3G hack 'as easy as porridge'?

Using 3G for a few minutes has lost nearly 100 thousand VND or 3G access ' suddenly skyrocketed ' ., these are the ' bad crying ' situations of victims who have hacked 3G accounts.

Losing money cannot be explained

Everyday, Ms. Minh (Hai Ba Trung, Hanoi) often uses the E71 to browse the web, synchronizing email via 3G network. At the beginning of the afternoon, when checking her account, she could not help being " stunned " when she received a notification of only 0 dong left in her account. Ms. Minh said that she had just loaded her account for VND100,000 a day and only used her phone to access each Facebook.

In the same situation as Mrs. Minh, Mr. Tuan, who works at a media company, said he only uses his BlackBerry Bold 9000 phone to sync email. Normally, he only has to spend more than VND100,000 a month to use 3G services, but for some reason, this month's 3G fee is nearly VND 1 million.

Talking to Vietnam Post Newspaper, Mr. Nguyen Minh Duc, BKIS Network Security Manager said that these cases may have been attacked by hackers through 3G vulnerabilities of the network.

To prove, Mr. Duc used his mobile phone Nexus One as a victim and a computer with pre-installed tools that hackers often use to hack 3G. Before conducting a 3G hack test, the phone account has more than 33 thousand VND. First, Mr. Duc conducted an email from computer to mobile. A special feature in this email is that in addition to the usual content, it also inserts an image file of extremely small size, enough for users to not see the difference compared to other emails. But when the mail is opened, all information such as IP address, operating system name . of the Nexus One is included in the log file on the computer. After acquiring the IP address, Mr. Duc has repeatedly conducted packets to the mobile phone. After only 5 minutes of attack, the victim's account balance is about 29,000 VND. Thus, 5 thousand VND in the account has been exploited by hackers even though the user has not used it.

Hackers can attack on a large scale?

According to Duc, the test is just a type of attack with a specific victim. In fact, for a costly attack, hackers often use it to attack on a large scale using a scanner tool (the tool is often used to scan computers, holes in the LAN, service ports) to scan 3G network information such as IP address, operating system name, open service ports of connected computers and phones at the same time. After that, Mr. Duc conducted a test of 1000 IP strips and up to 6 computers and mobile phones were accessing 3G. Since then, hackers will attack simultaneously and how many computers and phones are being connected, each of which will lose money. In addition, the tools that hackers often use to hack 3G are the tools used for LAN available on the Internet because when connecting to 3G networks, all computers and mobile will be like a LAN.

However, in order to attack computers and phones simultaneously, even hackers themselves will have to send out packets and lose money like victims. Therefore, hackers often choose to register using VinaPhone's U1 package (VND 12,000 a day and unlimited traffic usage) to implement 3G hack behavior. ' With only 5 minutes, the mobile has lost 5 thousand VND in the account. If hackers continue to attack on a large scale in a day, the total amount of money that 3G customers have been appropriated will be very large , 'Duc said.

When asked how this kind of money-losing attack will cause consequences, Mr. Duc said: 'A cost-effective attack will create unnecessary conflicts between customers and suppliers. It will create a psychological panic for users because they have to pay unjustly money without using and disturbing the operation of the network because both sides cannot explain the cause of customer charges. increase so fast '.

Viettel: Bkis is misunderstanding the problem

Talking to reporter Bao Viet, Mr. Pham Dinh Truong, Deputy Director of Viettel Network Company acknowledged that it is easy for hackers to use the Scanner tool to detect IP addresses. ' However, if just looking at the IP address will not solve the problem, because when 3G subscribers use dynamic IP, each connection will be a different address, will be harder to attack than with the use of static IP ', Mr. Truong said.

Mr. Truong also emphasized: If Bkis thinks that 3G networks of network operators are like an unmanaged giant LAN, in which network servers and client terminals are equal then Bkis does not understand the nature of the problem of telecommunications. Because whether it is ADSL (wired) service or 3G broadband service (wireless), the service providers all use very advanced Network Access Server devices, which allows managing multiple subscribers. accessible. That is, all ADSL or 3G networks go through a Network Access Server device, which is completely different from a device like a switch of a normal LAN. The nature of the service delivery systems that Viettel or Vietnamese carriers like VinaPhone and MobiFone are using are bought from the largest suppliers in the world and the use of 3G by Vietnamese people is similar. as many developed countries in the world. Regarding security issues for users, Mr. Truong said that the network with its responsibility will coordinate with State agencies and security organizations to implement possible measures to protect people. use.