Posted by oussama at 5:57 AM
Hacking into mobile voice mail is surprisingly easy on three of the four largest cell-phone carriers in the US, thanks to web-based services that make your call appear to come from the cell phone you're trying to hack.
Easy access to voice mail is a common convenience on many phones. Opening a mobile displays an icon if someone has left a voice message. Click on the icon, and the phone automatically dials the voice mail box - some without even requiring a password. It's insecure, but a lot of users don't think about it. AT&T Wireless, for example, buries instructions for adding a password deep in its web site. Sprint and T-Mobile also don't require passwords; only Verizon does.
How does it work? The phone is programmed to dial the voice mail number, and the mail system looks at the caller ID of the incoming call to see whose voice mail box to access. It's simple and easy, but it's wide open to anyone who can spoof caller ID (or to someone who finds your phone).
At the end of last year, Congress passed a law making spoofing illegal - but only if used "with the intent to defraud, cause harm or wrongfully obtain value." It's had little effect in slowing caller ID or telemarketing fraud.
The internet offers many web-based spoofing services, easy to locate by searching for "caller ID spoof". Users enter the number they are calling from, the number they are calling, and the number being spoofed, then place calls through the Internet or a toll-free number operated by the service. One web service boasts spoofing makes calling "truly private, fun, and inexpensive!" That sounds like just the thing for fraudsters, stalkers, or, ahem, tabloid journalists.