any other phone) with AT&T plan, … Excerpt from: Security Hole in IPhone and AT&T « N Rao Lakkakula's Blog […]


  3. Great site…keep up the good work. I read a lot of blogs on a daily basis and for the most part, people lack substance but, I just wanted to make a quick comment to say I’m glad I found your blog. Thanks,

    A definite great read.. :)

    -Bill-Bartmann

  4. Dan Says:

    For someone into “software” complaining that people can access mail without a password is pretty stupid. You should always set passwords, there is no excuse not to. And calling not setting a password as a “security hole”, is in itself pretty funny. While you may be in actual software I will not debate. Though so am I and I would never call something like this a security hole, over proper security measure. If a user fails to set a password then it is their fault, not a security hole. Even if people can spoof it. If a user doesn’t set passwords for things they own, they are the flaw of humanity not the technology they use.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: