ALERT: AT&T voice-mail is not secure, access can be easily spoofed

As an AT&T Mobility customer, when making a call to your voice-mail from
your cell phone, you don't have to enter your pin number as you normally
would from a landline. This is a nice convenience. It should be
implemented by having the network verify that the call came from the
correct AT&T Mobility SIM. Instead, AT&T Mobility has taken the easy way
out of just using Caller ID, which can be easily spoofed by anyone.
(I verified this by spoofing Caller ID for my own AT&T Mobility service
from a landline.)

This could be a very serious problem depending on what's in the
voice-mail. In addition, this could be used to send spoofed voice
messages to other AT&T Mobility subscribers.

It seems the Los Angeles County District Attorney went after AT&T over
unauthorized access to voice-mail, and they settled just last month, as
I learned when I reported the problem to the Office of the President.
Talking Points of the settlement:

AT&T is committed to providing secure access to our customers'
voicemail and we are working on technological solutions to prevent
spoofing. We encourage customers to add a password to their voicemail
account for added security.

AT&T takes the security of our customers and their devices seriously.
While reports of spoofing technology being used to access a
customer's voicemail are extremely rare, we will be encouraging all
customers to set up a password for voicemail access for added
security.

We also took steps before we were contacted by the District
Attorney's Office to help our sales and customer service personnel
educate customers on spoofing risks and how to set up a password, and
we continue to explore technological solutions to combat spoofing.

The password on voice-mail is currently set to off by default.
Unfortunately, the password option is buried deep enough in the
voice-mail system menus (Personal Options -> Administrative Options ->
Password Options) that most subscribers probably won't find it.

I have agreed to wait for up to 90 days for AT&T to resolve the issue.
--
Best regards, FAQ for Wireless Internet: <http://wireless.navas.us>
John FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>

You have this problem even on a Motorola?


On Tue, 16 Dec 2008 10:27:46 -0800, John Navas
<spamfilter1@navasgroup.com> wrote:

>As an AT&T Mobility customer, when making a call to your voice-mail from
>your cell phone, you don't have to enter your pin number as you normally
>would from a landline. This is a nice convenience. It should be
>implemented by having the network verify that the call came from the
>correct AT&T Mobility SIM. Instead, AT&T Mobility has taken the easy way
>out of just using Caller ID, which can be easily spoofed by anyone.
>(I verified this by spoofing Caller ID for my own AT&T Mobility service
>from a landline.)
>
>This could be a very serious problem depending on what's in the
>voice-mail. In addition, this could be used to send spoofed voice
>messages to other AT&T Mobility subscribers.
>
>It seems the Los Angeles County District Attorney went after AT&T over
>unauthorized access to voice-mail, and they settled just last month, as
>I learned when I reported the problem to the Office of the President.
>Talking Points of the settlement:
>
> AT&T is committed to providing secure access to our customers'
> voicemail and we are working on technological solutions to prevent
> spoofing. We encourage customers to add a password to their voicemail
> account for added security.
>
> AT&T takes the security of our customers and their devices seriously.
> While reports of spoofing technology being used to access a
> customer's voicemail are extremely rare, we will be encouraging all
> customers to set up a password for voicemail access for added
> security.
>
> We also took steps before we were contacted by the District
> Attorney's Office to help our sales and customer service personnel
> educate customers on spoofing risks and how to set up a password, and
> we continue to explore technological solutions to combat spoofing.
>
>The password on voice-mail is currently set to off by default.
>Unfortunately, the password option is buried deep enough in the
>voice-mail system menus (Personal Options -> Administrative Options ->
>Password Options) that most subscribers probably won't find it.
>
>I have agreed to wait for up to 90 days for AT&T to resolve the issue.

Yes, on any phone, mobile or landline.

