Visual Voice Mail on Android may be vulnerable to eavesdropping

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/visual-voice-mail-on-android-may-be-vulnerable-to-eavesdropping/

A security analyst has devised a way to capture Visual Voice Mail (VVM) credentials on Android devices and then remotely listen to voicemail messages without the victim's knowledge.

The security researcher, Chris Talbot, discovered the flaw on June 21, 2021, and filed the vulnerability under CVE-2022-23835.

The bug is not a flaw in the Android operating system but rather how the service is implemented by mobile carriers.

However, the flaw has a "disputed" status because AT&T and T-Mobile dismissed the report for describing a non-exploitable risk, while Sprint and Verizon have not responded.

Visual Voice Mail on Android may be vulnerable to eavesdropping

A security analyst has devised a way to capture Visual Voice Mail (VVM) credentials on Android devices and then remotely listen to voicemail messages without the victim's knowledge.

www.bleepingcomputer.com