back

Compromising online accounts by cracking voicemail systems

If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!

Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.

Video duration
00:42:01
Language
English
Abstract
Voicemail systems can be compromised by leveraging old weaknesses and top of current technology. The impact goes way beyond having your messages exposed.

Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in some of the attack vectors. Can we leverage the last 30 years innovations to compromise voicemail systems? And what is the real impact today of pwning these?

In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the impact of gaining unauthorized access to voicemail systems and introduce a new tool that automates the process.

Correction: There is no default PIN on O2 anymore. Initial PINs are generated randomly as it is the case for Vodafone and Telekom.

Talk ID
9383
Event:
35c3
Day
1
Room
Dijkstra
Start
6:10 p.m.
Duration
00:40:00
Track
Security
Type of
lecture
Speaker
Martin Vigo
Talk Slug & media link
35c3-9383-compromising_online_accounts_by_cracking_voicemail_systems

Talk & Speaker speed statistics

Very rough underestimation:
177.1 wpm
945.8 spm
186.4 wpm
999.7 spm
100.0% Checking done100.0%
0.0% Syncing done0.0%
0.0% Transcribing done0.0%
0.0% Nothing done yet0.0%
  
100.0% Checking done100.0%
0.0% Nothing done yet0.0%
  

Work on this video on Amara!

Talk & Speaker speed statistics with word clouds

Whole talk:
177.1 wpm
945.8 spm
phonecallvoicemailpinsnumberpincodecallsmessagem.vtimebasicallybrutecarrierssystemservicesgreetingforcequestionentercasedefaultpasswordpressvoiceresetguesspeoplethingtoolkeydirectlyallowscallersystemssecurityaccessoptionguysvictimapplausenumbersattacksmsgermancommonwhatsappfindthreestart
Martin Vigo:
186.4 wpm
999.7 spm
voicemailpinsphonecallnumberpinbasicallycodebrutemessagecallssystementertimecarriersforceservicescasedefaultgreetingresetpasswordpressthingkeytoolm.vvoiceguyssystemspeoplethreeallowsdirectlyoptionwhatsappnumberssecretcommondigitsvictiminteractprovideaccountbackdooraccessprocessservicecallersound