Skip to main content

How to make money from google and microsoft


Smart hackers could exploit a loophole that could allow them to steal a significant amount of cash from Google, Microsoft and Instagram using a Premium rate phone number.

Security researcher Arne Swinnen from Belgium has discovered an ingenious way to steal money from big tech companies like Google, Microsoft, and Instagram using their two-factor authentication (2FA) voice-based token distribution systems.

Swinnen argues that any attacker with malicious intent could create fake Google, Microsoft or Instagram accounts, as well as premium phone services, and then link them together.

The attacker could then request 2FA voice-based tokens for all fake accounts using an automated scripts, placing legitimate phone calls to his service to earn him quite a nice profit.

Swinnen created accounts on Google, Microsoft Office 365 and Instagram and then tied them to a premium phone number instead of a regular one.

As a result, whenever one of these three services would call the account's phone number to send the user their account access code, the premium number would register an incoming call and bill the companies.

"They all offer services to supply users with a token via a computer-voiced phone call, but neglected to properly verify whether supplied phone numbers were legitimate non-premium numbers," Swinnen says in his blog.

"This allowed a dedicated attacker to steal thousands of EUR/USD/GBP/... Microsoft was exceptionally vulnerable to mass exploitation by supporting virtually unlimited concurrent calls to one premium number."


Although the Swinnen reported the loophole to all the three companies, he calculated that he could have stolen €432,000 per year from Google, €669,000 per year from Microsoft and €2,066,000 per year from Instagram.

You can learn more technical details about the hack in Swinnen's blog post.

Although no customer data was being put at risk through his hack, Facebook (who owns Instagram) and Microsoft rewarded Swinnen with $2000 and $500 via their bug bounty programs, while Google mentioned his name in the company's Hall of Fame.

Comments

Post a Comment

Popular posts from this blog

Kali linux android simply amazing

How to Install and run Kali Linux on any Android Smartphone TUTORIAL FOR INSTALLING AND RUNNING KALI LINUX ON ANDROID SMARTPHONES AND TABLETS Kali Linux is one the best love operating system of white hat hackers, security researchers and pentesters. It offers advanced penetration testing tool and its ease of use means that it should be a part of every security professional’s toolbox. Penetration testing involves using a variety of tools and techniques to test the limits of security policies and procedures. Now a days more and more apps are available on Android operating system for smartphones and tablets so it becomes worthwhile to have  it on your smartphone as well. Kali Linux on Android smartphones and tablets allows researchers and pentesters to perform ” security checks” on things like cracking wep Wi-Fi passwords, finding vulnerabilities/bugs or cracking security on websites.  This opens the door to doing this from a mobile device such a...
Post a Comment
Read more

What is DNS

D NS stands for Domain Name System is used to as the medium to translate domain names to their respective IP addresses when a client initiates a request query. DNS stores the database of all the domain names and their IP addresses which are registered on the network. Most of us are quite familiar with the term DNS or Domain Name System. DNS can be thought of as an attendance register for various websites present over the internet. In the case of DNS, it maintains the database of all the websites Domain Names and their IP (Internet Protocol) addresses that are operational all over the world. Historical Notes The origins of DNS date back to the time of the ARPANET  when there were only a few computers to get an entry in the database. A HOSTS.TXT file was maintained by Stanford Research Institute, which constituted the data of all the machines, and was copied by all the host machines to remain updated. Jon Postel from the Information Sciences Institute requested Pau...
Post a Comment
Read more

How tor works

 Using the publicly available data, data visualization software firm Uncharted has prepared TorFlow — a map for visualizing how TOR’s data looks as it flows all across the world. It shows TOR network’s node and data movements based on the IP addresses of relays bouncing around the connections of users to avoid spying. TOR is the world’s most widely used tool for anonymity purposes . It has grown into a powerful network that’s spread all over the world. Surprisingly, the TOR project is transparent about the location of the TOR nodes and thousands of machines that power the network. This non-profit organization frequently published an updated list about the bandwidth and location of the computers and data centers spread all across the world. Using the same public data,  TorFlow  maps the TOR network’s nodes and data flow all around the world. This data movement is measured based on the IP addresses and bandwidth of the relay computers bouncing around the...
Post a Comment
Read more