If you are a company will millions of users, it is usually expected that you would ensure fool-proof security of your user’s accounts. A developer has now claimed that Virgin Mobile USA entirely fails on this front, citing a very basic security vulnerability in the company’s website.
Kevin Burke says that when he first came across the vulnerability, he contacted Virgin Mobile USA directly. However, after numerous to-and-fro communications, the company didn’t do anything to eliminate the vulnerability. It was then that Burke took to venting on his own blog.
Burke cites that when signing up for a user account at Virgin Mobile USA’s site, you have to choose a 6-digit password. When it comes to passwords, the popular tech wisdom is ‘the longer, the better.’ The smaller a passwords is, it is easier to crack. For a six-digital password, there are a total of one million combinations.
That may sound a lot but with a rather basic code, these one million combinations can be sifted through in virtually no time. The technique is called brute force. Burke tested the technique by trying to break into his own account and not surprisingly, he succeeded without any trouble.
The worst part is that once you are signed into an account, you can check out the SMS and call logs, purchase a new handset, change the billion address and make a whole lot of other changes. For an account offering such breadth of features, the security certainly ought to be much better. Virgin Mobile hasn’t yet responded to Burke’s blog post.
- 2014-04-14: Tesla Model S Owners Hack Own Cars, Discover Ubuntu
- 2014-04-01: LinkedIn Email Addresses Exposed Via Browser Plug-In Software
- 2014-03-30: Tesla Vehicles Can Be Hacked To Unlock The Car Remotely
- 2014-03-20: Facebook’s Hack Programming Language Aims To Deliver Faster Coding Process
- 2014-03-12: NSA Dressed Up As Facebook To Infect PCs With Malware
- 2013-12-19: Researchers Listen To Computer CPU Sounds In Order To Crack Encryption Code
- 2013-12-18: Researchers Discover Method To Hack The MacBook's iSight Camera
- 2013-12-06: New Website Helps Users Check If Their Email Account Has Been Hacked
- 2013-04-11: Hacker Claims To Have Developed Android App That Can Hack Into Aircrafts
- 2012-09-04: Apple UDID Leak: Why Does It Matter?