Abusing phone verification to steal money from Instagram, Google and Microsoft

in #security8 years ago

Here's a fun read. A security researcher found a way to abuse phone verification systems to steal money from major corporations Google, Instagram and Microsoft. He was able to trick the verification system into calling premium phone numbers. After he reported the vulnerabilities, he received a total bug bounty of $2500, which might be considered a small amount of money compared to the damage he could have done.

https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/

8 years ago in #security by
$0.00
    3 votes
    Reply 3
    Sort:  
  • Trending
    • [-]
     8 years ago 

    In case you missed it, the only way the guy could actually be "Stealing" the money for himself, is if he owned the premium numbers he tricked them into calling. LOL

    Keep it Clean!

    My Blog Posts, Neatly Categorized!

    [-]
     8 years ago (edited)

    Indeed, but I imagine it is quite easy to get your own premium number that pays you when someone calls. There are services for everything these days.

    Coin Marketplace

    STEEM 0.20
    TRX 0.13
    JST 0.030
    BTC 67271.13
    ETH 3515.41
    USDT 1.00
    SBD 2.70