<div class='os_post_top_link'><a href='http://www.gizmodo.com/gadgets/cellphones/exclusive-tmobile-voice-mail-compromised-how-to-protect-yourself-033996.php' target='_blank'>http://www.gizmodo.com/gadgets/cellphones/exclusive-tmobile-voice-mail-compromised-how-to-protect-yourself-033996.php</a><br /><br /></div><i>"It’s very strange to listen to an MP3 recording of your own voice mail. When John Hering of security firm Flexilis told me that they had reversed engineered the exploit that compromised Paris Hilton and Vin Diesel’s T-Mobile voice mail earlier this week, I wanted to see it for myself. I asked John to pop open my voicemail and send me a recording. I called myself with a neighbor’s land line, left myself a voice message, and then gave John my phone number. Twenty minutes later I not only had a recording of that voice mail in my email inbox, but had received two calls—from myself. We had been able to access my voicemail, sure, but had also used the system to make an outgoing call. In effect, my voicemail called me. In reality, John stood at a payphone in a cheap Mexican restaurant in downtown Los Angeles. He could have been anywhere."</i><br /><br />Here is some more insight into the T-Mobile/Paris Hilton problem. All you T-Mobile users should take a look at this. It looks like they have quite a breach on their hands. Oh BTW, there are some good Mexican restaurants in Los Angeles :)

I am not sure if I got the hack or the cure for the hack right. :?

When I call my T-Mobile Voicemail from another phone (not cellphone) I always have to enter a PIN #. And when I call my voicemail from the cellphone it goes directly to the inbox.

And I don't know how enabling the PIN for voicemail access from cellphone will enable security. If somebody is able to grab my handset to call my voicemail, that itself is a bigger problem.

I am not getting something..having a tough week I guess!

The problem seems to be that a caller can spoof your cell phone number (like faking caller ID to appear that his call is coming from another person - in this case your cellphone). That bypasses the "authentication".

Ah..caller ID spoof..that makes sense. Thanks.

But doesn't that mean that it should affect other carriers and services that use caller id to identify the caller.

And I hope that one is not able to spoof caller-id using gadgets found at the neighbourhood Radio Shack. Now that would be scary.

Only because of how scary it is to go into a Radio Shack! :rotfl:

Yes Kris, you are correct, I believe other carriers might be at risk, or even wide open to attack.

Is there no passcode? My carrier - Fido (http://www.fido.ca), uses Caller ID to identify me, but I still have to enter my passcode. It just by-passes the first step of entering my number. Is it not the same way with you guys?

I believe most of them have a PIN, but not by default -- and most people think they are secure by default. I guess its just a matter of user education.