Hacker Exposes Freedom Mobile Customer Login Vulnerability
According to a new report from MobileSyrup, a hacker has uncovered a vulnerability in Freedom Mobile’s customer login system. This means that Freedom Mobile customers could be at risk of hackers gaining access to their personal information such as phone number, call history, and address.
The hacker, who goes by the username NullHumanity, showed a screenshot of code on a subreddit that appears to show them successfully brute-forcing user logins.
The login system is “forced to the Phone Number/PIN model” which cannot even be changed if the customer calls support. This makes it really easy to brute force logins because there are only 10,000 possible combinations of four-digit PINs and phone numbers are fairly easy to access.
“There are lots of services out there to identify carrier numbers.”
“A phone number is predictable and a 4 digit PIN isn’t secure. Figuring out matching sets can be automated easily.”