Voicemails on two U.K. mobile providers are wide open to being hacked

With the phone-hacking scandal still playing out in the courts, it should be safe to assume that UK mobile operators have put measures in place protect customers’ own voicemail inboxes. Unfortunately, that’s only half true. An investigation by The Register showed that two of the big four carriers had neglected to close a loophole that allows nefarious third-parties to spoof a customer’s phone number and immediately gain access to their voicemails. Those two companies? EE and Three.

Voicemail inboxes on two UK mobile networks are wide open to being hacked. An investigation by The Register has found that even after Lord Leveson’s press ethics inquiry, which delved into the practice of phone hacking, some telcos are not implementing even the most basic level of security. Your humble correspondent has just listened to the private voicemail of a fellow Regjournalist’s phone, accessed the voicemail inbox of a new SIM bought for testing purposes, and the inbox of someone with a SIM issued to police doing anti-terrorist work. I didn’t need to use nor guess the login PIN for any of them; I faced no challenge to authenticate myself. There was a lot of brouhaha over some newspapers accessing people’s voicemail without permission, but one of the strange things about it all is that at no stage have any fingers been pointed at the mobile phone networks for letting snoops in. And some doors are still open.