Dec 17 2018, 12:42 AM
QUOTE(jimmyktp @ Dec 16 2018, 11:12 PM)
It is super easy.
Coupled with installing Cerberus app on an unsuspecting phone, I can even read or send sms from my computer/phone
Note: Cerberus is a legitimate app but could be easily misused.
Let's take this as a scenario:
1. You went overseas for holiday bringing your phone with you. Someone knew you are not in the country.
2. Scammer goes to police station and make a report saying lost IC (pretending as you).
3. Using the police report, goes to make a temporary IC.
4. Using temp IC and police report, makes a report with telco to get them reissued a replacement sim card.
5. You realised your phone cannot use while you were in overseas. You didn't bother because you think you will sort it out when u come home.
6. Scammer can get banks to reissue a new CC, or if they already have your username and password, you GG because now any new sms from banks to you will be sent to the replacement sim card which is being held by the scammer.
7. See how powerful if someone gets your Phone Number?? A chain is only as strong as the weakest link. The phone number is the weakest link!
*Happened to my friend's dad* A big foreign bank in Malaysia who is famous with issuing CCs wanted to sue my friend's dad* The suit was thrown out eventually.
So much work. SMS can be redirected to another number. No need IC, no need Sim Card with target number. No need visit Police or telco, just sit at home. Just redirect all the bank sms to a hacker controlled number. Old vulnerability is old, please get educated dear Malaysians, and tell your banks, No more sms based authentication. Bank Negara should step in and fine or revoke licenses of banks that do not protect their customers money adequately.Coupled with installing Cerberus app on an unsuspecting phone, I can even read or send sms from my computer/phone
Note: Cerberus is a legitimate app but could be easily misused.
Let's take this as a scenario:
1. You went overseas for holiday bringing your phone with you. Someone knew you are not in the country.
2. Scammer goes to police station and make a report saying lost IC (pretending as you).
3. Using the police report, goes to make a temporary IC.
4. Using temp IC and police report, makes a report with telco to get them reissued a replacement sim card.
5. You realised your phone cannot use while you were in overseas. You didn't bother because you think you will sort it out when u come home.
6. Scammer can get banks to reissue a new CC, or if they already have your username and password, you GG because now any new sms from banks to you will be sent to the replacement sim card which is being held by the scammer.
7. See how powerful if someone gets your Phone Number?? A chain is only as strong as the weakest link. The phone number is the weakest link!
*Happened to my friend's dad* A big foreign bank in Malaysia who is famous with issuing CCs wanted to sue my friend's dad* The suit was thrown out eventually.
Start here: https://arstechnica.com/information-technol...uting-protocol/ and then look up more on SS7 and SMS and how it all works. Then you will understand, no more SMS please.
This post has been edited by thewan: Dec 17 2018, 12:43 AM
Quote
0.0177sec
1.18
7 queries
GZIP Disabled