Me&you mobile's major security flaw

[Daniel Puchert]

South African mobile network has a major security flaw

When we uncovered fraudulent applications for the SASSA SRD grant, we realised that creating an application was only one piece of the puzzle.

The fraudsters needed phone numbers to apply and to receive a One Time Password (OTP), but how were they getting these phone numbers?

 

[epah]

but how were they getting these phone numbers?

We dont know, how about you tell us............ oh wait you already did yesterday.

 

[Bliksis]

We dont know, how about you tell us............ oh wait you already did yesterday.

It wasn't him, now let's see him merge that thread into his own.

 

[Dups!]

Breath of fresh air not to get, "this article first appeared in Daily something."

Imagine being told you type "nonsense," when they are the ones with the dodgy esim process.

Hayi, these fly-by-night networks.

 

[bwana]

It wasn't him, now let's see him merge that thread into his own.

Thread merges are always chronological.

Besides, Groundup is credited for writing this article.

 

[cda]

Thats not a security flaw, thats a bureaucracy flaw. And RICA is a total waste of time anyway.

 

[oros]

I never liked or trust the network in anyway. Their expensive as well!

 

[dontcryforme]

Thats not a security flaw, thats a bureaucracy flaw. And RICA is a total waste of time anyway.

100% correct. Go to any pakistan shop and ask to buy a sim and then ask to RICA it and they would say it already is. You can then use that SIM with VodaPay without needing any credentials - not even an email. Most likely the guy's South African wife he bought with a R200 and a coke is the person registered to those (thousands of) SIMs, now they cry about me&you?

 

[Swa]

I don't see where the security comes in.

 

[Swa]

100% correct. Go to any pakistan shop and ask to buy a sim and then ask to RICA it and they would say it already is. You can then use that SIM with VodaPay without needing any credentials - not even an email. Most likely the guy's South African wife he bought with a R200 and a coke is the person registered to those (thousands of) SIMs, now they cry about me&you?

You can't register that many sims to the same person. Most likely they provide completely bogus details as a RICA agent with fake details. The system is so open to fraud.

 

[IamNoone]

If it is that easy to sign up, how secure is your information?

 

[veergosai]

Update as of 19:00 SAST
Me&You Mobile has removed the option for Free eSIMs off there website

 

[IamNoone]

Update as of 19:00 SAST
Me&You Mobile has removed the option for Free eSIMs off there website

Was about to post that. I checked it around 6 and it was not there.

 

[veergosai]

Was about to post that. I checked it around 6 and it was not there.

They might have taken it down but the SIM cards from the video still works

 

[Bad Ballie]

Getting to the point where you can just say "typical South Africa" nothing will ever change under ANC rule. The inmates are running the asylum.

 

[r00igev@@r]

Not me or you?

 

[elf_lord_ZC5]

100% correct. Go to any pakistan shop and ask to buy a sim and then ask to RICA it and they would say it already is. You can then use that SIM with VodaPay without needing any credentials - not even an email. Most likely the guy's South African wife he bought with a R200 and a coke is the person registered to those (thousands of) SIMs, now they cry about me&you?

Exactly - can buy a MTN or Vodacom SIM on the street corner, you don't even have to go to a Paki shop to get one. It is already RICA'ed. Just load airtime and use.