Amid the scandal about the alleged hacking of thousands of British citizens’ phones by the News of the World, there has been much discussion about the privacy and security of telephone voicemail systems. A few weeks ago, USA Today reported on the ease with which a voicemail system can be hacked — especially if the hacker uses applications that can “spoof” Caller ID numbers. With spoofing, the number that shows up on a call recipient’s Caller ID display is different from the actual phone number the dialer is using. (Read a previous post about the good and the bad of spoofing.)
Last month, Federal Trade Commission Chairman Jon Leibowitz said that “wireless operators should require their customers to use a password to access the voicemail on their mobile phones. The problem for Leibowitz, as he was quick to note, is that his agency has no jurisdiction over wireless carriers,” reported Tech Daily Dose.
Now, AT&T has announced a change in voicemail security for its mobile phones. This will immediately affect all new subscribers and customers adding new telephone lines. Current customers who change or upgrade their phones will not be affected until early next year.
[G]iven the advent and, unfortunately, the wide availability of sophisticated telephone number spoofing technology that allows people to “fake” the telephone number they are calling from, we are moving in a new direction. We have long encouraged our subscribers who might have concerns about voicemail privacy to establish passwords and to set their voicemail preferences to require the use of a password whenever voicemail is accessed.
Beginning today, however, we will automatically set the default voicemail setting to Password Protect on any new subscriber or new line added to an existing account. In addition, beginning in early 2012, we will set the default voicemail setting to Password Protect anytime you upgrade or change your handset. That means whenever you get a new device, you will be required to set a password and use it unless you affirmatively turn the feature off.
In the meantime, until our systems are capable of effecting that change to your default setting, whenever you come into one of our stores to change or upgrade your handset, our representatives will instruct you on how easy it is to change your voicemail setting to Password Protect on your new handset. Over a transition period, all of our customers will ultimately have the default setting on their voicemail turned to Password Protect. But they will still have the option of disabling that feature on their voicemail account if they prefer the convenience of not having to use a password when they call voicemail from their own handset. […]
Some privacy advocates have called on companies like AT&T to go further and actually prohibit our customers from accessing voicemail unless they use a password. We are not going to go that far. We prefer to allow our subscribers to make the choice of whether or not they want to use a password themselves. But we are going to recommend to everyone that they choose the password option. Ultimately, whenever you get a new device, you will have to affirmatively choose to deactivate the Password Protect option.
You can learn more about how to use Password Protect to secure your voicemail here.
According to the Boston Globe, “Sprint Nextel Corp. uses a password by default but lets customers switch it off. Verizon Wireless requires the use of a password at all times. Only T-Mobile USA still leaves password protection switched off by default.”