*important* how to protect your t-mobile voicemail

Posted by ryan at 11:54 PM in technology . | 2 Comments

No, this isn't another Paris Hilton post.

Turns out there is a major flaw in t-mobile's voicemail security. By default t-mobile accounts are set up to allow you to check your voicemail from your cell phone without entering your voicemail password. How does t-mobile determine if you are calling from your cell phone? They use the caller-id number! Unfortunately, caller-id is easily spoofed leaving this authentication process extremely vulnerable.

By spoofing my cell phone number, I was able to gain access to my t-mobile voicemail from my home telephone without entering my password.

Fortunately there is something you can do about it:

Dial your T-Mobile voicemail from your mobile phone. If you don’t know your PIN number, you can set a new one by doing the following: Access your ‘personal options’ by pressing 4. ‘Modify your personal preferences’ by pressing 4, again. Then ‘modify your password’ by pressing 1. Set a new PIN and write it down somewhere secure, if necessary.

After you reset your pin, press the * key to go back to the ‘personal options’ menu (or press 4 from the main menu if you already knew your PIN). Once you have accessed the ‘personal options’ menu you will then press 8 which will enable password authentication when calling from your own mobile phone. Although entering your password every single time you call your voicemail can be a bit of a nuisance, a few seconds of your time is a small price to pay for the security of your voicemail system.

[thanks to gizmodo for the advice]