Voicemail systems are vulnerable to compromise via brute-force attacks against the four-digit personal identification numbers (PINs) that protect them. Researchers say a malicious user can thus access the voicemail system to then take over online accounts for services like WhatsApp, PayPal, LinkedIn and Netflix.
Martin Vigo, a mobile security expert who presented his research at 35C3, warns that PINs that protect voicemail systems are far easier to crack than traditional passwords. “Automated phone calls are a common solution for password resets, account verification and other services,” Vigo said. “These can be compromised by leveraging old weaknesses and current technology to exploit this weakest link – voicemail systems.”
Read more about the vulnerabilities of voicemail systems on Threatpost.