As we update and grow our GDPR compliance, we also look to reduce risk. Both sit neatly together, and undertaking your GDPR ‘risk assessment’, will expose potential vulnerabilities to your end users.
On this post, we wish to discuss Voicemail, and how you set up default passwords pins for voicemails. Voicemail is still relied upon for everyday use by many organisations, and sensitive information is commonly left in voicemail messages.
How is Voicemail Vulnerable?
A motivated attacker targeting a company is highly likely to be able to gain valuable information by listening to the voicemail of system administrators or executives over a period of time.
There are many ways to automate phone attacks, and it is easy for an attacker to write a script or use existing software to automate a range of attacks.
Why would they want to hack voicemail?
There are many reasons attackers may be interested in a company’s phone system, including:
- Using it to make fraudulent calls;
- Aiding in social engineering attacks;
- Eavesdropping on sensitive calls;
- Harvesting sensitive information from voicemails;
- Compiling internal directories of company staff; and attempting to obtain call detail records for market intelligence and industrial espionage.
How you can act today
Removing the vulnerability will remove the position you will find yourself in, if their system is hacked you incur charges due to fraudulent attacks. At point of provisioning of the tenants extensions, the system generates a random sequence pin. We recommend if the end-user wishes to change it to something memorable, to remember to avoid using the last 3 or 4 digits of the extension DDi. Encourage users never to change the pin to a sequence of common patterns and repeating numbers – an attacker is likely to work out the PIN using a PIN list instead of having to manually enter in every possible combination of digits.
As with any password, the less obvious the sequence, the less vulnerable to hackers the end user and you as the reseller becoming liable for the costs, are.
Know more about our system’ security
If you wish to speak to any of our team regarding voicemail or any system security, get in touch today at firstname.lastname@example.org.