We've all heard about the voicemail hacking that allegedly took place in Britain's News International hacking scandal. Before the scandal, you rarely heard the terms voicemail and hacking in the same sentence. One thing that resulted from this scandal was that it got a lot of people thinking about how insecure their voicemail accounts might be.
Most voicemail accounts are secured with a simple 4-digit passcode. Voicemail is typically accessed from a telephone so the passcode can only be made up of numeric digits. A numeric passcode coupled with a 4-digit PIN length reduces the total number of possible combinations to just 10,000. This may seem like it would take awhile for someone to attempt, but in reality it can be done in less than a day or two, or even faster if using a computer with a modem and a scripted autodialer program.
Some people don't even bother to change their PIN / passcode from its default. In many cases the default is either the last four digits of the phone number or something as simple as "0000", "1234", or "1111".
So the harsh reality is that until voicemail password complexity catches up with the authentication methods used by other types of networks, voicemail will remain vulnerable to hacking and can be easily compromised.
What can you do to protect your own voicemail account from voicemail hackers?
1. If your voicemail system allows it, set a PIN passcode longer than 4 digits
It's nearly impossible to create a strong password on your voicemail box given the 4-digit limitation most systems impose. If your system allows for a PIN longer than 4 digits you should definitely take advantage of this feature. Simply adding two more digits increases the total number of possible combinations from 10,000 to 1,000,000 which requires significantly more time and resources to hack. An eight-digit password would yield 100,000,000 possible combos. Unless the hacker is very determined they might move on.
2. Change your PIN code at least once every couple of months
You should always change your PIN code every few months. If someone has already hacked into your voicemail this will cut their access off for at least as long as it takes for them to hack back in again. Couple this with a longer PIN, and by the time the hacker runs through the 100 million possible permutations of your 8-digit PIN, you've already changed it, and they have to start all over again.
3. Get a Google Voice account and use its voicemail features
If you haven't already gotten a Google Voice account you really should consider it.
Google Voice gives you a phone number that you can use as a permanent number for life. It never changes. You can route your Google number to whatever cellphone or land line you want and change how phone calls are handled based on different conditions. For example, say you want to have all calls coming in on your Google number go to your home phone in the evening, have them go to voicemail at night, and then have them sent to your cellphone during the day. Google voice will let you do this time-based call routing. Everything is easily setup via a secure website that you log into.
Google voice also has fairly robust voicemail security compared to what you might get with your cellphone provider. Google voice will let you use both PIN and caller-ID based login restriction, where it will only let you access your voicemail when it sees that your calling from one of the numbers that you told it to permit. This adds an additional layer of security and prevents random people from attempting to have a go at your voicemail password. (unless they have stolen your phone).