Caller ID Spoofing on the Android
It’s easy to access someone else’s voicemail by spoofing the caller ID. This isn’t new; what is new is that many people now have easy access to caller ID spoofing.
The spoofing only works for voicemail accounts that don’t have a password set up, but AT&T has no password as the default.
BF Skinner • July 14, 2010 7:18 AM
Open by default for “fast access”. There’s an AT&T page too http://www.wireless.att.com/learn/popups/voicemail-security.jsp, that explicitly tells how to set the password (it’s not bad). But where does the consumer get briefed on this vulnerability? Is it buried in a FAQ, a link off terms and conditions, passed by voice by a busy counter clerk in a AT&T storefront or mall kiosk?
Did they make a business decision “Most people won’t a) care or b) be at risk most of the time.” Or did they design the system and then find out ‘hey people can spoof callerID.’
The former is lame but at least there is some form of reasoning there while the latter would be some engineering incompetence–a SA-8 fail.
Is there a 3rd alternative?