Slashdot Mirror

← Back to Stories (view on slashdot.org)

Phreaking Not Dead Yet

Posted by CowboyNeal on from the red-box-blue-box-beige-box-new-box dept.

santos_douglas writes "From Wired comes this article about an exploit involving weak voicemail passwords and automated voice recognition systems for accepting collect calls. The providers involved, SBC and AT&T, don't seem too concerned about their customers receiving tens of thousands in fraudulant charges from places like Saudi Arabia and the Phillipines."

19 of 193 comments (clear)

  1. Old Voice mail exploit by Lowen+Na · · Score: 5, Interesting

    We used to hit 9 three times in a row on the Nike 1-800 number to get a dail tone and make long distance phone calls on Nikes tab. Not really phreaking but it was a phone system exploit

    1. Re:Old Voice mail exploit by British · · Score: 5, Interesting

      Here's what I did once.

      1. Hack a direct dial voice mail #(after hours business)
      2. Record the message "hello??.........Yes I'll accept"
      3. Call Long distance operator to do a 3rd party billing for a call, give voice mail # to bill to

      The call went through, regardless of the fact that the person calling her, and the person she called both had the same voice.

  2. What's the purpose of this? by PD · · Score: 0, Interesting

    I don't really understand why someone would do this, other than to harass the target. Sure, they get a free phone call, but it's not a phone call to talk to somebody. They are calling and just leaving the line open. Why would anyone bother?

    --
    If tits were wings it'd be flying around.
  3. Before everyone starts talking.. by bazmonkey · · Score: 5, Interesting

    ...about how much they love to "phreak", keep in mind that a good deal of us thought girls had "koodies" when the real phreaking was going on.

    This ties in with our general hacker degredation. Phreaking is nearly gone, everything today is a DOS attack, a script kiddie, or a win32 virus, etc. Hell, I mutter "All your base..." in my compSci class and I am hard-pressed to find someone that can complete the phrase!

    Sad, sad world...

    1. Re:Before everyone starts talking.. by Elwood+P+Dowd · · Score: 2, Interesting

      I'm sorry, when was "All your base are belong to us" a phrase only known by an elite few hackers?

      --

      There are no trails. There are no trees out here.
  4. Passwords by rf0 · · Score: 4, Interesting

    Going from what I'm reading here it looks like they are using the default password that are shipped with systems. A quick search of google will chuck up the default for loads of systems. So bascically the adminstrators of the system aren't doing the job correctly or am I just misreading this?

    Rus

    --
    Cheap UK and US VPS
  5. Re:Automated System Culpable by British · · Score: 3, Interesting

    Then ATT needs to decide if it costs less to issue a random factory-made default password or to handle the fraud costs.

  6. Don't pay that bill! by fname · · Score: 5, Interesting

    My advice to the consumers: don't pay the bill. Write a letter and have your lawyer, stating why you will not pay the bill. There is no legal reason why the victim should be obliged to pay. The biggest joke is AT&T offering a 30% "discount," when there gross margins are probably in excess of 90% for these collect calls.

    Don't pay the bill. Call a lawyer, write your congressman, and tell AT&T you WILL NOT pay, and ignore the collection agency. They have no right to engage in a shakedown like this; AT&T is reaping huge profits from the scam victims. This scam costs AT&T almost no money, yet they are reaping giant rewards. Seems like AT&T is the one running the scam.

    1. Re:Don't pay that bill! by HaeMaker · · Score: 2, Interesting

      I agree, especially since AT&T had admitted she didn't accept the call. She can not be held responsible for a collect call she didn't accept. AT&T has to prove she accepted it.

  7. Turing test for phones.. by pres · · Score: 4, Interesting

    I would think that something simple, like yahoo uses for account creation. Instead of "please say yes", it should be "please say XXXXX" where XXXX is randomly selected.

  8. Re:Automated System Culpable by stretch0611 · · Score: 4, Interesting
    It seems like AT&T is directly at fault here...
    ...Not only that, but AT&T is the one that chooses the default password

    Actually, SBC is at fault here. SBC is selling the voicemail system. SBC is setting the same default password for everyone.

    AT&T is at fault for allowing someone's voicemail to accept collect calls and also by billing people that never made the calls.

    Last, but not least, are the people that leave the default password on something.

    --
    Looking for a job?
    Want your resume written professionally?
    DON'T USE TUNAREZ!!!
  9. Re:Quick summary of the exploit by T-Kir · · Score: 3, Interesting

    Well I suppose it's not really restricted to phone systems (me stating the obvious here).... all I have to say is:

    login: cisco
    password: cisco

    And then you can add 'stupid admins/BOFHs' to the list.

