Have you ever noticed that whenever you setup your voicemail account after getting a new cell phone number, it asks you to create a security pin to access your voicemail from other phone lines?
When you call your home or cell number from another phone, after a few rings your voicemail will pick up. Before your voicemail message finishes, before the tone, you can press the (*) key and it will ask you to put in your security code. If you go to your voicemail settings and DO NOT setup an additional security code, which would be requested EVERY time you access your voicemail, than your phone is at risk of attack!
I first discovered the security flaw playing around with online spoof calling programs. A lot of them offer a free five-minute trial without a sign up, but some are free for life. They will ask for you to put in your phone number to verify and to connect your phone to their server to connect your call to the victim.
Have you ever called your cell phone number from your own cell phone? Calling yourself? Notice it takes you to your voicemail?
Now here is what I discovered, and I learned this by accident about 4 years ago. When you use some Spoof applications, you can put your caller ID number as the same number you are calling. Now here is the spoof!!! If that person has not setup a separate security pin, your call tricks that person's cell phone, making it think it is calling itself and BOOM, BABY!!!
BUT... the number you are calling will ring and if the call is answered it will not work; it has to be able to go to their voicemail! If they do not answer, then have complete access to that person's voice settings! You can change their voicemail message, create the ADDITIONAL pin they never set up so they cannot change it back without their providers assistance, you can turn notification off, you can forward their incoming calls to another phone, and you can even make international outgoing calls from their voice server to charge them $$$ that they probably cannot pay! You will have complete access.
This is the first time I have EVER posted this security flaw publicly. Although there are a few providers that have fixed their servers from that happening, there are still TOP LINE providers that have not. If you do this through a web-based provider, it will be harder to be traced because there is no phone number to trace; best to use a pay phone number as the contact number to connect the call; most free services require you to put your phone number in so that their server can call you and then automatically connect your call.
- This is for education purposes only!
- I am not responsible for any misuse of this information.
- It is not illegal to prowl around information, but as soon as you make ANY changes to ANYTHING in their service or information (e.g. listening to a new voicemail), then you are in violation of the LAW!
For this, you will need an application called SpoofApp.
- Go to your Android browser and type in m.spoofapp.com to download the app.
- Setup your account with correct information.
- Enter the number you want to call after opening the app on your phone.
- Enter that same number to the "Caller ID Number to Display".
- Use optional voice changer if need be.
- Record the call if you choose.
- Press "Place Call" button.
- SpoofApp is available for Android, iPhone, and BlackBerry devices, but have been banned by some of the app markets. You can still download it!
- If you can not download the SpoofApp from the Android Market, just click on this link to go directly to the download page on their website. You can also click here or just type in the URL (m.spoofapp.com) into your Android web browser.