This topic contains 1 reply, has 2 voices, and was last updated by techietraveller84 1 month, 2 weeks ago.
- August 14, 2020 at 9:15 am #294794
So, i’m using an Honor and I got a notification that someone left a voice mail. Now, I never get voicemails so I was surprised and I looked on google how I could access them to listen, and found out I had to press “1” on the dialler for about 2 seconds. I called them but immediately hung up cause I got a little bit creeped out. Could I be hacked by this? I’m scared and don’t know what to do…
- August 14, 2020 at 9:15 am #294795
I think you are fine. There are so many spam calls these days that it was likely just an auto-dial that left a brief silent message before disconnecting.
As for your comment about calling them… who did you call? The voice mail or the caller who left the voice mail?
- August 14, 2020 at 9:15 am #294796
You should be fine. Imo if you are worried about stuff like this then why use an Honor?
- August 14, 2020 at 9:15 am #294797
So I have some experience with this. Short answer is it depends on if your voicemail can be accessed from an outside line. If it only works from a star code from your phone? Should be fine. Disable voicemail to be sure.
But most (at least in the US) providers have a number you can call and enter the number of the phone you want to check the voicemail on. Some let you just call someone and press star before it beeps for you to leave a message. Then it asks for a pin. If the pin is correct you can listen to the voicemails.
A lot of people don’t setup voicemail so the pin is default. Even if the pin is not default… its very easy to bruteforce and you can’t do anything about it. Only costs a few dollars.
What this means is, any site/app that will give you a 2FA phonecall can be compromised. Whatsapp and paypal for example (examples the below link uses) both offer phone call verification. Do this at night when the victim is sleeping? Goes to voicemail. Get access to the voicemail and play the message to get the code. Or just call flood them and do it any time of day. They won’t see paypal caller ID show up because the line is overloaded and it will go straight to voicemail.
Best solution? Disable voicemail or make sure the provider doesn’t allow outside access. There are things called text’s these days. If you need voicemail, use a different number for important things. Worth noting that SMS 2FA is also insecure. But intercepting these codes requires being near the target or access to the SS7 network (either by paying or hacking in from a vulnerable endpoint in a poor country). Fortunately hackers with this access generally focus on profitable targets.
With SS7 access you can literally intercept most SMS messages even if you are in another country. You can even reroute calls. Call them and pretend to be their bank? They are smart and hang up and call the number on the back of their card. That is what they were told to do. They trust whoever answers. Well the hacker just has to route any call from victim number to bank number, to his phone. Its impossible to detect or prevent because providers don’t give a shit.
It requires real skill to even effectively use the SS7 network, much less hack into it. But anyone can follow the below guide if they are dedicated. As for providers who don’t allow outside access… I am currently trying to learn if you can spoof call a star number. So if voicemail is *86… can you make the system think your target’s number dialed it. I think its possible on a 3g network but not sure. Best to just disable voicemail.
Sorry for the essay.
Good read: [https://www.martinvigo.com/voicemailcracker/](https://www.martinvigo.com/voicemailcracker/)
You must be logged in to reply to this topic.