Hijacking Online Accounts Via Hacked Voicemail Systems

Proof-of-concept hack of a voicemail systems shows how it can lead to account takeovers multiple online services.

Voicemail systems are vulnerable to compromise via brute-force attacks against the four-digit personal identification numbers (PINs) that protect them. Researchers say a malicious user can thus access the voicemail system to then take over online accounts for services like WhatsApp, PayPal, LinkedIn and Netflix.

Martin Vigo, a mobile security expert who presented his research here on Thursday at 35C3, warns that PINs that protect voicemail systems are far easier to crack than traditional passwords are a weak link that can lead to hacked-account results.

Read more…
Source: ThreatPost