In light of the discovery that thousands of voice mail accounts were broken into in England, voice mail system security has been in the limelight. What is shocking is how mobile phone operators haven’t required passwords to access voice mail systems. Last week AT&T announced that passwords will be turned on by default for their voice mail service.
Telecommunication operators have long viewed that because their systems are closed, it is secure. The belief was that if they confirmed a call coming in to their voice mail system came from a phone number on their network, that was legitimate access, so they did not require a password. It is certainly much more convenient to tap the voice mail button on your phone and start hearing your messages rather than having to enter a passcode, particularly if one is on the go.
The problem is that caller id spoofing software is now readily accessible, which means that if someone knows your phone number, your carrier, and the phone number of the carrier’s voice mail system, they can dial-in to the voice mail system with any phone and make it appear as if the call is coming from your phone.
The moral of the story is that if you have not already done so, enable the password feature for your voice mail. Entering a password is bit of an inconvenience, but worth the extra protection. For the most security, you should frequently change your password, particularly if you suspect someone has seen you enter it on your phone.