Brute forcing VM pin codes


er, [-] sent in this little project. War-dialing is classic. The Scanit is designed for VM wardialing from a cell phone. The interface is a simple sound card to cell phone device made from a cheap car kit.. A laptop does the rest of the work. Apparently the nokia they used responds to sound based send/end commands. (DTMF is easy) I’d like to see a schematic and some source code, but nothing in the project is too terribly difficult.

9 thoughts on “Brute forcing VM pin codes

  1. Yea, one problem though. 3,334 phone calls over 8 hours is gonna cost a huge amount of money…

    Nobody think of that?

    _C

  2. If you’re on the same carrier as the voicemail system, the calls to the VM are free.

    Or, wait until the evening. Most plans have “free nights and weekends”.

  3. The major US carriers do some data mining to look for fraud, but none of them do it very well or in real time. The switches that might notice this kind of attack as it is occuring are generally not configured or able (depending on how old the switch is, model, etc) to see that kind of activity, so it is done after the fact from the billing database.
    If it were me, I’d assume that eventually the activity will be spotted and the PIN changed (even eve/weekend minutes are detailed in the bill, just not charged). But if you just want existing VMs or want access for a few days and don’t mind leaving a footprint, there you go!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s