Sprint has added to the home page of their web site a new security alert about voicemail. Sprint currently offers a “skip passcode” feature that allows you to not have to enter a passcode when you call voicemail from your Sprint phone.
However, Sprint now discourages the use of this service (despite being offered it during the setup process for voicemail). New (actually, not new, but recently promoted) exploits of the national Caller ID network allow another device to con Sprint Voicemail into thinking the device is anyone’s phone. Because the voicemail system relies on caller ID alone to authenticate Skip Passcode, it grants the hacker access to any customer’s voicemail using the option.
Sprint’s solution is to simply disable the feature, and to enter your passcode each time you call voicemail.
