There has been some discussion on this board about how to hack a CIDCO Mailstation, but a potentially bigger issue deserves to see the light of day. CIDCO was contacted about this and chose not to deal with it -- so far.
A security flaw has been discovered in the CIDCO Mailstation product and network architecture. Many Mailstations are shipped with a default ID number which is used to identify the unit after factory production. An example of such an ID is 995011225. Utilizing this number as the username and password, one can utilize the web based component of the service to gain information about the users of the device. Going to <http://mail.mailstation.com>, and entering the number as the name, and again as the password, one can see the individual accounts that have been setup on the device, and one can see the user name and passwords that the users have chosen. After extracting the user account information, one then goes to <http://mail.mymailstation.com>, and logs in as that user, with the user name and password that has been chosen. One can then read and send mail as the user that has been compromised.
The ID that exists on the Mailstation device can also be altered to be the ID of another device, and can be set to send and retrieve the mail of the other account, or fax as the user of the other account. The full scope of the vulnerability is not yet known, but by incrementing the ID number by one, or decreasing the ID number by one, access is easily obtained, and accounts are easily compromised.
It appears that access to mail accounts can be made even for units not yet sold to consumers. Not only can the mail of current users be compromised easily, this means that new messages and/or spam can even be delivered to Mailstations still on holiday store shelves waiting for future owners to download. Obviously a potential nightmare to the novice user whose first email experience is not what CIDCO intended for it to be.
The numeric user names needed to gain entry into mail accounts is so visible that in many cases it is printed on the outside of the Mailstation box. All that anyone needs to begin compromising accounts is to make a trip to a retail store and look at one of the such-marked boxes on the shelf. They may not even have to buy a unit.
In addition, the user names and passwords along with the dialup numbers found in the CIDCO owners manual can be used to dial into the Internet with a PC. In this way, PC users who have compromised usernames and pws can get online as often as they wish for as long as they wish on the CIDCO-provided network, without paying for ISP service.
