Author Topic: Interesting voice mail flaw  (Read 3964 times)

Offline evilgold

  • Junior Phone Loser
  • **
  • Posts: 38
  • 1337 13V3L: +4/-1
Interesting voice mail flaw
« on: October 18, 2008, 11:40:23 PM »
I discovered somewhat by accident today, that if a voicemail isnt setup right away (after getting a new number/phone) on a certain cellular provider, anyone can call that number get the "sorry this person hasnt set up voicemail yet" message and then hit star to have complete control over the voicemail.

I discovered this calling a friend who, despite having a new number for almost a month now, hasnt activated her voicemail (she also rarely has her phone on at all). I wanted to leave her a message with MY new phone number, but since her voice mail wasnt activated i was forced to hax0r it into letting me .... and i left her a message saying pretty much that.

I doubt this matters much since people rarely wait more then a few minutes to setup voicemail, but it was interesting to learn non the less...

Oh and i believe this is on tmobile, but im not 100% sure.

Offline ApprenticePhreak

  • PLA Junkie
  • *****
  • Posts: 825
  • 1337 13V3L: +48/-12
Re: Interesting voice mail flaw
« Reply #1 on: October 19, 2008, 03:46:52 PM »
My girlfriend has her phone the same way. She never bothered to set up a voice mail account; kind of bugs me. She too has a t-mobile phone. I'll screw around with it and see if it works across the board. Not to mention if this is true then I've got a bunch of numbers to call this evening.

Offline Jo Nathen

  • [Almost a 100 count poster]
  • PLA Underling
  • *
  • Posts: 106
  • 1337 13V3L: +5/-45
  • Messing around with skype and my job has a pbx.
Re: Interesting voice mail flaw
« Reply #2 on: October 19, 2008, 08:30:43 PM »
I discovered somewhat by accident today, that if a voicemail isnt setup right away (after getting a new number/phone) on a certain cellular provider, anyone can call that number get the "sorry this person hasnt set up voicemail yet" message and then hit star to have complete control over the voicemail.

I discovered this calling a friend who, despite having a new number for almost a month now, hasnt activated her voicemail (she also rarely has her phone on at all). I wanted to leave her a message with MY new phone number, but since her voice mail wasnt activated i was forced to hax0r it into letting me .... and i left her a message saying pretty much that.

I doubt this matters much since people rarely wait more then a few minutes to setup voicemail, but it was interesting to learn non the less...

Oh and i believe this is on tmobile, but im not 100% sure.

Well good find. Pressing * sometimes kicks me off calls.
__________
I will keep watch on this board. (TOTSE is gone too)

Offline sigflup

  • Junior Phone Loser
  • **
  • Posts: 44
  • 1337 13V3L: +8/-7
    • pants
Re: Interesting voice mail flaw
« Reply #3 on: March 22, 2009, 04:47:20 PM »
Huh, that's interesting. I wonder if you can catch recycling numbers that way. Find numbers that are not being used by that provider and give them a call every night until they are used. You could automate the process.  ::)

Offline phantom757

  • VeriZon's wayward son
  • Junior Phone Loser
  • **
  • Posts: 43
  • 1337 13V3L: +2/-17
  • CACTUS
Re: Interesting voice mail flaw
« Reply #4 on: March 24, 2009, 08:32:33 AM »
VeriZon Home Voicemail has a similar vulnerability. If the mailbox isn't set up yet, the passcode is the same as the last 4 digits of the phone number. Its easy to "scan" for unused mailboxes by exploiting yet another glitch is VeriZon's voice messaging system too. Once you have control of a mailbox, try sending a message out to random numbers in that same area. When you come across a USED mailbox you will hear a short "name announcement" recording. If there is NO mailbox for that number the system repeats the number back to you and says its not in service. However, if the mailbox is UNUSED ;D, the system starts by saying the area code THEN the number and says they will receive the message. HUNDREDS of voice mail boxes can be pirated this way and used to wreak havoc on mild mannered society types.  :D

Anyone want to know more?
This statement is a LIE ---->   <---- This statement is TRUE ... Im SO confused.

Offline sigflup

  • Junior Phone Loser
  • **
  • Posts: 44
  • 1337 13V3L: +8/-7
    • pants
Re: Interesting voice mail flaw
« Reply #5 on: March 24, 2009, 09:53:01 AM »
Quote
Anyone want to know more?

umm. yeah sure.

