How to harvest money from Instagram · Google · Microsoft by telephone
ByLinh Nguyen
Premium numberThe telephone service as a telephone service of a certain telephone number is set higher than usual so that when a call is made, the fee is paid to the owner of the telephone number, like an information fee surrogacy service The system is adopted. In the SNS, there are times when "SNS operators call me to receive a call" in order to attach accounts and phone numbers, but by using premium numbers, you can earn money through this linking work It turned out to be possible.
How I Could Steal Money from Instagram, Google and Microsoft - Arne Swinnen's Security Blog
https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/
For example, in Instagram you first enter your phone number on the authentication screen when you dow the account and phone number.
Then, the following code is sent from Instagram to the SMS of the phone number you entered.
Normally, if you enter this code number in the authentication scene, you will complete the link, but there are options to "You can call the phone number you entered" for cases such as when you do not receive the code When selected ...
With such a feeling, the Instagram side will receive a call.
Talk time is 17 seconds. Since the rate limit has been set, the request can be sent only once every 30 seconds, but since there are no restrictions on the phone number to use, it is possible to use the premium number.
For example, using "Eurocall 24" which generates 0.06 pounds per minute (about 8.4 yen), we automated work using a tool called Burp Intruder and sent a total of 61 requests every 30 seconds and found a total of 1.04 pounds (About 145 yen) was able to get. With this calculation, you can earn 48 pounds (about 6730 yen) in one day, 1440 pounds (about 200,000 yen) in a month, and 17280 pounds (about 2.42 million yen) in a year. If you prepare 100 accounts, earnings per year will be calculated to increase to 172,800 pounds (about 240 million yen).
Arne SwinnenReported the above contents to Facebook, at first it seems that it was a reply that "risk is not within the range of expected security vulnerability" "risk is within tolerance", but "100 I can automate the work by creating an account of "Finally, it was accepted as a bug, and it was finally accepted as a bug and received a reward of 2000 dollars (about 210,000 yen) and 4000 dollars (about 420,000 yen ) I got a donation.
In the case of Google, on the other hand, when registering a phone number, you can choose the option of "Send code to SMS" or "Make a call." At this time, the premium number is available, but if you mistype the code six times, the phone number will be blocked.
Eurocall 24 is a phoneSIP serverIt supports the transfer to the user and can hear the contents of the phone via the SIP client, so if you use the voice recognition to enter the code and automate the mechanism until logging in to the account, The same thing can be done.
However, when Mr. Swinnen tried it, Google did not judge whether "I succeeded in logging in" or not, and it turned out that if there was the fact that "login took effect", it will not be blocked. In other words, omitting the speech recognition part, it was only necessary to automate the task of "trying to log in to the account when a phone call comes up".
The phone is limited to 10 times per hour, and 35 seconds per call. By doing this calculation, you will earn 12 euros (about 1400 yen) in one day, 360 euros in a month (about 42,000 yen), 4320 euros in a year (about 50 thousand yen).
Like Facebook, if you report the above to Google, the response will be "take action, but it is impossible to completely shut down this method" "Google will suffer loss, but because user security is more important, reward Will not be paid,Hall of Fame listIt will be posted on ".
In the case of Microsoft, there is work "Microsoft calls the user" by registering the Office 365 trial version. You can use the premium number, but if you fail to register seven times the phone number will be blocked.
However, I found a way to avoid this block. Even if you add up to 18 0's at the beginning of the phone number to be registered, it will be authenticated as a normal number ...
By adding 0, block avoidance of the number of times of the following formula is possible. By adding the original number, 172 different numbers are possible.
In addition, you can add up to 4 random numbers at the end of the phone number as a phone number.
Therefore, one premium number, in addition to block avoidance using 0, block avoidance of the number of times of the following formula is possible.
Since one talk time is about 23 seconds, if you do the above calculation with 20 seconds, one minute earnings per premium number will be 668,882 euros (about 78 million yen). In addition, Microsoft can make phone calls to the same premium number at the same time, so if you use this to automate, the attacker gets more money.
In addition, Microsoft said that he paid Swinnen for 500 dollars (about 53,000 yen) as a remuneration while taking measures to report the above content.
Related Posts:
in Note, Posted by darkhorse_log