Optus Left Customers' Mobile Voicemail Vulnerable to Hackers

May 24, 2014 — Allan Pulga

The Age reported last week (May 17) that an 18-year-old university student discovered a security flaw that left hundreds of thousands of Optus customers' voicemail accounts vulnerable to hacking.

Spoofing: When a hacker changes his/her phone's caller ID to a victim's number.

Shubham Shah"The discovery of the flaw by 18-year-old UNSW student and IT security researcher Shubham Shah on April 28 resulted in Optus acknowledging the issue and patching against it," wrote The Age's Ben Grubb.

"The flaw was only resolved earlier this month after Fairfax Media raised a series of questions about the vulnerability, which also exposed Optus customers to identity theft through unauthorised access to social media services Google, Facebook and LinkedIN.

Optus "found no evidence" that customers were affected.

"The flaw allowed anyone to 'spoof' a victim's number using easily available technology and retrieve the phone number's voicemail. The practice of spoofing involves a hacker changing their phone's caller ID to a victim's mobile number."

Grubb reports that Optus said it had resolved the vulnerability "after restoring additional security measures." Optus also said it "found no evidence" that customers were affected.

Topics: Privacy, Fraud, Mobile Industry

Recent Posts