
Compromising online accounts by cracking voicemail systems - archimag0
https://www.martinvigo.com/voicemailcracker/
======
Bucephalus355
Maximum amount of digits I’ve ever seen for a cellular VM system is 11 (among
the big public companies). I believe Sprint can handle up to 7, and Verizon
allows up to 10. Of course these are digits with no more than 10 combinations
for each slot instead of the 70+ alphanumeric offers.

~~~
LinuxBender
I'm logged into Verizon Wireless and it won't let me go beyond 4 digits.

------
alasdair_
I saw this live at defcon and it was honestly my favorite talk of the whole
con. VMB hacking was somewhat oldschool even in the nineties yet it’s even
more powerful today.

If you get a chance, grab his talk from the defcon media server - well worth
it.

------
55555
What is this for? I feel like my voicemail box has nothing of value in it.

For things that require 2FA they will call or SMS but do they really leave a
message if they call and you don't pick up?

~~~
tyingq
He demos it working on several popular sites.

------
londons_explore
The number of people who need to access voicemail from any device except the
phone itself is tiny.

Just disallow it by default.

Problem solved.

------
londons_explore
The phone network is not designed to be secure.

Stop papering over gaps and trying to use it as if it were.

------
gdcohen
I wonder how many people use the same PIN for their voicemail as for their
bank accounts?

