Lack of PIN codes makes "hacking" phones easy-peasy
File this under the public continues to make considerable security trade-offs for convenience…
According to this USA Today story, Sprint, T-Mobile and AT&T allow their customers to access their voice mail messages with a personal identification number. As the story points out “this practice makes it trivial for an intruder to fully access the voice mailbox associated with any valid phone number, using a tried-and-true technique dubbed "caller ID spoofing. The hack involves using a caller ID spoofing service, such as spooftel.com, to place a call to the targeted phone number — from the same number. This technique, which has been known for years, can open full access to the associated voice mailbox for that number, says Anup Gosh, CEO of web browser security firm Invincea.”
As William Jackson of Government Computer News put it: “Industry and private sector companies have a vested interest in maintaining adequate security and that regulation should be kept at a minimum. But companies have always had that interest, and to date it has not translated into adequate security.”