Hacker hits Telecom NZ's voice mail system

Computerworld New Zealand - AUCKLAND, New Zealand -- Telecom New Zealand Ltd.'s 027 voice mail system is vulnerable to the same hack that led to the theft of Paris Hilton's mobile phone book -- and it has been actively exploited in New Zealand.
Users of Telecom's mobile phone network can protect themselves by disabling Optional PIN entry. Optional PIN entry is a feature that allows immediate access to voice mail when calling from the owner's phone, but leaves voice mail vulnerable to callers who can forge their caller ID.
An Auckland teenager showed Computerworld New Zealand how easy it is to access 027 voice mailboxes. A test with an 027 phone and a newly changed PIN confirmed that the service is vulnerable to spoofing. With Optional PIN enabled, the teenager, who cannot be named for legal reasons, was able to reveal the PIN for the mailbox as well as play back and record messages in it. With Optional PIN turned off, the mailbox could not be accessed.
The teenager claimed he had listened to messages in the mailboxes of Telecom spokesman John Goulter and Auckland Mayor Dick Hubbard. He also hinted that he had been listening in on messages in the voice mailboxes of senior police officers and had been able to glean details such as the names of officers involved in a local police pornography scandal.
The teenager said he had also targeted Labor MP John Tamihere, but had not been able to find his phone number.
Telecom was unaware of the vulnerability when contacted by Computerworld this week. An Internet search reveals the vulnerability is known about in some quarters and has also been exploited overseas, however.
The teenager told Computerworld the contents of a message left on the phone of Telecom's public affairs and industry relations manager, John Goulter. A surprised Goulter confirmed the content of the message to Computerworld yesterday.
Goulter said Telecom regards accessing its customers' voice mail as a serious breach of security and will alert the police over the matter.
The convoluted method the teenager used involves forging the caller ID and routing the call through an overseas VoIP provider. Computerworld will not reveal further details at this time.
Telephone networks depend on physical security with access to equipment being strictly controlled, as neither calls nor the controlling signals are encrypted. There is no authentication built into the telephony protocols either -- telcos operate a "web of trust" and apply policy filters to sanitize the information received, for example, by not accepting caller IDs originating from outside

Reprinted with permission from

For more news from Computerworld New Zealand, visit its Web site.Story copyright 2006 Computerworld New Zealand. All rights reserved.