Share:

Hacker Exposes Freedom Mobile Customer Login Vulnerability

Share:

According to a new report from MobileSyrup, a hacker has uncovered a vulnerability in Freedom Mobile’s customer login system. This means that Freedom Mobile customers could be at risk of hackers gaining access to their personal information such as phone number, call history, and address.

The hacker, who goes by the username NullHumanity, showed a screenshot of code on a subreddit that appears to show them successfully brute-forcing user logins.

The login system is “forced to the Phone Number/PIN model” which cannot even be changed if the customer calls support. This makes it really easy to brute force logins because there are only 10,000 possible combinations of four-digit PINs and phone numbers are fairly easy to access.

“There are lots of services out there to identify carrier numbers.”
The hacker said that there have already been 2,000 accounts that have been identified as being at risk. The group does not intend to do anything malicious with the information they have gained, but they expect that it would be possible to target up to 350,000 accounts based on their brute force attack.
“A phone number is predictable and a 4 digit PIN isn’t secure. Figuring out matching sets can be automated easily.”
The four-digit PIN as a password for accessing online banking raises huge security concerns, which the company needs to address. NullHumanity reached out to Freedom Mobile regarding the issue and he was told that four-digit pins provide adequate security because they are used in a lot of banking applications.
Clearly, there are some people who have yet to come to terms with today’s standard of security. That being said, it looks like Freedom Mobile has a lot of work to do in order to make their customer login system secure. Hopefully, someone at Freedom Mobile is looking into providing a solution for this outdated security system.

Share:

  • Melvin

    Thanks.
    Just changed my PIN. They won’t be able to guess it cuz I used opposite thinking so to fooled them.

  • Got Game? Get Game! ???

    Guessed it… 1234

  • Riley Freeman

    for such a young carrier, this type of stuff is not good. They better shape up

  • poopchute

    Ha!
    You are sooooooo wrong!
    It’s 4321. So there.

  • IS

    another dumb person here.. brute-forcing means they used an automated script to try every combinations from 0000 to 9999. “using opposite thinking” has nothing to do with brute-forcing method. lol

  • Arlene Price

    One of the most annoying questions I hear is “are there real hackers?” or “Can i get a real hacker?” or “Where can I get a hacker ?” Well, I’m going to tell you this TOP SECRET thing I found, and trust me he is the answer to all your questions, he is an ethical hacker, reliable and affordable, https://uploads.disquscdn.com/images/060a8366926bdc68c929a16cc5cd72c9fea5ea0b79a6038129d675a9b3c1ae61.png I know this because I’ve have made use of his services a lot such as hacking a cell phone, hacking into a website, helping me boost my credit score and clearing my bank debt and he has never dissapointed me for once. I have also reffered him to my friends who also required services of a genuine hacker and they’ve been testifying to his good works. Stop being scammed by these fake hackers and contact a real one.

  • ticky13

    Exactly! This is why using PINs is dumb… but not as dumb as only allowing four digits in a PIN.

Deals