Jester2600

Cellular Voicemail Hack Dead thanks to some asshole

7 posts in this topic

Ok so this asshole makes a video showing people who dont even appreciate or work to learn how to phreak and hack how to hack voicemails on cellulars. Now ive been using this hack before this guy knew it was possible, and thanks to him, the time when i needed it most, i cant fucking use it.

http://www.break.com/usercontent/2007/8/how-to-hack-into-cell-phone-voicemail-342982

Looks like the phone companies or the spoof websites caugt on to this trick after thousands of people tried it.

So how do we hack cellular voicemails now?

I know that you can still access voicemails like Tmobile by pressing * at the greeting and then typing the pin number "1234" by default

but this is not good enough because most people change their code when they signup for a service.

So what do we do now? anyone got any ideas? Anyone got any knowledge of how cellular vm systems work nowadays to share with us?

0

Share this post


Link to post
Share on other sites

This has been known for years, I'm sure it wasn't this video that got cell providers to update their system. I'm also sure there are still voicemail systems that are still validate based on CID or CPN so this can still be exploited.

0

Share this post


Link to post
Share on other sites

This has been known for years, I'm sure it wasn't this video that got cell providers to update their system. I'm also sure there are still voicemail systems that are still validate based on CID or CPN so this can still be exploited.

This technique might work on some landline VM's as well.

0

Share this post


Link to post
Share on other sites

Yeah, this has been well known for years and sometimes still works depending on a number of factors. I sure wouldn't blame some random video for it not working for you at this time.

0

Share this post


Link to post
Share on other sites

the way you ask the question should be rephrased... go back and read the forum rules about intent...

the way the question is worded implies that you are attempting to gain unauthorized access into someone elses voice mail...

this VM vunerability has been known for quite some time... shit paris hilton "hacked" linsey lohans voicemail with a spoofcard - so it is known not only by the P/H community and the telephone companies, but even idiot celebrities...

this is a convince option and i know i just set up my boost CDMA blackberry on the sprint network today, and it asked me if i wanted to turn this feature on or not... so many companies are providing this as an option... they did put a disclaimer that other people could access your VM if you set this feature to verify you by CID...

0

Share this post


Link to post
Share on other sites

  I'm not sure if the other carriers got their shit together, but T-Mobile is the one that's notorious for being able to deter spoofing. I actually ran this by chronomex earlier today, and his first thought was that a network verified bit was being passed via SS7. Sure enough, if you call your T-Mobile phone with a network verified bit and CPN set as your cell number, it'll log you into your voicemail the second it forwards the call. Props to him for being spot on. 

The system can be a bit picky, though. If you call in with your billing telephone number set as something that isn't your T-Mobile number, it'll, oddly enough, think you're trying to leave a message for your cell. If you call in with both btn/cpn fields set but no network verified bit, it detects it as a spoofing attempt and prompts for your password. If the fields you send in are all correct, but it contains a flag saying the call was forwarded from someone else's phone, it just acts as if you called in with no unusual fields.

Fortunately for all the evildoers out there, when a T-Mobile customer's calls are forwarded to voicemail, the T-Mobile switch cleans all that up. The forward data looks like it came from their phone, it rewrites the billing telephone number, and if you set it, is nice enough to pass the network verified bit for you.

So, yeah, we're back to square one again, assuming there's some crafty phreakz0rs here that know how to set that bit. In any event, it's cool to see they finally learned to deter all the random idiots who think they're hot shit because they paid $10 for a spoofcard.

This technique might work on some landline VM's as well.

Generally, at least in my area, no. Even when you call from your own number, the voicemail system is smart enough not to give customers the option of logging in automatically.

EDIT: By network verified, I mean network provided. I fail at terminology :(

Edited by ThoughtPhreaker
0

Share this post


Link to post
Share on other sites

Yes, the cell providers have been aware of these issues since at least as early as 2002. Yet,

they choose to voluntarily do nothing about it, because their did not perceive any risk and justified

that the probability at least at that time was small. And it really wasn't until the paid spoofing

services started appearing that the general public could perform the exploit with ease.

That said, last year several of the companies were fined by the FCC for not fixing this problem. And

that is more likely the reason that finally after years, the cellphone providers decided to do something about it.

Personally I think it is way overdue and could think of many instances where individuals could illegally access

voicemail systems and gain a lot of proprietary and legally protected information. Just think about a lawyer at a

lawfirm or CEO of a major company. Chances are these people would have it setup on their mobile phones for the ease

of use, and any kid with a $5 spoofcard could then dialin and listen/delete or forward messages.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now