As if news of a recent breach leaking T-Mobile customer data to attackers weren't bad enough, Buzzfeed News highlights a pair of issues that could've revealed PIN numbers for customers of T-Mobile and AT&T. The security flaws were uncovered by two security researchers, Ryan aka "Phobia" and Nicholas "Convict" Ceraolo.
The T-Mobile issue occurred via its link to Apple's online store, where they found that a page in the middle of the iPhone purchasing flow would allow an interested party unlimited attempts at guessing an account PIN or last four digits of the account holder's social security number. Given unlimited tries for a safety feature that's probably four digits with no rate limiting lets hackers run through all the possibilities quickly.
Source: Buzzfeed News
T-Mobile, AT&T customers account PINs were exposed by website flaws posted first on https://www.engadget.com
No comments:
Post a Comment