Disclaimer: I do not under any circumstance condone hacking/phreaking or any other illegal activities. This is an extremely simple proof of concept attack that should raise your awareness about the lack of security in voicemail networks and why you should never leave confidential information on any voicemail system.
Stealing voicemail is much easier simpler than most people believe. Many voicemail systems use the caller ID number as the username for authentication for voicemail. When no PIN number is set, simply spoofing caller ID allows an attacker to access to listen and delete voicemail, listen to deleted voicemail messages, modify call forwarding, and other account options. I discovered this accidentally during testing while working on setting up my own phone server’s outbound caller ID.
How hard is it to spoof caller ID? It’s extremely easy, a simple Asterisk phone server setup and a SIP PSTN service provider is all you need (to be anonymous, simply sign up for a SIP account using an email address only ever accessed through a VPN tunnel/Tor). Just set the outbound caller ID to the number to be attacked and then dial the number to be attacked. If there is a PIN number set, a simple script to try the last 4 digits of the number being attacked and the most common sequences (1234, 1111, etc) is easy enough to write. Ensure the phone server is connecting to the SIP provider through anonymizing services such as VPN/Tor when making calls.
I have tested this on numbers that I own or manage voicemail on across several major US service providers. I have been able to successfully attack all of them. Some providers will pass the call through to the attacked phone (leaving a missed call) but will eventually go to voicemail if unanswered.
So why am I giving instructions? Really, it’s more of a warning. If you don’t have a PIN set, get it set. If you see missed calls from your own number, then there is a good chance that someone is trying to hack your voicemail. Don’t ever leave confidential or sensitive information in a voicemail.