{"id":1530,"date":"2020-09-03T11:03:09","date_gmt":"2020-09-03T09:03:09","guid":{"rendered":"https:\/\/mybroadband.co.za\/news\/?p=365892"},"modified":"2020-09-03T11:03:09","modified_gmt":"2020-09-03T09:03:09","slug":"mtn-security-flaw-allows-secret-airtime-theft-industry-insider","status":"publish","type":"post","link":"https:\/\/interwebdev.co.za\/index.php\/2020\/09\/03\/mtn-security-flaw-allows-secret-airtime-theft-industry-insider\/","title":{"rendered":"MTN security flaw allows \u201csecret\u201d airtime theft \u2013 Industry insider"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/interwebsa.com\/blog\/wp-content\/uploads\/2020\/09\/mtn-security-flaw-allows-secret-airtime-theft-industry-insider.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A prominent industry player has revealed that a security flaw on MTN\u2019s network allows rogue WASPs to \u201csecretly\u201d subscribe users to content services and steal their airtime.<\/p>\n<p>The industry source, who asked to remain anonymous, told MyBroadband this weakness shows that MTN is not adequately protecting its subscribers against rogue WASPs.<\/p>\n<p>He said the flaw may look like a system bug, but it is more likely a proactive measure by rogue WASPs and potentially MTN employees to commit fraud.<\/p>\n<p>Many MTN subscribers have been complaining about airtime theft, and this security flaw may explain some of the fraud on MTN\u2019s network.<\/p>\n<p>Two of the main issues detected on MTN\u2019s network are:<\/p>\n<ul>\n<li>There is no welcome SMS when a person is subscribed to some WASP services.<\/li>\n<li>There is a fake \u2018subscription problem\u2019 message, despite the fact that a person is subscribed to the service.<\/li>\n<\/ul>\n<p>The Wireless Application Service Providers Association (WASPA) Code of Conduct clearly states:<\/p>\n<blockquote>\n<p>Once a customer has joined a subscription or notification service, an SMS message must immediately be sent to the customer confirming the initiation of the service.<\/p>\n<\/blockquote>\n<p>A live demonstration provided to MyBroadband shows that this \u201cwelcome SMS\u201d is never sent to MTN users who are subscribed to some WASP services.<\/p>\n<p>This compulsory SMS is one of the main weapons against fraudulent subscriptions and airtime theft.<\/p>\n<p>Without this SMS notification, MTN users have no idea if they have been subscribed to a content service.<\/p>\n<p>It therefore provides rogue WASPs with a perfect platform to fraudulently subscribe mobile users to services without their consent and knowledge.<\/p>\n<h3>Demonstration of security flaw<\/h3>\n<p>The live demonstration provided to MyBroadband illustrates the security flaw on MTN\u2019s network.<\/p>\n<p>The user said he initially thought there was a problem with the subscription service, but when airtime started to disappear, he realised it was a flaw.<\/p>\n<p>\u201cIt is not just a system fault as multiple SIMs showed exactly the same behaviour,\u201d he said.<\/p>\n<p><iframe src=\"https:\/\/www.youtube.com\/embed\/Cu2XkHsHBfw\" width=\"564\" height=\"360\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"><span data-mce-type=\"bookmark\" style=\"display: inline-block; width: 0px; overflow: hidden; line-height: 0;\" class=\"mce_SELRES_start\">\ufeff<\/span><\/iframe><\/p>\n<h3>MTN responds<\/h3>\n<p>Jacqui O\u2019Sullivan, MTN SA\u2019s executive for corporate affairs, told MyBroadband they are not aware of these security flaws.<\/p>\n<p>\u201cHowever, we take these issues very seriously and would therefore appreciate the opportunity to investigate this further,\u201d she said.<\/p>\n<p>O\u2019Sullivan added that MTN regularly conducts tests and system updates to its services as ad-fraud criminal networks are continually introducing new ways of bypassing their systems.<\/p>\n<p>\u201cMTN views mobile ad-fraud as a serious issue and remains committed to taking additional steps to address this,\u201d she said.<\/p>\n<p>\u201cAs further evidence of our commitment to treating our customers fairly at all times, should our investigation show that a customer has been the victim of fraud of this nature, we will refund in full.\u201d<\/p>\n<h3>Now read: <a href=\"https:\/\/mybroadband.co.za\/news\/cellular\/364796-how-to-steal-billions-and-get-away-with-it.html\">How to steal billions and get away with it<\/a><\/h3>\n<p><a href=\"https:\/\/mybroadband.co.za\/news\/security\/365892-mtn-security-flaw-allows-secret-airtime-theft-industry-insider.html\">Source: MyBroadband<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A prominent industry player has revealed that a security flaw on MTN\u2019s network allows rogue WASPs to \u201csecretly\u201d subscribe users to content services and steal their airtime. The industry source, who asked to remain anonymous, told MyBroadband this weakness shows that MTN is not adequately protecting its subscribers against rogue WASPs. He said the flaw [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1531,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[77],"tags":[],"class_list":["post-1530","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"acf":[],"_links":{"self":[{"href":"https:\/\/interwebdev.co.za\/index.php\/wp-json\/wp\/v2\/posts\/1530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interwebdev.co.za\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interwebdev.co.za\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interwebdev.co.za\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/interwebdev.co.za\/index.php\/wp-json\/wp\/v2\/comments?post=1530"}],"version-history":[{"count":0,"href":"https:\/\/interwebdev.co.za\/index.php\/wp-json\/wp\/v2\/posts\/1530\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interwebdev.co.za\/index.php\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/interwebdev.co.za\/index.php\/wp-json\/wp\/v2\/media?parent=1530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interwebdev.co.za\/index.php\/wp-json\/wp\/v2\/categories?post=1530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interwebdev.co.za\/index.php\/wp-json\/wp\/v2\/tags?post=1530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}