Phone hacking: the telco angle
lists at internetpolicyagency.com
Thu May 2 14:06:13 BST 2013
In article <E1UXs1U-0002Jn-PE at skipnote.org>, Chris Edwards
<chris-ukcrypto at lists.skipnote.org> writes
>> They told us we needed to set a PIN to make it secure. They, probably
>> correctly, calculated that more people would be annoyed by having to set
>There's a difference between retrieving voicemail on the handset itself,
>versus being able to dial in and access it from any phone (which I gather
>is what the newspapers were abusing).
>Back in the day, I recall Orange would only allow access from the handset,
>UNLESS a PIN was set, in which case access was allowed from anywhere.
>I imagine most of their customers never knew about the remote access
>option, never set a pin, yet weren't vulnerable.
Most people probably found out about "remote" access when they went
abroad - I don't think any of the networks trusted (and some probably
didn't get, at least in the early days) CLI delivered to them. The sort
of people whose PIN might be hacked are very likely to have gone abroad
at some stage.
More information about the ukcrypto