On Tue, 16 Dec 2008 13:35:15 -0600, Ron <ron.clifford@peoplepc.com>
wrote in <3n0gk45lbsk2s4visj0a3ir5i070359eja@4ax.com>:

>You have this problem even on a Motorola?
>
>On Tue, 16 Dec 2008 10:27:46 -0800, John Navas
><spamfilter1@navasgroup.com> wrote:
>
>>As an AT&T Mobility customer, when making a call to your voice-mail from
>>your cell phone, you don't have to enter your pin number as you normally
>>would from a landline. This is a nice convenience. It should be
>>implemented by having the network verify that the call came from the
>>correct AT&T Mobility SIM. Instead, AT&T Mobility has taken the easy way
>>out of just using Caller ID, which can be easily spoofed by anyone.
>>(I verified this by spoofing Caller ID for my own AT&T Mobility service
>>from a landline.)
>>
>>This could be a very serious problem depending on what's in the
>>voice-mail. In addition, this could be used to send spoofed voice
>>messages to other AT&T Mobility subscribers.
>>
>>It seems the Los Angeles County District Attorney went after AT&T over
>>unauthorized access to voice-mail, and they settled just last month, as
>>I learned when I reported the problem to the Office of the President.
>>Talking Points of the settlement:
>>
>> AT&T is committed to providing secure access to our customers'
>> voicemail and we are working on technological solutions to prevent
>> spoofing. We encourage customers to add a password to their voicemail
>> account for added security.
>>
>> AT&T takes the security of our customers and their devices seriously.
>> While reports of spoofing technology being used to access a
>> customer's voicemail are extremely rare, we will be encouraging all
>> customers to set up a password for voicemail access for added
>> security.
>>
>> We also took steps before we were contacted by the District
>> Attorney's Office to help our sales and customer service personnel
>> educate customers on spoofing risks and how to set up a password, and
>> we continue to explore technological solutions to combat spoofing.
>>
>>The password on voice-mail is currently set to off by default.
>>Unfortunately, the password option is buried deep enough in the
>>voice-mail system menus (Personal Options -> Administrative Options ->
>>Password Options) that most subscribers probably won't find it.
>>
>>I have agreed to wait for up to 90 days for AT&T to resolve the issue.
--
Best regards, FAQ for Wireless Internet: <http://wireless.navas.us>
John FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>

So Motorola Phones are no good, then.

On Tue, 16 Dec 2008 12:39:12 -0800, John Navas
<spamfilter1@navasgroup.com> wrote:

>Yes, on any phone, mobile or landline.
>
>On Tue, 16 Dec 2008 13:35:15 -0600, Ron <ron.clifford@peoplepc.com>
>wrote in <3n0gk45lbsk2s4visj0a3ir5i070359eja@4ax.com>:
>
>>You have this problem even on a Motorola?
>>
>>On Tue, 16 Dec 2008 10:27:46 -0800, John Navas
>><spamfilter1@navasgroup.com> wrote:
>>
>>>As an AT&T Mobility customer, when making a call to your voice-mail from
>>>your cell phone, you don't have to enter your pin number as you normally
>>>would from a landline. This is a nice convenience. It should be
>>>implemented by having the network verify that the call came from the
>>>correct AT&T Mobility SIM. Instead, AT&T Mobility has taken the easy way
>>>out of just using Caller ID, which can be easily spoofed by anyone.
>>>(I verified this by spoofing Caller ID for my own AT&T Mobility service
>>>from a landline.)
>>>
>>>This could be a very serious problem depending on what's in the
>>>voice-mail. In addition, this could be used to send spoofed voice
>>>messages to other AT&T Mobility subscribers.
>>>
>>>It seems the Los Angeles County District Attorney went after AT&T over
>>>unauthorized access to voice-mail, and they settled just last month, as
>>>I learned when I reported the problem to the Office of the President.
>>>Talking Points of the settlement:
>>>
>>> AT&T is committed to providing secure access to our customers'
>>> voicemail and we are working on technological solutions to prevent
>>> spoofing. We encourage customers to add a password to their voicemail
>>> account for added security.
>>>
>>> AT&T takes the security of our customers and their devices seriously.
>>> While reports of spoofing technology being used to access a
>>> customer's voicemail are extremely rare, we will be encouraging all
>>> customers to set up a password for voicemail access for added
>>> security.
>>>
>>> We also took steps before we were contacted by the District
>>> Attorney's Office to help our sales and customer service personnel
>>> educate customers on spoofing risks and how to set up a password, and
>>> we continue to explore technological solutions to combat spoofing.
>>>
>>>The password on voice-mail is currently set to off by default.
>>>Unfortunately, the password option is buried deep enough in the
>>>voice-mail system menus (Personal Options -> Administrative Options ->
>>>Password Options) that most subscribers probably won't find it.
>>>
>>>I have agreed to wait for up to 90 days for AT&T to resolve the issue.

