A hacker from Pakistan yesterday unveiled a critical vulnerability in Telenor Pakistan’s website that could be exploited to find out handset related information of Telenor’s entire customer base.
Instead of mis-using this vulnerability in Telenor’s system, the hacker decided to report the bug to Telenor Pakistan — through ProPakistani — which was eventually fixed by Telenor later in the evening.
Through this specific security flaw anyone, with little computing knowledge, could find out the handset model of Telenor number holders. Additionally, the IMEI number, IMSI, ICCID numbers could also be displayed to anyone. With this bug, anyone could blacklist a Telenor number.
By simply entering the Telenor number of a customer into the system, anyone could find out the history of mobile phone models that the customer had used during his relationship with Telenor Pakistan.
Hacker, who wants to remain anonymous, told ProPakistani that he had found this vulnerability while browsing the website, exposing that anyone could have found the bug and had mis-used this serious bug to find out information of Telenor customers.
Responding to ProPakistani’s query on the matter, Ms. Atifa Asghar, Director Corporate Communications & Responsibility, Telenor Pakistan said that her company places a strong emphasis on confidentiality, privacy and security of data.
“Yesterday, we became aware that through a particular mechanism it had become possible to extract handset related information like IMEI”.
Atifa Asghar, Director Communications, Telenor Pakistan.
“Yesterday, we became aware that through a particular mechanism it had become possible to extract handset related information like IMEI. We immediately investigated the matter and took timely remedial measures to plug this breach”, said Atifa Asghar.
Recent hacking of Telenor’s website and emergence of above-mentioned security flaw pose serious threats to customers’ private and confidential data that can go into wrong hands due to (apparently) thin security of cellular companies’ websites.
Atifa, however, reassured that safeguarding customers’ personal information and data is an integral component of Telenor values and philosophy.