Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Flawed Security Lets Sprint Accounts Get Easily Hijacked

From: David Farber <dave () farber net>
Date: Tue, 8 Apr 2008 21:39:08 -0400


Begin forwarded message:
From: Rich Kulawiec <rsk () gsp org>
Date: April 8, 2008 6:54:54 PM EDT
To: Richard Forno <rforno () infowarrior org>, Dave Farber <dave () farber net>, Fergie <fergdawg () netzero net> 
Subject: Flawed Security Lets Sprint Accounts Get Easily Hijacked

Courtesy of the Consumerist:

        Flawed Security Lets Sprint Accounts Get Easily Hijacked
        http://consumerist.com/376845/flawed-security-lets-sprint-accounts-get-easily-hijacked

Excerpt:

        "We found you can hijack a Sprint user's account as long as
        you know their cellphone number, just a smidge about them,
        and have half a brain. Once inside, you have total access to
        their account. You could change their billing address, order a
        whole bunch of cellphones sent to a drop location, and leave the
        victim paying the bill. There's also the stalker's wet dream:
        add GPS tracking to their cellphone and secretly watch their
        every movement from any computer. Reader Jim told Sprint about
        this 2 months ago but they ignored him, so I tested it out and
        am publishing the results in the hope of getting Sprint to fix
        this exploit. I'll show you we cracked into a Sprint account
        and just how much damage I could have done, inside..."

---Rsk


-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: