About the Author

Chris Shiflett

Hi, I’m Chris, a web craftsman making things like Mapalong & Brooklyn Beta with my friends at Analog.

iPhone Security Concern

Nitesh Dhanjani just posted a reminder of an AT&T/Cingular vulnerability he first mentioned over a year ago. If you've recently purchased an iPhone, here's the scary part:

The AT&T/Cingular voicemail system is configured by default not to ask for a password when you check your voicemail from the handset. Unfortunately, the AT&T/Cingular voicemail system trusts Caller ID to determine if the handset is calling it.

I'm not going to claim that Caller ID spoofing is easy, but Paris Hilton can do it. I'm just saying.

Until this vulnerability is fixed, Nitesh recommends setting your voicemail password:

  1. Call your AT&T/Cingular voicemail (dial your own number from the iPhone).
  2. Press 4 to go to Personal Options.
  3. Press 2 to go to Administrative Options.
  4. Press 1 to go to Password.
  5. Press 2 to turn your password On.

Thanks for the reminder, Nitesh!

About this post

iPhone Security Concern was posted on Mon, 02 Jul 2007 at 03:11:06 GMT. Follow me on Twitter.

6 comments

1.Nitesh Dhanjani said:

So - did you get an iPhone?

Mon, 02 Jul 2007 at 04:26:09 GMT Link

2.Chris Shiflett said:

Nope.

It seems like a useful device, and I'm really happy to see Apple disrupting the mobile phone industry, but I can't justify the expense at this time.

Mon, 02 Jul 2007 at 04:31:25 GMT Link

3.Ben said:

Possibly much worse security flaw, check it out:

http://getitnext.typepad.com/weblog...e-attacks-.html

Mon, 23 Jul 2007 at 20:31:08 GMT Link

4.Mathew Keefe said:

This was one of the first things I noticed when I moved to ATT. Very useful information indeed.. funny Hilton article too!

Sat, 11 Aug 2007 at 05:55:47 GMT Link

5.Chris Shiflett said:

I have an iPhone now, and I was prompted to enter a voicemail password during the sign-up process.

Sat, 11 Aug 2007 at 14:16:21 GMT Link

6.Todd Eddy said:

during the signup process it asks you, at least I think it did when I got it (the monday after it being released). The password you enter on the iphone it saves to authenticate itself for the visual voicemail. but if you just called your number from your phone it would put you right into the voicemail system. that's what this fixes. I did it on mine early on so don't know if they fixed that later on.

Tue, 14 Aug 2007 at 03:22:21 GMT Link

Hello! What’s your name?

Want to comment? Please connect with Twitter to join the discussion.

Work and Books

Analog Essential PHP Security HTTP Developer's Handbook