AT&T, T-Mobile USA settle dust-up over voicemail hacking: ‘Cellphones purchased by undercover investigators were easily hacked into’

Law enforcement is getting tough about cellphone hacking in Tinseltown.
The Los Angeles county district attorney said AT&T Mobility and T-Mobile USA Inc. agreed to permanent injunctions banning misrepresentations about the security of mobile phones on their networks. The carriers also will pay fines of $59,300 and $25,000, respectively. Teltech, a New Jersey firm that distributes a SpoofCard program that can be misused to gain unauthorized cellphone voicemail access, consented to a restriction that halts misrepresentations about the legality of the “spoofing” system. It will pay $33,000.
None of the firms admitted any wrongdoing.
“These cases illustrate how deeply new technology and misuse of it can affect the lives of consumers,” said District Attorney Steve Cooley in a written statement. “The software program that was advertised as ‘legal in 50 states’ was not legal in California and some other states.”
The lawsuits, filed with the accompanying settlements, culminated a probe by the L.A. district attorney’s bureau of investigation that was launched last year after a citizen complained of unauthorized cellphone voicemail access.
The problem gained nationwide attention a couple years back after allegations surfaced about security violations involving cellphones of celebrities.
“Our investigators found that cellular providers who claimed their systems were safe from such sabotage were wrong,” Cooley stated. “Cellphones purchased by undercover investigators were easily hacked into, enabling the voicemail to be changed at will by use of the spoofing system. Hacking into voicemail allowed messages to be changed or erased. Important information could be removed from the voicemail and phony information could be inserted. Imagine the havoc that could result.”
Unauthorized access to cellphone voicemails appears to be enabled by a combination of readily available spoofing technology and the lack of passwords on users’ accounts.
“AT&T takes the security of our customers and their devices seriously. While reports of spoofing technology being used to access a customer’s voicemail are extremely rare, we will be encouraging all customers to set up a password for voicemail access for added security,” said Marty Richter, a spokesman for the company. “We also took steps before we were contacted by the district attorney’s office to help our sales and customer service personnel educate customers on spoofing risks and how to set up a password. And we continue to explore technological solutions to combat spoofing.”
T-Mobile USA said it cooperated with the L.A. county district attorney and is glad to have the matter resolved.
“On the topic of voicemail, T-Mobile works to provide security throughout our network, and offers our customers the option to employ passwords for further security,” T-Mobile USA stated. “Customers who wish to take advantage of password security can follow steps on their handset, or can receive assistance online or by speaking with a T-Mobile representative.”
An attorney for Teltech said both wireless providers were previously made aware of the potential for problems.
“We first brought this to the attention of the district attorney’s office and mobile-phone carriers two years ago,” said Mark Del Bianco, who represents TelTech. “We cooperated, changed language on our Web site, and we continue to do business.”