Mobile customer uncovers premium rate scam
SEE ALSO :Kenya tech firms in top 50 ‘Genius’ listAt the same time Mr Hole looked for ways that the phantom charge could have applied. He discovered that it was possible to convince the iFortune site it was being visited by an iPhone. Using add-ons for the Firefox web browser this let him sign up any Orange customer for the service. All he needed to do this was their mobile phone number. Mr Hole demonstrated the loophole by signing up a BBC correspondent's phone for a weekly fortune reading. Gareth Maclachlan, head of mobile security firm Adaptive Mobile, said the loophole arose because Buongiorno was not doing a good enough job of checking which net addresses were making sign-up requests. "There's a potentially criminal opportunity here," he said. If the loophole became widely known, he said, hi-tech thieves could set up a fake premium rate service, sign people up and then sit back and wait for cash to roll in. Information about Mr Hole's findings have been circulated to the GSMA security working group to ensure other operators are aware of the loophole.
SEE ALSO :How mobile phone impacts today’s life"There was a bug in the system," said a spokesman for Buongiorno. "When that was found out, we very quickly moved to pin it down, find out what happened and stop it from happening again." The spokesman added that exploiting the loophole required a "certain amount of technical knowledge". As far as Buongiorno could tell, he said, there had only been one "billed event" that had arisen as a result of the loophole. The money wrongly taken for this event had now been refunded, he said. What is not clear yet is how many people were at risk of being signed up for premium rate services. Buongiorno said it closed down the bug quickly but Mr Hole's investigations suggest it was open for perhaps as long as 14 days. BBC