Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Simson Garfinkel

A View from Simson Garfinkel

Sprint PCS Uses Caller-ID as it’s Authenticator for Voice Mail Access!

MSNBC has a disturbing article describing how easy it is to hack into Sprint PCS voice mail systems.Here’s the problem. I am a Sprint PCS subscriber. When you set up your voice mail, you are invited to “activate a special…

  • March 2, 2005

MSNBC has a disturbing article describing how easy it is to hack into Sprint PCS voice mail systems.

Here’s the problem. I am a Sprint PCS subscriber. When you set up your voice mail, you are invited to “activate a special feature” that allows you to retrieve your Sprint PCS voice mail without having to type your account password. However, this feature is supposed to only work when you are calling your voice mail from your Sprint PCS phone!.

It turns out, according to this MSNBC article, that Sprint PCS uses Caller ID as the authenticator. Now anybody who has their own telephone switch with a digital interface to the phone company can spoof Caller ID. This is an old trick that ex-hacker Kevin Mitnick has discussed for years.

So what could be done?

Well, Caller-ID could be made more secure: There is no reason that my phone company should accept any Caller-ID string.

Second, Sprint PCS is a cell phone company! They should know the difference between a landline calling their voice mail system and one of their own cell phones.

Third, there should be some kind of liability on companies that knowingly market systems that are not secure. Don’t you think?

Uh oh–you've read all of your free articles for this month.

Insider Premium
$179.95/yr US PRICE

Want more award-winning journalism? Subscribe to Insider Online Only.
  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/
You've read all of your free articles this month. This is your last free article this month. You've read of free articles this month. or  for unlimited online access.