Go Back   Android Forums > Android Carriers > Virgin Mobile

Like Tree2Likes
  • 1 Post By rcsrich
  • 1 Post By MacFett

test: Reply
 
LinkBack Thread Tools
Old September 18th, 2012, 05:50 AM   #1 (permalink)
Senior Member
Thread Author (OP)
 
Join Date: Jun 2012
Posts: 652
 
Device(s): LG-VM696: CM9, XT1049: 4.2.2, GT-P6210MAYXAR: CM10, CWM6
Carrier: Not Provided

Thanks: 182
Thanked 214 Times in 162 Posts
Default [ARTICLE] Virgin Mobile accounts are easy to hack

Wired.com - Virgin Mobile Shrugs as Coder Warns Accounts Are Easily Hijacked
Virgin Mobile Shrugs as Coder Warns Accounts Are Easily Hijacked | Threat Level | Wired.com

More details:
http://kev.inburke.com/kevin/open-season-on-virgin-mobile-customer-data/

Advertisements
ktb83 is offline  
Last edited by ktb83; September 18th, 2012 at 06:36 AM.
Reply With Quote
sponsored links
Old September 18th, 2012, 06:21 AM   #2 (permalink)
Psychotic Female
 
Petrah's Avatar
 
Join Date: Jun 2011
Location: Hanover Park, IL
Gender: Female
Posts: 4,080
 
Device(s): GE Galaxy S4 CM 11 | GSM Galaxy Nexus CM 11 | G-Note 10.1 2014
Carrier: Straight Talk

Thanks: 1,152
Thanked 1,440 Times in 925 Posts
Default

We already knew VM USA's security was terrible. Where's that other thread...
__________________
Forum Rules & Guidelines & Zero Tolerance Policy
Agree with a post? Hit Like! Someone help you? Hit Thanks!
See a naughty post or a thread in the wrong area? Hit Report!
Petrah is offline  
Reply With Quote
Old September 18th, 2012, 06:38 AM   #3 (permalink)
Senior Member
Thread Author (OP)
 
Join Date: Jun 2012
Posts: 652
 
Device(s): LG-VM696: CM9, XT1049: 4.2.2, GT-P6210MAYXAR: CM10, CWM6
Carrier: Not Provided

Thanks: 182
Thanked 214 Times in 162 Posts
Default

Quote:
Originally Posted by Petrah View Post
We already knew VM USA's security was terrible. Where's that other thread...
It is clearly bad. I wouldn't have guessed it was this bad!

Rate-limiting relying only on cookies? WTF?
ktb83 is offline  
Reply With Quote
Old September 18th, 2012, 08:41 AM   #4 (permalink)
Senior Member
 
Join Date: Jun 2012
Location: Virginia, USA
Posts: 772
 
Device(s): Samsung GS3 stock, Nexus 7 stock, Nook Color CM 10.1,
Carrier: T-Mobile

Thanks: 125
Thanked 120 Times in 101 Posts
Default

Quote:
Originally Posted by Petrah View Post
We already knew VM USA's security was terrible. Where's that other thread...
Yeah- and now every idiot in the world knows just how poor their security is.

Yay.
rcsrich is offline  
Reply With Quote
Old September 19th, 2012, 09:54 AM   #5 (permalink)
Psychotic Female
 
Petrah's Avatar
 
Join Date: Jun 2011
Location: Hanover Park, IL
Gender: Female
Posts: 4,080
 
Device(s): GE Galaxy S4 CM 11 | GSM Galaxy Nexus CM 11 | G-Note 10.1 2014
Carrier: Straight Talk

Thanks: 1,152
Thanked 1,440 Times in 925 Posts
Default

Quote:
Originally Posted by ktb83 View Post
It is clearly bad. I wouldn't have guessed it was this bad!

Rate-limiting relying only on cookies? WTF?

Any company that asks for your pin number in emails, on Facebook, or on Twitter is bad. We tried to warn everyone before (in another thread) but no one would listen.
Petrah is offline  
Reply With Quote
Old September 19th, 2012, 09:57 AM   #6 (permalink)
Senior Member
 
Join Date: Jun 2012
Posts: 1,720
 
Device(s): Moto X, Nexus 5, Nokia Lumia 520, iPad Air, Nook HD+, HP Touchpad w/ CM10 and Nook Color (previous
Carrier: T-Mobile

Thanks: 129
Thanked 579 Times in 375 Posts
Default

I find it interesting I've been unable to get to the "My Account" page on the VM website since yesterday.
mogelijk is offline  
Reply With Quote
Old September 19th, 2012, 10:23 AM   #7 (permalink)
Member
 
Join Date: Mar 2011
Location: New York City
Posts: 135
 
Device(s): Samsung Galaxy S3, Asus TF300
Carrier: Virgin Mobile

Thanks: 58
Thanked 16 Times in 16 Posts
Default

Quote:
Originally Posted by mogelijk View Post
I find it interesting I've been unable to get to the "My Account" page on the VM website since yesterday.
I still can. I did get a "service overload, try again" page. Try refresh the page.


