UK Mobile Phones (uk.telecom.mobile) Mobile telephone equipment and networks.

Reply
 
LinkBack Thread Tools Display Modes
  #11   Report Post  
Old March 6th 11, 04:59 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Nov 2010
Posts: 292
Default How did NOTW hack celebrities' and politicians' phones?

On 03/06/2011 10:48 PM, River Tarnell wrote:

It is the responsibility of the provider to give accurate information to
users on the security features available, so that user can make an
informed decision.


Anyone ever mentioned this to Microsoft?

Security is ALWAYS the users problem.

--
William Black

"Any number under six"

The answer given by Englishman Richard Peeke when asked by the Duke of
Medina Sidonia how many Spanish sword and buckler men he could beat
single handed with a quarterstaff.

  #12   Report Post  
Old March 6th 11, 05:55 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Apr 2005
Posts: 251
Default How did NOTW hack celebrities' and politicians' phones?

Graham. wrote:

If the VM access is 121 and the PIN is 1234 you could program a one touch
memory key with 121pp1234, but when have you seen the networks giving out
advice like that?


Unless you could programme in a 10-15 second pause between 121 and *1234 that
wouldn't work.

Anyway, I tried to hack into my phone, by phoning my own number from the
mobile itself, and then hitting * to interrupt the VM greeting, I'm asked for
my PIN.

If I ring from the phone using 121, then of course I go directly to my VM
messages.

In any case, to retrieve my messages when roaming, I have to ring my own
number, hit * when VM answers, and then enter my PIN. That's how it's always
(10 years) been. All I've ever done, which was on day 1 of owning the phone,
was to change the access PIN away from the default.

(Vodafone network)


--
Mark
Please replace invalid and invalid with gmx and net to reply.

www.paras.org.uk
  #13   Report Post  
Old March 6th 11, 06:08 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Jan 2009
Posts: 68
Default How did NOTW hack celebrities' and politicians' phones?


"R. Mark Clayton" wrote in message ...

"Graham." wrote in message ...


This article is from SIX YEARS ago and the phone networks have done
nothing in that time to stop the inevitable from happening.

Correct - it is for the customers to change their PIN's

And how would that help since the attack detailed in the article doesn't
even require a PIN to be entered?


There is a presumption that when the PIN is not active, remote admin
of voicemail from another line is not possible. This is true in most circumstances, but not when the caller spoofs the CLI of the
handset
as I demonstrated to myself this morning.

I have to say I was very surprised it was possible, and I am becoming convinced that this was the hack the journalists were
employing.


Except you can spot that as you will have a missed call from yourself. Whereas if you ring back a missed call from a NOTW hack you
would not be alerted to your mail box being compromised.

You could minimise the risk of the spoofed CLI being recorded on the target's call log by making a call from a plausible number, or
even a withheld number and while that call
was in progress you call with the spoofed CLI and go straight to the mailbox because the handset is busy.

Prior to doing that, two plausible calls could be placed to check that call waiting isn't active
as a subsequent call will get logged if it is.

--
Graham.

%Profound_observation%


  #14   Report Post  
Old March 6th 11, 06:40 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Jan 2009
Posts: 68
Default How did NOTW hack celebrities' and politicians' phones?


If I ring from the phone using 121, then of course I go directly to my VM
messages.


But Mark, the point being made is the only difference between
a) Your handset calling 121 and going to VM admin "You have x new messages"
and
b) Another phone dialling your mobile number and hearing "This is Mark Carver, please leave a message"
is the CLI presented.

If someone calls you presenting *your* CLI they get a)

When I tried it with my t-mobile/Orange ohone I was not prompted for a PIN not did I need to press "*"
The network was clearly fooled into thinking the call came from the handset.

To have any security from this exploit you need to configure your VM so the PIN
is *always* required.
--
Graham.

%Profound_observation%


  #15   Report Post  
Old March 6th 11, 07:35 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: May 2008
Posts: 303
Default How did NOTW hack celebrities' and politicians' phones?

