About the Author

Chris Shiflett

Hi, I'm Chris, a web developer and a founding member of Analog. I live and work in Brooklyn, NY.

iPhone Security Concern

Nitesh Dhanjani just posted a reminder of an AT&T/Cingular vulnerability he first mentioned over a year ago. If you've recently purchased an iPhone, here's the scary part:

The AT&T/Cingular voicemail system is configured by default not to ask for a password when you check your voicemail from the handset. Unfortunately, the AT&T/Cingular voicemail system trusts Caller ID to determine if the handset is calling it.

I'm not going to claim that Caller ID spoofing is easy, but Paris Hilton can do it. I'm just saying.

Until this vulnerability is fixed, Nitesh recommends setting your voicemail password:

  1. Call your AT&T/Cingular voicemail (dial your own number from the iPhone).
  2. Press 4 to go to Personal Options.
  3. Press 2 to go to Administrative Options.
  4. Press 1 to go to Password.
  5. Press 2 to turn your password On.

Thanks for the reminder, Nitesh!

About This Post

iPhone Security Concern was posted on Mon, 02 Jul 2007 at 03:11:06 GMT.

6 Comments

1. Nitesh Dhanjani's GravatarNitesh Dhanjani said:

So - did you get an iPhone?

Mon, 02 Jul 2007 at 04:26:09 GMT Link

2. Chris Shiflett's GravatarChris Shiflett said:

Nope.

It seems like a useful device, and I'm really happy to see Apple disrupting the mobile phone industry, but I can't justify the expense at this time.

Mon, 02 Jul 2007 at 04:31:25 GMT Link

3. Ben's GravatarBen said:

Possibly much worse security flaw, check it out:

http://getitnext.typepad.com/weblog...e-attacks-.html

Mon, 23 Jul 2007 at 20:31:08 GMT Link

4. Mathew Keefe's GravatarMathew Keefe said:

This was one of the first things I noticed when I moved to ATT. Very useful information indeed.. funny Hilton article too!

Sat, 11 Aug 2007 at 05:55:47 GMT Link

5. Chris Shiflett's GravatarChris Shiflett said:

I have an iPhone now, and I was prompted to enter a voicemail password during the sign-up process.

Sat, 11 Aug 2007 at 14:16:21 GMT Link

6. Todd Eddy's GravatarTodd Eddy said:

during the signup process it asks you, at least I think it did when I got it (the monday after it being released). The password you enter on the iphone it saves to authenticate itself for the visual voicemail. but if you just called your number from your phone it would put you right into the voicemail system. that's what this fixes. I did it on mine early on so don't know if they fixed that later on.

Tue, 14 Aug 2007 at 03:22:21 GMT Link

Post A Comment

Personal Details and Comment

Style Guide

Line breaks are converted to paragraphs. Also use:

  • <a href="" title="">text</a>1
  • <em>text</em>
  • <blockquote><p>text</p></blockquote>
  • <code>2  <?php  if ($foo) {      $foo = TRUE;  }  ?></code>
  1. Note: <code> can be used inline (e.g. in paragraphs) or in a block as shown. Include whitespace and newlines in blocks.

Please enter Chris (my first name) below. This is a primitive spam prevention technique, and I apologize for the inconvenience.

Preview and Submit

Upcoming Events

Brooklyn Beta

21 - 22 Oct 2010

At The Invisible Dog, Brooklyn, New York.

New Comments

Chris Shiflett wrote:

Hi John, How do you avoid race conditions with this? The findandmodify() command is atomic,...

Posted in Auto Increment with MongoDB
John Judy wrote:

How do you avoid race conditions with this? Once you get to a certain traffic volume two or more ...

Posted in Auto Increment with MongoDB
Chris Shiflett wrote:

Hey Ivo, Andrei is best suited to give a full response, since he's the one who researched this...

Posted in Auto Increment with MongoDB
Ivo wrote:

Although you did mention that you werent going to discuss the why, I can't think of a single vali...

Posted in Auto Increment with MongoDB
Stikkyfinger wrote:

Jon Gibbins plays a mean guitar? I'd be interested to know what he plays and what type of guitar ...

Posted in Hello, Analog

Browse Comments

Work and Books

Analog Essential PHP Security HTTP Developer's Handbook