That makes no sense at all.

On Wed, 17 Dec 2008 08:32:11 -0600, Ron <ron.clifford@peoplepc.com>
wrote in <ra3ik4lq36q4qlgrqdf59nje070edbe6ni@4ax.com>:

>So Motorola Phones are no good, then.
>
>On Tue, 16 Dec 2008 12:39:12 -0800, John Navas
><spamfilter1@navasgroup.com> wrote:
>
>>Yes, on any phone, mobile or landline.
>>
>>On Tue, 16 Dec 2008 13:35:15 -0600, Ron <ron.clifford@peoplepc.com>
>>wrote in <3n0gk45lbsk2s4visj0a3ir5i070359eja@4ax.com>:
>>
>>>You have this problem even on a Motorola?
>>>
>>>On Tue, 16 Dec 2008 10:27:46 -0800, John Navas
>>><spamfilter1@navasgroup.com> wrote:
>>>
>>>>As an AT&T Mobility customer, when making a call to your voice-mail from
>>>>your cell phone, you don't have to enter your pin number as you normally
>>>>would from a landline. This is a nice convenience. It should be
>>>>implemented by having the network verify that the call came from the
>>>>correct AT&T Mobility SIM. Instead, AT&T Mobility has taken the easy way
>>>>out of just using Caller ID, which can be easily spoofed by anyone.
>>>>(I verified this by spoofing Caller ID for my own AT&T Mobility service
>>>>from a landline.)
>>>>
>>>>This could be a very serious problem depending on what's in the
>>>>voice-mail. In addition, this could be used to send spoofed voice
>>>>messages to other AT&T Mobility subscribers.
>>>>
>>>>It seems the Los Angeles County District Attorney went after AT&T over
>>>>unauthorized access to voice-mail, and they settled just last month, as
>>>>I learned when I reported the problem to the Office of the President.
>>>>Talking Points of the settlement:
>>>>
>>>> AT&T is committed to providing secure access to our customers'
>>>> voicemail and we are working on technological solutions to prevent
>>>> spoofing. We encourage customers to add a password to their voicemail
>>>> account for added security.
>>>>
>>>> AT&T takes the security of our customers and their devices seriously.
>>>> While reports of spoofing technology being used to access a
>>>> customer's voicemail are extremely rare, we will be encouraging all
>>>> customers to set up a password for voicemail access for added
>>>> security.
>>>>
>>>> We also took steps before we were contacted by the District
>>>> Attorney's Office to help our sales and customer service personnel
>>>> educate customers on spoofing risks and how to set up a password, and
>>>> we continue to explore technological solutions to combat spoofing.
>>>>
>>>>The password on voice-mail is currently set to off by default.
>>>>Unfortunately, the password option is buried deep enough in the
>>>>voice-mail system menus (Personal Options -> Administrative Options ->
>>>>Password Options) that most subscribers probably won't find it.
>>>>
>>>>I have agreed to wait for up to 90 days for AT&T to resolve the issue.
--
Best regards, FAQ for Wireless Internet: <http://wireless.navas.us>
John FAQ for Wi-Fi: <http://wireless.navas.us/wiki/Wi-Fi>
Wi-Fi How To: <http://wireless.navas.us/wiki/Wi-Fi_HowTo>
Fixes to Wi-Fi Problems: <http://wireless.navas.us/wiki/Wi-Fi_Fixes>

Navas is a ****ing idiot. He is depressed during x'mas.


In article <elmop-30EEDB.12473417122008@mara100-84.onlink.net>,
"Elmo P. Shagnasty" <elmop@nastydesigns.com> wrote:

> In article <lvdik4lrh2dv4l8u0t9i19rm7i0qoq4200@4ax.com>,
> John Navas <spamfilter1@navasgroup.com> wrote:
>
> > That makes no sense at all.
>
> To YOU, of course it doesn't.
>
> To the rest of the world, who knows how technology works, this is
> child's play. Understanding it is certainly as easy as understanding
> 2+2.
>
> Again--to YOU.