[snip]
3's help pages, for example, say "You won't be able to access
your
voicemail remotely until you've set up your PIN". More
accurate might
be "Anyone can access your voicemail remotely until you've set
up your
PIN".

[snip]

I think 3 have made (possibly incorrectly) an assupmtion that
anyone collecting their voicemail 'remotely' will be doing it
from a landline - and that certainly does not work without a PIN.

Unless that is 3 operate their system differntly to everyone
else.



--
Woody

harrogate three at ntlworld dot com




  #16   Report Post  
Old March 6th 11, 08:38 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Jan 2011
Posts: 8
Default How did NOTW hack celebrities' and politicians' phones?

In article ,
Woody wrote:
3's help pages, for example, say "You won't be able to access your
voicemail remotely until you've set up your PIN". More accurate
might be "Anyone can access your voicemail remotely until you've set
up your PIN".


I think 3 have made (possibly incorrectly) an assupmtion that
anyone collecting their voicemail 'remotely' will be doing it
from a landline - and that certainly does not work without a PIN.


Well, the problem here isn't legitimate users, but a malicious user who
spoofs their CLID. So it's true that a typical landline user would have
to enter a PIN, but that doesn't stop an attacker who can supply their
own CLID from accessing it without one.

More pedantically, perhaps *you* will need to provide a PIN, but an
attacker who is not you will not. ;-)

- river.
  #17   Report Post  
Old March 7th 11, 05:41 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Apr 2005
Posts: 251
Default How did NOTW hack celebrities' and politicians' phones?

Graham. wrote:
If I ring from the phone using 121, then of course I go directly to my VM
messages.


But Mark, the point being made is the only difference between
a) Your handset calling 121 and going to VM admin "You have x new messages"
and
b) Another phone dialling your mobile number and hearing "This is Mark Carver, please leave a message"
is the CLI presented.

If someone calls you presenting *your* CLI they get a)

When I tried it with my t-mobile/Orange ohone I was not prompted for a PIN not did I need to press "*"
The network was clearly fooled into thinking the call came from the handset.

To have any security from this exploit you need to configure your VM so the PIN
is *always* required.


Ah, I see. I have no means to spoof my mobile number from another phone. All I
can do is ring from the mobile itself, which does present my own CLI of
course, and asks for my PIN, but this only small loop within Vodafone's
network, so, it's not conclusive in my case.

--
Mark
Please replace invalid and invalid with gmx and net to reply.

www.paras.org.uk
  #18   Report Post  
Old March 7th 11, 07:11 PM posted to uk.telecom.mobile
external usenet poster
 
First recorded activity by MobileBanter: Mar 2011
Posts: 24
Default How did NOTW hack celebrities' and politicians' phones?

On Mon, 07 Mar 2011 18:41:01 +0000, Mark Carver wrote:
Ah, I see. I have no means to spoof my mobile number from another phone.
All I can do is ring from the mobile itself, which does present my own
CLI of course, and asks for my PIN, but this only small loop within
Vodafone's network, so, it's not conclusive in my case.


It sounds to me like Vodafone isn't vunerable but T-Mobile is.



Reply
Thread Tools
Display Modes

Posting Rules

Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Cell Phone Hack(receive police transmissions) kaash UK Mobile Phones 2 July 26th 07 11:49 PM
Cell Phone Hack(receive police transmissions) kaash UK Mobile Phones 2 July 26th 07 03:37 PM
How to HACK your cell phone and Get free internet kaash UK Mobile Phones 0 July 23rd 07 12:42 PM
Bluetooth hack Drew Peacock UK Mobile Phones 0 February 22nd 05 06:32 PM
wow, free sky, uk cable hack, free cable, modified cards, how? FREESKY Marketplace 0 December 14th 03 11:16 PM


All times are GMT. The time now is 03:45 AM.

Powered by vBulletin® Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright 2004-2020 Mobile Banter.
The comments are property of their posters.
 

About Us

"It's about UK mobile phones"

 

Copyright © 2017