I saw this live at defcon and it was honestly my favorite talk of the whole con. VMB hacking was somewhat oldschool even in the nineties yet it’s even more powerful today.
If you get a chance, grab his talk from the defcon media server - well worth it.
What is this for? I feel like my voicemail box has nothing of value in it.
For things that require 2FA they will call or SMS but do they really leave a message if they call and you don't pick up?
The number of people who need to access voicemail from any device except the phone itself is tiny.
Just disallow it by default.
Problem solved.
The phone network is not designed to be secure.
Stop papering over gaps and trying to use it as if it were.
I wonder how many people use the same PIN for their voicemail as for their bank accounts?
Maximum amount of digits I’ve ever seen for a cellular VM system is 11 (among the big public companies). I believe Sprint can handle up to 7, and Verizon allows up to 10. Of course these are digits with no more than 10 combinations for each slot instead of the 70+ alphanumeric offers.