Thursday, December 31, 2015

Three carriers save billing system exposure vulnerability users can free flow

Three carriers save billing system exposure vulnerability: users can free flow

Cloud platform announced vulnerability announcement screenshots

On December 29, the vulnerability reporting platform clouds a vulnerability announcement, China Mobile, Telecom and Unicom flow accounting system vulnerabilities exist, user can exploit this vulnerability to use well beyond the package traffic.

Subsequently, Beijing, IT contacted the three operators to verify the situation, as of press time, had not yet received responses.

Clouds in the vulnerability announcement said, operators in order to provide customers with convenient, set whitelist for charging traffic fees, when charging system detects that the user is accessing a whitelist of Web sites or receive an MMS without deductions.

"The problem is detection when the user when accessing the Internet, sending a HTTP request to the server, billing system is accessed through testing request header to tell the user white list in the Web site or receive MMS. But billing requests information from users of the system, this information is from the user, cheating can be achieved by customizing the information charging detection purposes of traffic-free Internet access. "The vulnerability announcement said.

Cloud also said in the bulletin, vulnerability to expand, will make carrier loss is too large. Said Fu Liang for Beijing, IT channels, independent telecommunications industry analyst, Telecom billing systems may have a BUG, the foregoing may exist, but this is not a vulnerability, had little effect. Fosun confirmed Guo guangchang is assisting the