Security News > 2022 > February > Visual Voice Mail on Android may be vulnerable to eavesdropping
A security analyst has devised a way to capture Visual Voice Mail credentials on Android devices and then remotely listen to voicemail messages without the victim's knowledge.
Visual Voice Mail is a voicemail system used by numerous mobile carriers that allow customers to view, listen to, and manage voicemails in any order.
These SMS messages are sent and received when registering on VVM, activating/deactivating, and logging in to the VVM client app.
The users never see these SMS messages as they are handled by the VVM system in the background.
Since Android leaves all voice messages on the IMAP server until the user deletes them in the client app, a malicious actor could access not only recent messages but an entire historical archive, depending on the victim's data-wiping diligence.
The analyst tested the exploit against Android VVM applications, but the iPhone, which also supports VVM functions, wasn't tested.