Slashdot Mirror
Researcher Finds Way To Steal Cash From Google, Instagram, and Microsoft Through The Phone (onthewire.io)
Trailrunner7 quotes a report from On the Wire: A security researcher has discovered a method that would have enabled fraudsters to steal thousands of dollars from Facebook, Microsoft, and Google by linking premium-rate numbers to various accounts as part of the two-step verification process. Arne Swinnen discovered the issue several months ago after looking at the way that several of these companies's services set up their two-step verification procedures. Facebook uses two-step verification for some of its services, including Instagram, and Google and Microsoft also employ it for some of their user accounts. Swinnen realized that the companies made a mistake in not checking to see whether the numbers that users supply as contact points are legitimate. "They all offer services to supply users with a token via a computer-voiced phone call, but neglected to properly verify whether supplied phone numbers were legitimate, non-premium numbers. This allowed a dedicated attacker to steal thousands of EUR/USD/GBP," Swinnen said in a post explaining the bug. "For services such as Instagram and Gmail, users can associate a phone number with their accounts," reports On the Wire. "In the case of Instagram, users can find other people by their phone number, and when a user adds a number, Instagram will send a text to verify the number. If the user never enters the code included in the text, Instagram will eventually call the number. Swinnen noticed that Instagramâ(TM)s robocallers would call any number supplied, including premium-rate numbers. 'One attacker could thus steal 1 GBP per 30 minutes, or 48 GBP/day, 1.440 GBP/month or 17.280/year with one pair. However, a dedicated attacker could easily setup and manage 100 of these pairs, increasing these numbers by a factor 100: 4.800 GBP/day, 144.000 GBP/month or 1.728.000 GBP/year.'"
Do you even look at the front page of your own website to see if a story has been posted recently?
https://it.slashdot.org/story/16/07/18/157259/hacker-uses-premium-rate-calls-to-steal-from-instagram-google-microsoft
Another researcher discovered the same thing about four Slashdot stories ago.
The story explains how the proof of concept exploit could work. It is tedious and was not likely to be used by sane people. The guy was awarded $2000 for discovering the loophole.
As in, I would love to get a phone number that is 'premium' and then give it out to every website that keeps asking for a phone number.
Slime keep trying to steal my privacy in exchange for nothing. They abuse the phone number and have no business asking for it. If they want my phone so badly, then PAY every time you call me. After all, I never want you to call me, so why shouldn't you pay to talk to me?
It looks like they're posting it again to see if they can drum up more ennui.
I don't read your sig. Why are you reading mine?
We had same thing in Russia around 12 - 11 years ago when there were the WAP and premium content craze. There was a guy from carders.su who wrote an MMS exploit that hacked Sony cellphones on A100 OS and made them send premium sms in 2006. The whole Megafon cell network went down as it got DDOSed by the chain reaction of the virus spreading
Dupe on the SAME DAY. At least it was from different editors. We know that BeauHD didn't read the headlines from earlier in the day.
If every proof of concept was actually a threat nobody would use the internet. At least not keep any personal information on it. Rather then telling people how safe their information. Better just fess up and say, you know we will be hacked someday. It's just a question of when not if. But you can reduce your risk by not having a account with us and just enter in your information and selecting don't save me. Sadly, we are akin to the laziness of just storing all our information.
First, they cheat in the olympics. The fucking olympics! THen they fucking cheat Microsoft! Fucking Microsoft! One thing left to do. NUKE 'EM! NUKE 'EM NOW!
Wow that is awfully low. $1.728 is chump change to these companies.
Oh Wait, this os probably the DUMB countries that have no idea what a DECIMAL POINT IS FOR.
Honestly, stop the idiotic trend. Your countries USED TO do math properly at one time with the Decimal point used properly!
Lets see how many dupe posts we can post on this dupe post...
Reposts will occur until readership improves!
operating all around in footwear that nike tn 2016 don't forget acquiring their initially pair of "waffle soles" way back again in the mid-1970s. What is also for sure is that this distinct pair of Nikes bears no resemblance in any way to people pioneering footwear.A certain favourite of the skateboard arranged, the Nike Air Max TN arrives in a vast selection of appears, which include an individual pair that sports a skeleton. Now that is a style that is guaranteed to be welcome at some of the finest eating establishments in Manhattan or Beverly Hills, perfect? Common black/white and a great skeleton motif can not only look and feel fairly very good in these sneakers but also at some point develop into rather very good at whatever it is they imagine they could want to do in them. As far as definitely memorable color combinations, the a short while ago-launched Orange/Black/Red shoe has definitely created an effect amongst the glitterati in Hollywood.
from consumers, then spend it on salaries to develop spyware with the US government.
Isn't that all just gay as fuck though.
Fuck off and learn the English language, in that order.