voicemailautomator is a tool that serves as a Proof of Concept for the research I presented at DEF CON 26, “Compromising online accounts by cracking voicemail systems”.
For details and demos please check: https://www.martinvigo.com/voicemailcracker
vociemailcracker uses Twilio, a VOIP service that allows you to programmatically manage phone calls. voicemailcrackerlaunches hundreds of phone calls at the same time to interact with voicemail systems and bruteforce the PIN.
Bruteforcing the entire 4-digit keyspace costs less that $40. If you want to ensure a 50% chance of guessing the PIN correctly (according to Data Genetics research), it would cost you only $5. If we want to take a different approach, you can check a thousand different voicemails for the default PIN for only $13.
voicemailcracker comes with specific payloads for every major US carrier and automates everything. You only need to provide the victim’s phone number, the carrier, an the callerID provided by Twilio, that’s all.
vociemailcracker uses Data Genetics research to optimize bruteforcing. It will favor common PINs, default PINs and patterns. It also tries multiple PINs at the same time to reduce the number of calls needed.
Instead of call flooding, we can use OSINT techniques to find out when the victim has the phone disconnected. It is very common for people to share their plans on Twitter like when they are flying, in the movie theater or going to a remote trip. The phone may also be set to Do Not Disturb overnight.
DEF CON 26 talk
account_sid = "" # Obtain from Twilio auth_token = "" # Obtain from Twilio twimlPayloadChangeGreeting = "" # <?xml version="1.0" encoding="UTF-8"?><Response><Pause length="10"/><Hangup/></Response> twimlPayloadChangeGetNewestMessage = "" # <?xml version="1.0" encoding="UTF-8"?><Response><Pause length="10"/><Hangup/></Response> status_callback_url = "" # Obtain from localtunnel.me
python voicemailcracker.py message --victimnumber 5555555555 --carrier tmobile --callerid 4444444444 --backdoornumber 3333333333 --pin 0000
python voicemailcracker.py greeting --victimnumber 5555555555 --carrier tmobile --callerid 4444444444 --backdoornumber 3333333333 --pin 0000 --payload 1234
Martin Vigo - @martin_vigo - martinvigo.com