Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Submission + - cingular voicemail hack

gomez writes: "i have no idea where to let people know about this. but i'm loyal to slashhdot so why not here?

i'm an admin for a call center and i was messing around with caller id the other day. i remember dialing voicemail by pressing 1 on my cingular cell phone and getting straight in w/ out a verification of password. well i thought, what if i can change my outbound ISDN caller ID on my landline phone to a friends phone, figuring that if the mechanism is only checking caller ID why not fake it? it totally worked. i was in my friends voicemail checking his messages.

i thought, well who has the power to change caller id? only admins right? well i checked the client app for use with our PBX, and lo and behold they of course (with certain user privileges) have the power to change outbound caller ID on the fly. I think most phone systems these days in a business environment allow a user to do so, but again only if they have the privileges.

cingular has already been notified about this, i just thought i'd light the fire under their arses.

check your phone software to see if you can change your outbound caller id.. i bet you see the same result.

    — gomez"

Computers are not intelligent. They only think they are.

Working...