Tele2 has more than a quarter of the Swedish market for mobile subscriptions, with 3.8 million mobile customers.
to Tele2’s voice mail system has very serious security flaws which makes it possible for anyone to listen to other tablet mobilsvarsmeddelanden. DN has been tested on a dozen different phones, with the proprietor’s consent. In all cases we have been able to listen to messages and even change the hälsningsmeddelanden. Completely without even having to enter any code.
the Method is so simple that the only thing that is needed is phone number, and a common used network service that simulates the phone number you want to call from. Tele2’s systems assume then that it is the right phone that is ringing and to provide full access without asking for any code. When DN testing, so bypasses this method entirely password protection because the system think that it is the right phone that is ringing.
We have successfully tested to change the password without having to enter the original code.
a large number of authorities and companies as customers, for example, the prison service, SEB, Nordea and the Prosecutor’s office. Even the prosecutors from the riksenheten for national security, which handles sensitive matters with a bearing on national security uses Tele2’s mobile subscriptions.
the Same lack is also available for landline numbers in Tele2’s enterprise solutions, including Bonnier News, with the newspapers Dagens Nyheter, Expressen and Dagens Industri – use.
Even here, we have tested a dozen different phones fixed with another simple method, which provided access to the röstmeddelandesystemet. In the systems are also saved messages.
the DN has no information that information must have leaked from the systems. But the corresponding vulnerabilities have been known for many years.
a big scandal in the case of the british newspaper News of the World. The newspaper was shut down after it was revealed how they hired private detectives bugged a large number of persons voice mail. Among the victims were celebrities, royals and victims of crime.
DN confronted Tele2 with the information on the fredagsförmiddagen and has given the company several hours to solve the problems ahead of the publication of this article.
In a mejlsvar they write that they are known to the ability to simulate what number you are calling from. However, should they not have understood that the method went on to use in order to access the messages. ”Since we became aware of the possibility of intrusion into the voice mails via some web services that simulate the calls from abroad, so we have improved safety by you must enter their four-digit code when calling their voicemail.”
“There has been a gap that has been unknown,” says Viktor Wallström, communication manager at Tele2.
Tele2, type in the mejlsvaret to DN:
”We have currently no knowledge of any cases where clients have been affected. We always look seriously at incidents of this type and do our utmost to ensure that they are not repeated.”
the 17-time Tele2 announced in a press release that säkerhetsbristen was solved for ”the majority of Tele2’s retail customers”. When the DN test, however, remains the problem.
the national Post and telecom agency (PTS) is responsible supervisory authority in the field. Anna Montelius, deputy director of the unit for secure communications, says to DN that she believes that they will get the case on his table:
– It sounds like something serious – not good at all. It could be a integritetsincident in accordance with our rules. If Tele2 detects such, they shall make an incident report to us within 24 hours to the us – that is to say, probably from when you called and said it. When we receive the report we review it and must then consider whether we should initiate an enforcement case, ” says Anna Montelius.