I wouldn't be surprised if the hacking has begun.
hchen42 is offline  
Reply With Quote
Old September 19th, 2012, 10:38 AM   #8 (permalink)
Senior Member
 
Join Date: Jun 2012
Location: Virginia, USA
Posts: 772
 
Device(s): Samsung GS3 stock, Nexus 7 stock, Nook Color CM 10.1,
Carrier: T-Mobile

Thanks: 125
Thanked 120 Times in 101 Posts
Default

Quote:
Originally Posted by hchen42 View Post
I still can. I did get a "service overload, try again" page. Try refresh the page.


I wouldn't be surprised if the hacking has begun.
Excellent! Uh, I mean bogus...
hchen42 likes this.
rcsrich is offline  
Reply With Quote
Old September 19th, 2012, 10:47 AM   #9 (permalink)
Senior Member
 
Join Date: Jun 2012
Location: Virginia, USA
Posts: 772
 
Device(s): Samsung GS3 stock, Nexus 7 stock, Nook Color CM 10.1,
Carrier: T-Mobile

Thanks: 125
Thanked 120 Times in 101 Posts
Default

...and still no reply from VM as to if they will fix the issue. Classy.
rcsrich is offline  
Reply With Quote
Old September 22nd, 2012, 10:21 PM   #10 (permalink)
Senior Member
 
MacFett's Avatar
 
Join Date: Mar 2011
Location: Sietch Tabr
Gender: Male
Posts: 3,225
 
Device(s): OnePlus One (Stock CM 11) & Samsung Galaxy Tab3 8" (CM11)
Carrier: T-Mobile

Thanks: 389
Thanked 738 Times in 558 Posts
Default

Quote:
Originally Posted by Petrah View Post
Where's that other thread...
Ta-dah! Do you divulge your PIN to VM customer care?

I specifically do not keep a card on file with VMU because of this.
Petrah likes this.
__________________
Sign up for dropbox and we each get a bonus 500megs

"The world is indeed comic, but the joke is on mankind," H.P. Lovecraft 1890-1937
MacFett is offline  
Reply With Quote
sponsored links
Old September 23rd, 2012, 08:53 AM   #11 (permalink)
Member
 
Join Date: May 2012
Location: Virginia
Posts: 376
 
Device(s): Nexus 4,GSM GNex
Carrier: Not Provided

Thanks: 7
Thanked 62 Times in 49 Posts
Default

Someone in the comments noted that they disallow PINs with the same digit repeated 3 times. For anyone else similarly pedantic, that reduces the combinations by 35,919.
aurora40 is offline  
Reply With Quote
Old September 23rd, 2012, 10:42 AM   #12 (permalink)
Psychotic Female
 
Petrah's Avatar
 
Join Date: Jun 2011
Location: Hanover Park, IL
Gender: Female
Posts: 4,080
 
Device(s): GE Galaxy S4 CM 11 | GSM Galaxy Nexus CM 11 | G-Note 10.1 2014
Carrier: Straight Talk

Thanks: 1,152
Thanked 1,440 Times in 925 Posts
Default

Quote:
Originally Posted by aurora40 View Post
Someone in the comments noted that they disallow PINs with the same digit repeated 3 times. For anyone else similarly pedantic, that reduces the combinations by 35,919.
Doesn't matter. A piece of software can sit there and guess numbers at lightening speed. Only someone who didn't know what they're doing is going to sit there and manually try to guess a 6 digit pin number.


Try any 6 digit number combination here: How Secure Is My Password?
Petrah is offline  
Reply With Quote
Old September 23rd, 2012, 12:47 PM   #13 (permalink)
Member
 
Join Date: May 2012
Location: Virginia
Posts: 376
 
Device(s): Nexus 4,GSM GNex
Carrier: Not Provided

Thanks: 7
Thanked 62 Times in 49 Posts
Default

Quote:
Originally Posted by Petrah View Post
Doesn't matter. A piece of software can sit there and guess numbers at lightening speed. Only someone who didn't know what they're doing is going to sit there and manually try to guess a 6 digit pin number.
I didn't suggest a 6 digit PIN was secure. I was simply curious how many of the 1,000,000 combos were excluded by the restriction that you not have 3 of the same digit in a row.

I'm aware of how quickly a computer can programatically walk through 1,000,000 numbers, as I wrote a quick one-liner to come up with the 35,919 number vs try to recall my days in Discrete Mathematics as an undergrad.

With the article from the OP using a 1-sec per try, that would save about 9 1/2 hours.
aurora40 is offline  
Last edited by aurora40; September 23rd, 2012 at 12:50 PM.
Reply With Quote
Old September 23rd, 2012, 03:41 PM   #14 (permalink)
Psychotic Female
 
Petrah's Avatar
 
Join Date: Jun 2011
Location: Hanover Park, IL
Gender: Female
Posts: 4,080
 
Device(s): GE Galaxy S4 CM 11 | GSM Galaxy Nexus CM 11 | G-Note 10.1 2014
Carrier: Straight Talk

Thanks: 1,152
Thanked 1,440 Times in 925 Posts
Default

My boyfriend is a programmer by trade (works his business from our home)... I honestly dunno how you guys do that math. Just looking at it makes my head implode.
Petrah is offline  
Reply With Quote
Reply


Go Back   Android Forums > Android Carriers > Virgin Mobile
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -5. The time now is 10:07 PM.
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.