Answering Machines

Answering machines are the handy helper of many busy people. We are not always available to receive important telephone calls, so we choose is to install an answering machine. Although these machines are handy, they can raise security and privacy issues.

bullet  The principal vulnerability of answering machines is very similar to voice mail. The remote access feature makes it possible for unauthorized persons to dial your number and listen to your messages. Your only protection is a short code number that is pre-set in the factory and which very few buyers of answering machines bother to change. The factory-set code numbers for various models of answering machines are known to those who specialize in this type activity. Therefore, anyone who knows your phone number and the factory-set code number can gain access to your answering machine. Even if you have changed the pre-set code number, the new code number may not be difficult to break.

Many home answering machines also have a second vulnerability. They are equipped with security features that allow the owner to telephone home and listen for burglars or other activity in the home. In this case, the telephone instrument serves as a microphone listening for sounds. The designers and builders of the machines didn't intend for this feature to be used by anyone other than the owner, so they built in a security code similar to the code used for remote access to your messages. The feature works like this: you dial your home telephone number followed by the security code number. Before the telephone rings the answering machine picks up the call and allows the caller to listen for conversations or sounds within the house. 1

Consider what might happen if an eavesdropper knew your code or could easily break it. Now consider that manufacturers make thousands of these machines with a factory-set security code. If this is not changed after purchase, as many people fail to do, anyone who knows the factory-set security code could easily call your machine and listen to any private conversations within earshot of the answering machine. Even if you have changed the factory-set security code, the code is susceptible to being broken.

1. Paul F. Barry & Charles L. Wilkinson (Trident Data Systems), "Invasion of Privacy and 90s Technologies," Security Awareness Bulletin, No. 2-96. Richmond, VA: Department of Defense Security Institute, August 1996.




The Chroma Group, Ltd.