Phone hacking: the telco angle

Roger Hayter roger at
Thu May 2 15:46:58 BST 2013

On 2 May 2013, at 12:50, Chris Edwards <chris-ukcrypto at> wrote:

> On Wed, 1 May 2013, Roger Hayter wrote:
>> They told us we needed to set a PIN to make it secure.  They, probably 
>> correctly, calculated that more people would be annoyed by having to set
> There's a difference between retrieving voicemail on the handset itself, 
> versus being able to dial in and access it from any phone (which I gather 
> is what the newspapers were abusing).
> Back in the day, I recall Orange would only allow access from the handset, 
> UNLESS a PIN was set, in which case access was allowed from anywhere. 
> I imagine most of their customers never knew about the remote access 
> option, never set a pin, yet weren't vulnerable.  

Well, on O2 I was given remote access enabled by default 10+ years ago, with a default PIN of 0000. And I got the email saying they were going to disable remote access unless I set a new PIN a couple of years back when the scandal became more intense.


Roger Hayter

More information about the ukcrypto mailing list