    --
    Are you local? There's nothing for you here!
  10. Of course it easy money for AT&T by SmoothTom · · Score: 3, Interesting

    Hmmmmm ... Who's to say AT&T really WANTS to fix this problem.

    Every time someone pulls this scam (not Phreak) AT&T makes money. In the two cases cited each one is worth about $8000 to AT&T.

    Yes, some will fight the bill, and even win out against AT&T and SBC, but for every one who fights the charge hard enough to win, I'll bet that ten more just swallow and pay.

    Uh, who knows, maybe SBS and AT&T are even making the calls, eh? ;o)

  11. Not just user neglagence by Anonymous Coward · · Score: 3, Interesting

    The thing is, even if you do change your password this kind of exploit is still wide open. A dedicated phreak can set up a wardialer (a program that will call repeatedly if necessary and perform simply touch tone codes to a number) to try all possible combinations. Just have it play something like 00010020030040050060070080090110120130140150160170 18019021022023024025025026028....etc and all possible three or four digit numbers will be hit, thereby cracking the code. A lot of VMBs have it so you can only try one set then call back for another, but this is no problem. Just set the wardialer to try four, then call back and try the next four. Many VMBs have been seized through this method.

  12. Re:Even worse by Zirnike · · Score: 5, Interesting
    Even just a minor change would be good.

    Example: "YOu are about to accept a collect call. DO you accept?" (wait for 'yes', 'yep', 'uh-huh', whatever, interpret it, continue) 'To verify, please say the following word: (random word from set A)' (verify)

    It wouldn't even take much effort. Suppose A includes 'toast', 'ummagumma', 'vaccum', 'moose', 'arbitrary', and of course, 'Forty-two'. They're all VERY distinctive, more so than 'nope' and 'yep', which they have to contend with anyway. Have, oh, 20 different lists, rotate them week to week (they're all on some server, not a problem there). Instant secure. Well, not absolute, but by an order of magnitude or 12.

    --
    I'm not shy, I'm stalking my prey
  13. Re:Old Sk00l Phreaking by Rinikusu · · Score: 2, Interesting

    One of the more amusing things I've come across lately is that there's usually a telephone "access" box attached to the exterior of houses these days so the lineman and do some cursory checks without needed access to the interior. Standard jack on the "access" box, with no lock. Just walk up, plug in, dial away...

    --
    If you were me, you'd be good lookin'. - six string samurai
  14. Re:Thats not 'Real Phreaking'! by unicron · · Score: 4, Interesting

    Back in my day we stole our lineman's headsets from the MaBell truck. None of this pussy catalog order shit you little whipersnapers got these days. And they were even touch-tone! They were rotary! I still have a rotary lineman's headset lying around here somewhere. The rotary wheel is made of cast-iron, I shit you not. Thing weighs like 25lbs and looks like the meanest bludgening weapon ever made.

    --
    Finally, math books without any of that base 6 crap in them.
  15. AT&T's fault! by rMortyH · · Score: 3, Interesting

    You can use a radioshack scanner and plug it into a computer running pd with a DTMF decoder patch and get anyone's voicemail password who has a cordless phone. For some cordless phones, you can even use an old TV set that goes up to channel 83!

    You can also get long distance calling cards this way too, I'm paranoid and I now dial these on the cord phone, then pick up the cordless. Are user's responsible for using encrypted phones?

    AT&T is clearly at fault for accepting the charges. That is the part of the system that is the weak link, not the voicemail passwords. Someone could have hung an answering machine on their phone line. It's a ridiculous hole.

    As for SBC, Their system asks you for your password BEFORE your mailbox number, and if it's right for the phone you're using, it doesn't ask for the mailbox. So, if you have the same password as the person whose phone you're using, you hear THEIR messages, and there is no way to listen to your own! It's rare, but it happens. Telcos are lame.

    =Rich

    BTW, pd is the greatest, coolest, amazingest piece of linux software there is and hardly anyone seems to use it. You can make a DTMF decoder in no time, or generate any tones you need, and so much more! See the examples.....

  16. where is the contract? by g4dget · · Score: 3, Interesting
    Presumably, accepting third party charges involves some kind of contractual agreement. Normally, that happens when you say "yes" to another person. Can my answering machine, on its own, make legally binding decisions for me now? I don't think so.

    AT&T screwed up with deploying voice recognition for this purpose (and presumably continuing to charge operator assist rates); that's their problem. I hope the lawyers are going to have a field day with them.