Security flaw: call (almost) anywhere in the world for freeSecurity flaw: call (almost) anywhere in the world for free
While testing the SIM cards of several mobile operators, we've found a loophole in an Estonia-based communication company. This flaw made it possible to call from many countries to almost anywhere in the world for free.
Several prepaid SIM cards (airBalticcard, TravelSim, XXSim, Bglo Travel Sim?) allow to receive calls on an Estonian number for free in almost 200 countries, while providing outgoing calls and Internet traffic for a reasonable price. All seem to use Estonia-based technical platform TopConnect and sometimes offer additional services (displaying a disguised caller's number, associated fax number, free redirection to another number, additional numbers in many countries, etc.). To avoid imposing expensive calls (or, sometimes, blocked by certain national operators
) to Estonian mobile phones, most of these operators make it possible to dial toll-free numbers in several countries (France, Canada, Switzerland, Germany, Russia, Spain, Brazil, etc.) to reach their customers at their expense of the latter. However, we found out that with these international toll-free numbers it was also possible to reach numbers based in Estonia (landline and mobile), while neither the caller nor the addressees (except the clients of those operators) are charged. A nice security breach.
Even more importantly: by using, for example, the free call forwarding feature of the airBalticcard chip's Estonian number to the phone numbers of nearly 200 countries, it was possible to use the previous flaw and to "bounce" to call almost everywhere on the planet without paying.
We notified the TopConnect company. The flaw is now fixed.
[homepage] [RSS] [archives]
[contact & legal & cookies] © ACBM