AT&T is rolling out a new initiative to increase mobile security as of today as a step to protect customers from phone spoofing. The wireless service company is now requiring a password when accessing voicemail on all new accounts. Previously, the default setting allowed users to get to messages without the added time of typing in a password. While consumers can quickly opt-out of the new security measure after purchasing a phone, the default settings will require the user to setup a password and type it in each time to receive recent messages. Existing AT&T customers will see a similar change in the service until upgrading to a new model, but not until early 2012.
AT&T joins Sprint and T-Mobile in offering consumers the option of turning off the voicemail password requirement. Verizon Wireless remains the only major wireless carrier that requires a password every time voicemail is accessed by the customer. While carriers require an initial setup of a PIN number to setup voicemail, many U.S. carriers skip this process when the call is being placed from the correct number. This creates a problem for carriers when phone spoofing comes into play, just like the current News Corp. phone hacking scandal.
Phone spoofing can be accomplished with simple free and premium services on the Web. A user dials into the service first, then dials the phone number they want to hack in order to gain access to messages. The recipient of the attack over sees their own phone number in the Caller ID, not the number of the person hacking into the voicemail account. The hacker can cover their tracks by marking phone messages as being unheard and the victim of the attack isn’t alerted to the intrusion. However, using a password to protect the voicemail account quickly foils any attempt at phone spoofing.