Monday, July 11, 2011

AUSTRALIA_ Australian phone telcos not secure

Australian phone telcos not secure


•Major phone telcos not secure
Private messages of millions of Aussies could be stolen due to shoddy security on voicemal services by major providers.

LOUISE BURKE, SOCIAL MEDIA EDITOR,
The West Australian
July 9, 2011, 8:33 am




The private messages of millions of Australians could be stolen in the same way as the News of the World phone-hacking scandal because of the lax security of major phone companies.

With little more than your mobile number, a landline phone and some basic identification details, it is possible to "hack" into voicemail systems and listen to personal messages, change settings or divert voicemail to another phone without your knowledge.

An investigation by The Weekend West, using the volunteered mobile numbers of colleagues, found personal messages left on voicemail services with Virgin Mobile and Optus were easily accessible via default PIN security code.

All major service providers in Australia allow remote access to voicemail from other phones, usually by dialling a specified number and providing the mobile phone number of the account and a four or six number PIN.

Many accounts are believed to be accessible using the default PIN set by service providers.

The newspaper convinced one customer service operator to disclose a six-digit PIN which granted access to personal billing and address details with just a full name, phone number and date of birth. It could also be used to change a user's voicemail PIN.

A security expert said people should stop using voicemail if they were concerned because most services were not secure.

Peter Hannay, lecturer at Edith Cowan University's security research centre, said the News of the World attacks used a "low-tech" combination of exploiting poor PINs and conning phone companies into disclosing PINs.

"With Australian service providers it's much like everywhere," Mr Hannay said. "There is an inherent weakness to social attack but also generally poor security when it comes to the initial PIN set on accounts."

Mr Hannay said most companies required basic identification information, usually a name, address and date of birth, before disclosing a "forgotten" PIN or changing it to default.

Because of the limited combinations for the four-digit PINs used by phone companies, it was also possible for hackers to use "brute force" by using a computer to try every possible combination.

Optus said customers were required to create a new PIN when they set up voicemail, but were issued with a four-digit default PIN if they forgot their original PIN. Customers were told to change their PIN immediately.

Virgin Mobile could not be reached for comment.

Protect your Privacy

1. Cancel voicemail if you don't need it.
2. Test the security of your account.
3. If your PIN is easy to guess, change it.
4. Cancel remote voicemail access or use a third-party provider.
5. Be cautious posting personal information online.


Follow thewest.com.au on Twitter

__________

Các anh chị có ý kiến gì qua bản tin "Australian phone telcos not secure" ?

Hằng ngày vẫn có nhiều chuyện "kỳ cục" xảy ra chúng ta đọc được, biết được qua Internet, cũng khó tránh những điều ngoài ý muốn . Theo suy nghĩ thô thiển của conbenho, cách đề phòng tốt nhất là mọi việc cẩn thận .


Chân thành cám ơn Quý Anh Chị ghé thăm "conbenho Nguyễn Hoài Trang Blog"
Xin được lắng nghe ý kiến chia sẻ của Quý Anh Chị trực tiếp tại Diễn Đàn Paltalk:
1Latdo Tapdoan Vietgian CSVN Phanquoc Bannuoc .

Kính chúc Sức Khỏe Quý Anh Chị .



conbenho
Tiểu Muội quantu
Nguyễn Hoài Trang
11072011

___________
CSVN là TỘI ÁC
Bao che, dung dưỡng TỘI ÁC là đồng lõa với TỘI ÁC

No comments: