Beeline sends details of conversations to strangers
In 2015, I wrote several articles about the operator Beeline and his games with HTML code:
Since then, the operator was no longer seen in this kind of incidents, and today I want to tell you how Beeline sent the call details to the owner of the number.
Any operator has the opportunity to view the details of calls and other services through a personal account, you can also often find an option, when connected, the operator will send a file with details to the mail once a month. The function is quite convenient, and at some point I decided to use it by connecting it to all my 8 numbers. Some of the numbers were only used for Internet in tablets and modems, so I did not remember them by heart.
')
On some autumn day, after receiving the detail files and briefly reviewing them, I saw unfamiliar numbers and other information in the detail for one of the SIM cards, and the amount of my expenses was not very similar. My first thought is that someone got a duplicate SIM card and started spending money, but this idea immediately disappeared, since all SIM cards are working, and the detail comes in the past month.
After searching the mail for the phone number specified in the suspicious detail, I saw a lot of letters with the same number, but sent more than six months ago. At that moment, I realized how I got a detail with the confidential data of a completely different person, but I could not understand how the telecom operator made such an error.
The solution was very simple. Beeline has a wonderful service - changing the number. If for some reason you are tired of your current phone number and you want to change it, then you can do it without leaving your home: just for 30 rubles and a couple of minutes you can get another number that will be tied to an existing SIM card. The service is quite convenient, and about half a year before the events I described, I decided to use it (life hacking: never call car dealerships from a “live” number, they will call you back every day). The number change was successful, and I forgot about it safely.
As you have probably guessed, after six months my old number found a new owner, but for some reason the combination “number and e-mail to send the details” was not updated, so I received the details of the conversations that the current subscriber of my old number made . Through an employee of Beeline, I immediately told about the bug I had found and received the answer that the bug would be fixed as soon as possible. Unfortunately, this employee no longer works in this company, so the status of the vulnerability is unknown to me, although I really hope that in 3 years the error has been corrected.
Of course, this vulnerability did not allow to obtain the details of a particular subscriber, as there were no guarantees at all that the old number would receive a new owner in the short term, but considering that in recent years, operators have not received new number pools, and subscribers use the used numbers, then the prospect of a stranger receiving data on calls and SMS is not very happy.
- Beeline automatically adds a Mail.Ru search toolbar.
- Beeline automatically adds a toolbar and changes the design of sites.
- Beeline automatically changes HTML tags
Since then, the operator was no longer seen in this kind of incidents, and today I want to tell you how Beeline sent the call details to the owner of the number.
Any operator has the opportunity to view the details of calls and other services through a personal account, you can also often find an option, when connected, the operator will send a file with details to the mail once a month. The function is quite convenient, and at some point I decided to use it by connecting it to all my 8 numbers. Some of the numbers were only used for Internet in tablets and modems, so I did not remember them by heart.
')
On some autumn day, after receiving the detail files and briefly reviewing them, I saw unfamiliar numbers and other information in the detail for one of the SIM cards, and the amount of my expenses was not very similar. My first thought is that someone got a duplicate SIM card and started spending money, but this idea immediately disappeared, since all SIM cards are working, and the detail comes in the past month.
After searching the mail for the phone number specified in the suspicious detail, I saw a lot of letters with the same number, but sent more than six months ago. At that moment, I realized how I got a detail with the confidential data of a completely different person, but I could not understand how the telecom operator made such an error.
The solution was very simple. Beeline has a wonderful service - changing the number. If for some reason you are tired of your current phone number and you want to change it, then you can do it without leaving your home: just for 30 rubles and a couple of minutes you can get another number that will be tied to an existing SIM card. The service is quite convenient, and about half a year before the events I described, I decided to use it (life hacking: never call car dealerships from a “live” number, they will call you back every day). The number change was successful, and I forgot about it safely.
As you have probably guessed, after six months my old number found a new owner, but for some reason the combination “number and e-mail to send the details” was not updated, so I received the details of the conversations that the current subscriber of my old number made . Through an employee of Beeline, I immediately told about the bug I had found and received the answer that the bug would be fixed as soon as possible. Unfortunately, this employee no longer works in this company, so the status of the vulnerability is unknown to me, although I really hope that in 3 years the error has been corrected.
Of course, this vulnerability did not allow to obtain the details of a particular subscriber, as there were no guarantees at all that the old number would receive a new owner in the short term, but considering that in recent years, operators have not received new number pools, and subscribers use the used numbers, then the prospect of a stranger receiving data on calls and SMS is not very happy.
Source: https://habr.com/ru/post/424563/
All Articles