Offline phantom757

  • VeriZon's wayward son
  • Junior Phone Loser
  • **
  • Posts: 43
  • 1337 13V3L: +2/-17
  • CACTUS
Re: Interesting voice mail flaw
« Reply #6 on: March 24, 2009, 10:34:06 AM »
Well, there are several "tools" out there that you can use to hack into VeriZon Voicemail. The 1st is fonefinder.net

1. Enter an area code and it give you a listing by prefix of ALL the telco companies in that area code. Note VeriZon serves many east coast states. CT DE MD NY PA VA WVA etc.

2. Next, go to http://www6.verizon.com/vmlookup/vmlookup.asp or you can navigate their web site to find their "voicemail number lookup tool" This will let you enter in one of those prefixes you got from fonefinder (a verizon one) followed by some random 4 digits, and give you the voicemail access # for that area.

3. Now try to find a working mailbox. Churches often have this service so get a listing of them in your target area dial your access # and start pushing buttons. You will get 3 tries to dial a working box # before you get kicked off. Once you find a working #, you can look for MORE without getting kicked off simply by dialing it on your last try. this will recycle your # of tries. If you're lucky, you might just find one of these mailboxes unused. If this happens you now have a whole new level of access.

4. when you have control of your own mailbox, you can scan for more, send messages, make other phones ring when your box gets new messages etc.

In many areas as many as 1 to 2% of the numbers in any given prefix have voicemail that has not been set up yet.

Way too much to describe here but these are the basics. HAVE FUN  ;D
« Last Edit: March 24, 2009, 10:43:58 AM by phantom757 »
This statement is a LIE ---->   <---- This statement is TRUE ... Im SO confused.

Offline jx

  • PLA Army
  • *****
  • Posts: 559
  • 1337 13V3L: +62/-22
  • When the fone green I pink up the fone&say yellow
Re: Interesting voice mail flaw
« Reply #7 on: March 24, 2009, 03:43:27 PM »
Ameritech Voice Mail default password was...

1234

Really.

I don't know if the default is still 1234, though.

Offline Jo Nathen

  • [Almost a 100 count poster]
  • PLA Underling
  • *
  • Posts: 106
  • 1337 13V3L: +5/-45
  • Messing around with skype and my job has a pbx.
Re: Interesting voice mail flaw
« Reply #8 on: March 24, 2009, 03:50:35 PM »
Well, there are several "tools" out there that you can use to hack into VeriZon Voicemail. The 1st is fonefinder.net

1. Enter an area code and it give you a listing by prefix of ALL the telco companies in that area code. Note VeriZon serves many east coast states. CT DE MD NY PA VA WVA etc.

2. Next, go to http://www6.verizon.com/vmlookup/vmlookup.asp or you can navigate their web site to find their "voicemail number lookup tool" This will let you enter in one of those prefixes you got from fonefinder (a verizon one) followed by some random 4 digits, and give you the voicemail access # for that area.

3. Now try to find a working mailbox. Churches often have this service so get a listing of them in your target area dial your access # and start pushing buttons. You will get 3 tries to dial a working box # before you get kicked off. Once you find a working #, you can look for MORE without getting kicked off simply by dialing it on your last try. this will recycle your # of tries. If you're lucky, you might just find one of these mailboxes unused. If this happens you now have a whole new level of access.

4. when you have control of your own mailbox, you can scan for more, send messages, make other phones ring when your box gets new messages etc.

In many areas as many as 1 to 2% of the numbers in any given prefix have voicemail that has not been set up yet.

Way too much to describe here but these are the basics. HAVE FUN  ;D

Thank you for sharing! ....0000 I bet is the winner for some boxes...haha. Sometimes it (on other providers like NEXTEL) will switch and ask you what number you would to "page". One provider one time (can't remember who) started transferring me to a rep....I hung up however. Should have social eng'd more.
__________
I will keep watch on this board. (TOTSE is gone too)

Offline phantom757

  • VeriZon's wayward son
  • Junior Phone Loser
  • **
  • Posts: 43
  • 1337 13V3L: +2/-17
  • CACTUS
Re: Interesting voice mail flaw
« Reply #9 on: March 25, 2009, 01:11:18 PM »
As I stated this is for VeriZon HOME voicemail. In FoneFinder.net you will see VeriZon listed as a RBOC as well as a wireless provider. Also, in some areas, VeriZon South(Contel) or (GTE) uses the same system so it works for them too. Let me know how you do. If you need any further assistance, I'm sure there are people here willing to help (hint hint). This is just the tip of the iceberg so to speak... There is SO much more to be covered on this subject. :D
This statement is a LIE ---->   <---- This statement is TRUE ... Im SO confused.