Mobile Phone Voicemail Security

This content has been archived. It may no longer be relevant

Mobile phone security has greatly improved since the days when it was child’s play to intercept phone calls. While the technology has improved, users have become complacent. This is well known with the way access controls are neglected. Examples of this are weak passwords, using the same password for multiple systems, recording passwords on post-it notes, etc..

Social engineering is currently the best way to circumvent security. It works on deception and the gullibility of users. This is clearly seen with the mobile phone voicemail hacking case recently heading the UK news.

Gaining access to someone’s voicemail is very simple as long as you have their mobile number. You call a central number and key in their mobile phone number. To gain access you’ll need their four-digit personal identification number (PIN). This can be easy to guess as it may still beset with the default PIN. Or, it is set with a very simple number like 1234, 4321, etc.

The same is true for accessing someone’s workplace voicemail. Many PINs are set with their own extension number.

If the PIN cannot be guessed, the attacker may attempt to trick the network provider into releasing the PIN or change the PIN.

I’m not sure what the exact details of the recent mobile phone voicemail hacking cases. I do know that users need to take more responsibility for their own security. The operators will improve their procedures, so users need to do their bit too.

A simple rule for securing your mobile voicemail is to ensure that you change the default PIN code for accessing your voicemail. Additionally, where possible, ask your mobile provider to disable voicemail access from external lines.