Comments on: Pinger.com instant voice messaging for your mobile http://www.mobileindustryreview.com/2006/08/pingercom_insta.html Daily news and opinion for 250,000 industry executives and mobile fanatics Tue, 14 Feb 2012 22:09:00 +0100 hourly 1 http://wordpress.org/?v=3.3.1 By: CallerID Spoofy http://www.mobileindustryreview.com/2006/08/pingercom_insta.html/comment-page-1#comment-15060 CallerID Spoofy Thu, 21 Dec 2006 18:27:42 +0000 http://www.smstextnews.co.uk/2006/08/pingercom_instant_voice_messaging_for_your_mobile.html#comment-15060 Do you know the companies PINGER and SNAPVINE? Pinger and Snapvine are highly INSECURE!!!! What this means: I can break into your Pinger and Snapvine phone accounts. I can listen to your messages. I can send out messages as you. How do I do this? Easy. I mask / spoof CALLER ID / ANI. Anyone can do this, amateur hacks, etc. Well, there are others, but suffice to say that these companies are doing new things with social networking sites and phones that help to connect people. The problem is that these companies have a scalability problem based on inbound calling. You see, if you have hundreds of thousands or millions of users, you can’t give everyone a unique dial in phone number. SECURITY PROBLEM What these companies have done is based user identification on Caller ID / ANI – meaning that you call their service, and their systems recognize your phone via Caller ID. The problem is that Caller ID is highly insecure and can be faked. The problem that these “dial in” companies are trying to solve is one of scalability. They simply cannot have enough dial in numbers for each user. Therefore, they have architected a way to recognize each caller by Caller ID and to base the entire user authentication system on this insecure method. This can easily be hacked. SOLUTION The solution is funny – both Pinger and SnapVine make you enter in a PIN CODE when you dial in without validating your phone. After you validate your phone, you no longer need to enter the PIN CODE. So in effect, when you validate your phone, you make your account INSECURE. What Pinger and SnapVine need to do is always require the PIN CODE. Do you know the companies PINGER and SNAPVINE?

Pinger and Snapvine are highly INSECURE!!!!

What this means: I can break into your Pinger and Snapvine phone accounts. I can listen to your messages. I can send out messages as you.

How do I do this? Easy. I mask / spoof CALLER ID / ANI. Anyone can do this, amateur hacks, etc.

Well, there are others, but suffice to say that these companies are doing new things with social networking sites and phones that help to connect people.

The problem is that these companies have a scalability problem based on inbound calling.

You see, if you have hundreds of thousands or millions of users, you can’t give everyone a unique dial in phone number.

SECURITY PROBLEM

What these companies have done is based user identification on Caller ID / ANI – meaning that you call their service, and their systems recognize your phone via Caller ID.

The problem is that Caller ID is highly insecure and can be faked.

The problem that these “dial in” companies are trying to solve is one of scalability. They simply cannot have enough dial in numbers for each user.

Therefore, they have architected a way to recognize each caller by Caller ID and to base the entire user authentication system on this insecure method.

This can easily be hacked.

SOLUTION

The solution is funny – both Pinger and SnapVine make you enter in a PIN CODE when you dial in without validating your phone.

After you validate your phone, you no longer need to enter the PIN CODE.

So in effect, when you validate your phone, you make your account INSECURE.

What Pinger and SnapVine need to do is always require the PIN CODE.

]]> By: peter http://www.mobileindustryreview.com/2006/08/pingercom_insta.html/comment-page-1#comment-7455 peter Mon, 13 Nov 2006 02:56:22 +0000 http://www.smstextnews.co.uk/2006/08/pingercom_instant_voice_messaging_for_your_mobile.html#comment-7455 does gotvoice.com offer the same service? I know it will retrieve voicemail's and send them to my e-mail which is way cool, but will it do the reverse like pinger will? does gotvoice.com offer the same service? I know it will retrieve voicemail’s and send them to my e-mail which is way cool, but will it do the reverse like pinger will?

]]> By: jonb http://www.mobileindustryreview.com/2006/08/pingercom_insta.html/comment-page-1#comment-1439 jonb Tue, 17 Oct 2006 13:41:28 +0000 http://www.smstextnews.co.uk/2006/08/pingercom_instant_voice_messaging_for_your_mobile.html#comment-1439 Good point Rich. Only time I can see that it has more than MMS is if youre abroad and dont want to pay roaming charges, or flat battery I guess. Good point Rich. Only time I can see that it has more than MMS is if youre abroad and dont want to pay roaming charges, or flat battery I guess.

]]> By: rich http://www.mobileindustryreview.com/2006/08/pingercom_insta.html/comment-page-1#comment-465 rich Wed, 30 Aug 2006 13:40:51 +0000 http://www.smstextnews.co.uk/2006/08/pingercom_instant_voice_messaging_for_your_mobile.html#comment-465 Doesnt voice mms work the same way? I can record a voice message and mms it to a friend now. Yes theres no web interface but is there something else Im missing. Doesnt voice mms work the same way? I can record a voice message and mms it to a friend now. Yes theres no web interface but is there something else Im missing.

]]>