A security researcher recently contacted MyBroadband to report a vulnerability in the MTN network that could allow hackers to get free data using DNS tunnelling.
The Domain Name System (DNS) is a set of servers on the Internet which enable the translation of human-readable domains, like mtn.co.za, into Internet Protocol addresses.
Tunneling refers to the practice of routing network traffic over a port or protocol it does not usually travel over. There is nothing inherently wrong with tunnelling, and it is frequently used in virtual private networking to help people guard their privacy and secure their Internet traffic.
DNS tunneling is therefore when someone encodes network traffic in the protocol used for DNS. This is not a common activity, and according to Akamai it is usually conducted by bad actors to bypass controls put in place to safeguard a network.
While technically possible to get free data using DNS tunnelling on the MTN network, the security researcher said it wouldn’t be a particularly fast connection due to the limitation of the DNS protocol.
They also noticed that connections to MTN’s DNS servers get reset. There was “no doubt” that this was a countermeasure to interrupt persistent connections, they said.
It is also possible to access MTN’s root DNS servers even if you have no airtime or data, the researcher added.
Besides the possible vulnerability presented by DNS tunnelling, the researchers also highlighted issues with the captive portal that is displayed when you run out of data and airtime – nofunds.mtn.co.za.
Crucially, the page does not have a security certificate. The IP address of the MTN No Funds domain (18.104.22.168) is also associated with several other MTN domains.
This could be exploited by phishing scams, the researcher said.
We deal with constant attacks – MTN
“DNS tunnelling is just one of many types of cyber attacks that operators face on a constant basis,” executive for corporate affairs at MTN Jacqui O’Sullivan told MyBroadband.
“MTN is constantly monitoring any potential security attacks or bypass mechanisms, and has built in protocols to manage such attacks.”
O’Sullivan said MTN is aware of the exploit identified by the researcher, as well as the older example they provided in their report about the vulnerabilities they discovered.
“In both instances measures were put in place to limit MTN’s exposure,” O’Sullivan said.
“MTN proactively manages this environment and because the attempted attacks are constantly changing, we focus on identifying the abuse and then implementing the necessary controls.”