Community

coolgod · ‎04-21-2022

The number I usually access voicemail is 647-580-4002, where I need to enter a password to access it. I checked my usage log online recently and noticed many outgoing calls to 647-580-4001, which I never made. After searching it up I realized it was also a voicemail number. I called the number and was able to access my voicemail without a password, isn't this a bug?

dust2dust · ‎04-23-2022

Great testing. Consider me corrected. And a fine idea for them to set those other numbers to respect the default of no password. Odd that there are a few that don't and just require the password by default.

coolgod · ‎04-23-2022

I already tried that 😁, after the initial bypass setup on the 4001 number both VM number password bypass settings are linked. Setting on/off password bypass on either 4001 or 4002 number affects the other. I guess the security implication is if this bug isn't fixed and people are worried about caller ID spoofing attacks (i.e. calling from another phone pretending to be your phone ID to the VM number), they should find all their VM numbers in the list you provided and turn off voicemail password bypass for each number.

dust2dust · ‎04-23-2022

I guess that's a perspective on looking at it but I think it's more on the side of the voicemail access number. A few ask for the password. Most don't. Setting the bypass password option in the voicemail system should not be affected by the access number.

So here's another thing you could test, call the 4001 and turn back on the bypass and call the 4002 number and see if it still asks for the password. Do that again calling the 4002 number and see if the sertting is on. Since you're experimenting with things which is great. Anybody can do this at home but I can't be bothered to as I don't care about unauthorized voicemail access.

coolgod · ‎04-23-2022

Ok, so I figured out the bug, the two voicemail numbers aren't synced initially with respect to the password settings.
Initially: My phone's default voicemail number was 647-580-4002, and I needed password when calling VM from 4002 from my phone. I tried calling 647-580-4001 from my phone and could access voicemail without password. I still needed password calling my voicemail from other phones though.
After setting the bypass password to OFF on the 4001 number, it seems both 4001 and 4002 settings are now linked, turning on/off the bypass password setting affects both numbers.

hTideGnow · ‎04-22-2022

@coolgod wrote:
That's actually my original concern, I thought the voicemail password (by public mobile) was to keep phone thieves or other ppl from unauthorized access to my voicemail from my phone. I just learnt today that I can access my voicemail from another number by dialing to my number and pressing *.
Anyways the issue raised by Nezgar earlier in this thread regarding caller id spoofing is real. Presumably public mobile offered voicemail passwords as a way to guard against these attacks, this bug I pointed out defeats these protections.

HI @coolgod You can enable your password even when you call from your phone.

At your voicemail mail menu, enter 4 for Personal option, then 8 to set Bypass password to OFF

darlicious · ‎04-22-2022

@coolgod

You know when you think you hung up and put your phone down to go to the bathroom. Then grab a beer and a bowl of snax and sit back down again and pick up your phone to realize it's didn't hang up when you thought it did so you silently scream and hang it up in a fit of panic because it was a wrong number in the first place?!!

To contact customer support click below:

https://productioncommunity.publicmobile.ca/t5/notes/composepage/note-to-user-id/22437

To pre-verify your account include in your private messaging only your full name, address, email, phone # and 4 digit acct pin #.

coolgod · ‎04-22-2022

Yes, I am in the eastern time zone, but I was away from my phone during the time those two calls took place. My phone was on do not disturb during that time. The longer call was 0:04:41, almost 5 minutes. I'm not sure how someone was able to call my voicemail for that long without leaving a message.

dust2dust · ‎04-22-2022

And the option in the voicemail system to turn on a password would block those unauthorized accesses if they were to spoof the number.

I agree, it's all weird, but there are workarounds. I still wonder why care but that's me. To me it's just voicemail that I would delete immediately after hearing it. Nor do I understand keeping messages. To each their own. I've read here of people not liking the fact that anyone can hear the renewal date and balance with the dial in thing. I don't care.

darlicious · ‎04-22-2022

@coolgod

And you are in the eastern time zone? Were you fiddling around with voicemail when you took a call and you also got a private caller while on that call that went to voicemail? You may have put your call to voicemail on hold when you answered the incoming call. That would default another call to voicemail and they hung up. The voicemail call would automatically hang up after 5 minutes of no action. Or when you finished your call it also hung up on your "on hold" call with voicemail.

To contact customer support click below:

https://productioncommunity.publicmobile.ca/t5/notes/composepage/note-to-user-id/22437

To pre-verify your account include in your private messaging only your full name, address, email, phone # and 4 digit acct pin #

coolgod · ‎04-22-2022

That's actually my original concern, I thought the voicemail password (by public mobile) was to keep phone thieves or other ppl from unauthorized access to my voicemail from my phone. I just learnt today that I can access my voicemail from another number by dialing to my number and pressing *.
Anyways the issue raised by Nezgar earlier in this thread regarding caller id spoofing is real. Presumably public mobile offered voicemail passwords as a way to guard against these attacks, this bug I pointed out defeats these protections.

coolgod · ‎04-22-2022

My phone showed I received 2 missed calls from private number. The usage record from public mobile website shows 2 outgoing calls from my phone number to 647-580-4001 with matching times. There were no voicemails left in my mailbox.

dust2dust · ‎04-22-2022

There's an option in the voicemail system to need a password even on the device. If security is indeed a concern then you might want to turn that on too in case someone takes your phone and accesses your voicemail the manual way. Who does that? So I don't bother with it. To each their own of course.

coolgod · ‎04-22-2022

My phone default voicemail number was 647-580-4002, I checked your *#61# *#62# *#67# and they were all 647-580-4001. I can change my voicemail to the 4001 number to skip the password, but I prefer to have a slight level of security so I think I'll keep the 4002 number as voicemail for now.

hTideGnow · ‎04-22-2022

HI @coolgod what number showing on the 9 second and 5 minutes calls? Maybe you were calling your VM from your phone? or a calls got routed to the VM?

