Compromising online accounts by cracking voicemail systems

The presentation discusses the vulnerabilities of automated phone calls and voicemail systems in online services and provides recommendations for improving security.

• Automated phone calls and voicemail systems in online services are vulnerable to attacks that can compromise user accounts.
• Recommendations for improving security include eliminating default pins, disabling voicemail if not in use, and not providing phone numbers to online services unless required.
• An anecdote is provided to illustrate how an attacker can use automated phone calls to hijack a victim's WhatsApp account.
• Tags: cybersecurity, online services, automated phone calls, voicemail systems, recommendations

The presenter demonstrates how an attacker can use automated phone calls to hijack a victim's WhatsApp account by simulating the victim's phone being in airplane mode and using voicemail cracker to retrieve the temporary code provided by WhatsApp. The attacker can then use the code to hijack the victim's WhatsApp account.

Voicemail systems have been with us since the 80s. They played a big role in the earlier hacking scene and re-reading those e-zines, articles and tutorials paints an interesting picture. Not much has changed. Not in the technology nor in the attack vectors. Can we leverage the last 30 years innovations to further compromise voicemail systems? And what is the real impact today of pwning these? In this talk I will cover voicemail systems, it's security and how we can use oldskool techniques and new ones on top of current technology to compromise them. I will discuss the broader impact of gaining unauthorized access to voicemail systems today and introduce a new tool that automates the process.