Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Twilio gateway might be vulnerable to voicemail hack #54

Closed
Bouke opened this issue May 19, 2014 · 0 comments
Closed

Twilio gateway might be vulnerable to voicemail hack #54

Bouke opened this issue May 19, 2014 · 0 comments
Labels
enhancement
Milestone
1.0.0

Comments

@Bouke
Copy link
Collaborator

Bouke commented May 19, 2014

See also this blogpost which uses the victim's voicemail service to access OTP tokens. When the call goes to voicemail, the tokens can be access through a vulnerable voicemail service (e.g. requiring no PIN). Then the attacker will have access to the tokens and is able to login. When requiring interaction (e.g. pressing a button), this type of attack can be disarmed. Major services like Google and Yahoo are still vulnerable to this type of attack.
@Bouke Bouke added this to the 1.0.0 milestone May 19, 2014
@Bouke Bouke closed this as completed in c93a312 May 20, 2014
@Bouke Bouke modified the milestone: 1.0.0 May 22, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
1.0.0
Development

No branches or pull requests
1 participant
@Bouke