Cell phone voicemail easily hacked

Majority of Sprint customers turned off password
Sprint's Charles Fleckenstein said Monday that Sprint customers were vulnerable to the attack. In fact, the majority of Sprint subscribers have turned off their password protection, he said.

"Having learned of this new method for potential voicemail abuse, Sprint is exploring ways to communicate with its customers about this potential threat," he said. "Sprint will also turn to exploring possible enhancements that could make the voicemail product even more secure against unauthorized use."

Fleckenstein said he couldn't comment on why the firm didn't issue a warning when caller ID spoofing systems came to light.

Ritch Blasi, a spokesman for Cingular, said only consumers who pay for service's "enhanced voicemail" have the ability to turn off their passwords. Cingular's new merger partner, AT&T wireless, doesn't let consumers turn off their passwords, he said.

He said there have been no complaints of voicemail hacking by Cingular consumers.

"We haven't received any calls into our customer care channels," he said, adding that very few consumers choose to skip the password step. "We haven't heard from customers that it's a problem."

Internet sites brag how easy it is
But word is out on the Internet that such cell-phone spying is easy. On one message board, a cell phone hacker brags about how easy it is to "bust your boyfriend/girlfriend."

"If you call your girlfriend/boyfriends cellphone and you have their own caller ID show up, it will fool there service provider into thinking that you are calling from their cell, and will go directly into their voicemail. If they have the "skip password" function on, wahla, you can hear all their messages," the poster writes. "I have tested this."

Verizon didn't immediately return calls for comment. Eagan said Verizon's service is largely unaffected by the attack. A spokesman for Nextel said there is no way to skip the password needed for using the service.

Both Blasi of Cingular and Fleckenstein of Sprint said consumers want convenience and have asked for password-disabling features. Both firms say they are informing consumers of the risk, and letting them choose the level of security they want to place on their voicemail.

"People have to take some onus to make sure they properly secure their own devices," Blasi said.

Sprint is considering sending a new warning out to consumers, Fleckenstein said.

"They will have to balance the ease of use versus the potential threat," he said. The responsible thing is to let them know the threat is out there, so  they can balance one verse the other."

Bob Sullivan is author of "Your Evil Twin: Behind the Identity Theft Epidemic."

MORE FROM WIRELESS

Wireless Section Front

Some 911 centers can’t keep tabs on cell phones The best iPhone apps for travelers U want job? Txt us, sez mobile phone company Report: Feds looking at AT&T, Verizon policies Obama says he gets daily prayers on BlackBerry NYC victims fight back against iPhone thieves Not all 3G wireless networks are created equal World’s largest commercial satellite in orbit Report: Dell developing pocket Web gadget Comcast rolls out wireless Web Wireless Section Front   Add Wireless headlines to your news reader: