A recent report has just revealed a dangerous security breach in T-Mobile’s servers, which allowed hackers to get hold of one’s data incredibly easy. Everything hackers had to do was know a user’s phone number, and then they could access their account, steal their email address, and make use of the network code of their phone.
The T-Mobile vulnerability was solved 24 hours after detection
Karan Saini, from the startup security firm Secure7, was the one that discovered this dangerous vulnerability. He explained how, after getting access to all phone numbers of T-Mobile users, hackers could have created a database with all their personal information. This constitutes a huge security hole, which could seriously violate the privacy of any T-Mobile user.
The mobile company was immediately notified of the issue, and they solved it in less than 24 hours after they were first informed. Also, they conducted some investigations and discovered that no user fell victim to the security breach. Meanwhile, T-Mobile decided to reward Saini for spotting the dangerous bug and offered him $1,000 from their special bug-fighting program.
Hackers got hold of replacement SIMs and then controlled user’s accounts
However, others have different opinions. A hacker who insisted on remaining anonymous claims there were certain people who took advantage of the vulnerability. These people were several kids, who managed to trick the T-Mobile engineers they were the owners of some phone numbers they actually didn’t own. This way, they asked to have their SIM cards replaced.
By getting hold of someone’s SIM, it’s easy to control his other personal information. For instance, the hacker can easily access the user’s email or social media accounts, as he can control them through the system of SMS authentication. Some people actually admitted being victims of such attacks.
Although tech support employees need to ask some security questions before sending someone a replacement SIM card, they sometimes get tricked into doing it without these measures. Also, there circulated some videos on the internet where people were taught how to perform this hack, so there might have been some victims of the malicious technique after all.
Image Source: Flickr