Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Uses Premium Rate Calls To Steal From Instagram, Google, Microsoft (helpnetsecurity.com)

Posted by msmash on from the security-woes dept.

Reader Orome1 writes: Some account options deployed by Instagram, Google and Microsoft can be misused to steal money from the companies by making them place phone calls to premium rate numbers, security researcher Arne Swinnen has demonstrated. Swinnen calculated that, in theory, these options would allow an attacker to milk over 2 million euro per year from Instagram, 432,000 euro per year from Google, and nearly 700,000 euro from Microsoft by using a slew of fake accounts, multiple premium numbers, and different tools and approaches to automate the process.

7 of 37 comments (clear)

  1. Not news by fubarrr · · Score: 3, Interesting

    We had same thing in Russia around 12 - 11 years ago when there were the WAP and premium content craze. There was a guy from carders.su who wrote an MMS exploit that hacked Sony cellphones on A100 OS and made them send premium sms in 2006. The whole Megafon cell network went down as it got DDOSed by the chain reaction of the virus spreading

  2. Click bait by ITRambo · · Score: 4, Insightful

    The story explains how the proof of concept exploit could work. It is tedious and was not likely to be used by sane people. The guy was awarded $2000 for discovering the loophole.

  3. How much to do this legally? by gurps_npc · · Score: 4, Interesting

    As in, I would love to get a phone number that is 'premium' and then give it out to every website that keeps asking for a phone number.

    Slime keep trying to steal my privacy in exchange for nothing. They abuse the phone number and have no business asking for it. If they want my phone so badly, then PAY every time you call me. After all, I never want you to call me, so why shouldn't you pay to talk to me?

    --
    excitingthingstodo.blogspot.com
    1. Re:How much to do this legally? by pla · · Score: 3, Interesting

      You can have more than one phone number, y'know... :)

    2. Re:How much to do this legally? by Grishnakh · · Score: 3, Funny

      You've just identified yourself as someone who doesn't belong on this site, since you can't even conceive of having multiple phone numbers. Shut down your account and go somewhere else more suitable for you, like TMZ.com.

  4. Re:Premium rate numbers still exist? by Mal-2 · · Score: 2

    They're basically banned in the US. Are they still around outside the USA?

    No they're not. They're fairly easy to identify with the area code of 900, but they are far from banned.

    --
    How is the Riemann zeta function like Trump rallies? Both have an endless number of trivial zeros.
  5. Useless - they're probably already filtering. by Ungrounded+Lightning · · Score: 2

    ... most of the shmucks that ask for numbers like this use robo callers.

    And the schmucks in question are normally cluefull enough to program their robots to NOT call the "premium content" number ranges. (Which is also what anyone programming a service that includes a callback feature should also do.)

    Not doing this for cellphone ranges or numbers on do-not-call list doesn't impact a phone-pimp's bottom line. Trying to scam a pay-to-talk line does. It might not cost enough to bankrupt them, if their scam is lucrative enough - but even for those it would be a drain on the swag.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way