the Intruder has been able to listen to your voice mail from Telia’s customers in Scandinavia.
It writes it media Version2, which in cooperation with an expert in it security have uncovered the problem.
the Reason is a wrong setup of the answering machine function.
specifically allows Telia’s technical setup of your voice mailbox, to all who are calling from the victim’s phone number directly through to the interception of telefonsvarerbeskeder.
It also applies to people who just pretend they are calling from the victim’s phone number. The trick is called spoofing.
There are several services on the web, you can make it through. It has been a well-known phenomenon in the security industry for years.
– It is absurd that a vulnerability that was published 13 years ago, can still be exploited in 2019. It has to be closed, and it must be closed now, says it sikkerhedseksperten Per Thorsheim to Version2.
Telia will provide to Version2, that the company changed its voicemail-service provider in march, and that the error may lie there.
the Vulnerability of the system has been fixed. Telia can not guarantee whether the error goes farther back. Telia has 1,43 million mobile customers in Denmark.
– Our technicians will analyze the matter closely in cooperation with, among others, our voicemail provider to find out if specific customers have been hacked, writes Telia in an email to Version2.
At the Centre for Cyber security, under the jurisdiction of the Defence Intelligence service, will you now look at the case and examine whether the authority can do something.
– This shows immediately that there can be breach of confidentiality, writes Thomas Lund Sørensen, head of Centre for Cyber security, in an email to Version2.
Version2 has also tested the other major telecommunications operators in Denmark – including Telenor, TDC (including YouSee and 3.
Here succeed it by using the trick of spoofing to get through to the answering machine at all except TDC Erhverv. However, it was not possible to intercept the messages because it required a four-digit pin.