And about the security bug without PIN, try to call from a landline, it should ask you for a PIN

coolgod · ‎04-22-2022

Both the 9 second call and the 5 minute call was not me calling since I made no calls at all that day.

Nezgar · ‎04-22-2022

@coolgodWhen someone calls you and you don't answer the call, one of the three conditional call forwards are invoked which by default are set to one of the voicemail numbers for voicemail "deposit". You can check what number was automatically configured by dialing these codes:

*#61#

*#62#

*#67#

These numbers could very will be different than the number that was automatically configured for voicemail "retrieval". In theory they should all function the same for both purposes, but some testing by others has found some slight differences in behaviour... so if one isn't working for you, you can try programming one of the many other numbers for retrieval or deposit.

Nezgar · ‎04-22-2022

@JL9 wrote:
I couldn't tell you the last time I needed to enter my password. It has been years if not decades. It would just go to my VM menu. I anticipate you would need it if you are calling from another number to access it, but I haven't needed to do that.

The security risk with the default of voicemail not requiring a PIN when "calling from your own phone" is that someone calling with a fake caller ID of your number will gain immediate access to your voicemail...

Forging caller ID is trivial to do nowadays with various VoIP providers...

darlicious · ‎04-21-2022

@coolgod

I was unaware of the voicemail number that ends in two. @Nezgar would know better than I but I am sure you can reprogram your voicemail to ensure all calls will ask for your voicemail pin #. It's good that you are being security conscious of your possible privacy breach issues.

Your daily usage pages will list seemingly in the same manner calls to voicemail. Whether it is you calling from your device or an incoming caller that forwarded to your voicemail. The 9 second call was your private caller that did not leave a voicemail. The 9 seconds accounts for the call forwarding time and the amount of time the private caller listened to your message before deciding to hang up without leaving a message. Presumably the 5 minute call was you calling and accessing your voicemail services.

Public Mobile customers who are not in the eastern time zone do enjoy one advantage....it is easier to determine which voicemail calls are initiated thru their device as they are time stamped in local time whereas all other incoming calls to voicemail are time stamped in the eastern time zone.

To contact customer support click below:

https://productioncommunity.publicmobile.ca/t5/notes/composepage/note-to-user-id/22437

To pre-verify your account include in your private messaging only your full name, address, email, phone # and 4 digit acct pin #.

JL9 · ‎04-21-2022

I couldn't tell you the last time I needed to enter my password. It has been years if not decades. It would just go to my VM menu. I anticipate you would need it if you are calling from another number to access it, but I haven't needed to do that.

coolgod · ‎04-21-2022

I guess the voicemail password is mostly security theatre. Thank you for the info regarding the persistent existence of this issue.

dust2dust · ‎04-21-2022

Here's my list.

Calling these tells me immediately that I have no messages which is correct.

587-580-4004 Alberta Calgary Southern AB 403/587/827
587-580-4005 Alberta Calgary Southern AB 403/587/827
587-580-4006 Alberta Calgary Southern AB 403/587/827
587-580-4007 Alberta Calgary Southern AB 403/587/827

778-580-4001 BC Whalley outside greater Vancouver area
778-581-4001 BC Whalley BC 250
778-581-4002 BC Whalley BC 250

506-588-4001 New Brunswick Moncton NB 428/506

705-780-4001 Ontario Barrie ON 249/705
647-580-4001 Ontario Toronto ON 416/437/647
647-580-4003 Ontario Toronto ON 416/437/647
647-580-4004 Ontario Toronto ON 416/437/647
647-580-4005 Ontario Toronto ON 416/437/647
647-580-4006 Ontario Toronto ON 416/437/647
647-580-4007 Ontario Toronto ON 416/437/647

450-320-4001 Quebec Granby Outside Montreal 450/579
438-580-4001 Quebec Montreal Montreal 438/514
581-580-4001 Quebec Quebec City 367/418/581
819-588-4001 Quebec Sherbrooke QC 819/873

These ask for the password like you found - and then work
778-580-4002 BC Whalley greater Vancouver area
778-580-4003 BC Whalley Outside greater Vancouver area

289-680-4001 Ontario Hamilton ON 289/365/905

647-580-4002 Ontario Toronto ON 416/437/647

The rest from a list around here give a recording, then you choose language, then enter your number - I get invalid. I only tested a couple to find invalid. Hopefully this will go in with all the numbers and not get moderated.

coolgod · ‎04-21-2022

I understand there are display or other bugs related to calls coming in my voicemail. For example today the usage log says I received 2 phone calls, one 9 second and one 5 minutes, while on my phone I only received 1 private number call and no voicemail. There is clearly something wrong here.
Regardless the issue I want to point out is if I call the 647-580-4001 number, I can access my voicemail without entering my password. Isn't this obviously a security bug? Otherwise why would I need to enter my password in my regular voicemail number 647-580-4002.

dust2dust · ‎04-21-2022

It's kind of a bug. But most numbers on a list around here work as you found. There's a handful of numbers on that list that play a long recording and then ask for your number and in my case it said invalid.

So just change the voicemail number to the one that works without the password. Asking for the password is a setting in the voicemail system but evidently it's off for you.

dabr · ‎04-21-2022

@coolgod The number ending in 4001 is the one PM uses for voicemail. I haven't heard of the other one.. Not a bug though.

HALIMACS · ‎04-21-2022

@coolgod

The reason you’re seeing this under your usage is that every time someone calls you and it goes to voicemail, it displays that way.

Essentially, the call is received to your voicemail and it registers as an outgoing call to the voicemail server. If you’re on a minute limited plan, it does not count toward your outgoing minutes.

Community

Access voicemail without password bug?