Airtel Kenya - compromised systems or backdoor access?
At the risk of being called naive (because I haven't done deeper research on how the alleged $subject is achieved), I'd like to know if there is someone else who thinks like me - that there is a problem at Airtel. I happen to have an Airtel phone number that I believe is perhaps one of the easiest to pick from a random pool (?) - 0732000004 (should I care about privacy?). In a week, I get at least 5 calls from the Mulot ICT Hub guys who are intent on either wiping clean my non-existent Airtel Money balance or they just want to take away my number (even though it's duly registered). I love playing games with these Mulot guys, but one thing has always gotten me intrigued: How they are able to generate OTPs instantly - from the Airtel systems, or some systems mimicking Airtel systems. All the OTPs they send to me in the process of trying to achieve their objectives (whatever it is), do come from (I believe) Airtel Systems - because on my phone, they are threaded together with messages that I do receive from Airtel. And my question then is - how is that possible without them having access to the Airtel system (that generates the OTP) either via a compromise or a deliberately provided backdoor (by an insider collaborator)? And what can I do to mitigate this? The best Airtel has always done is to send me an SMS advising that I should not share my details with anyone, even an Airtel employee and that official calls from Airtel can only originate from a specific number. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
Wash, I have a suspicion they have insider help and / or knowledge. Regards, Alex On Tue, Jan 10, 2023 at 5:38 PM Odhiambo Washington via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
At the risk of being called naive (because I haven't done deeper research on how the alleged $subject is achieved), I'd like to know if there is someone else who thinks like me - that there is a problem at Airtel. I happen to have an Airtel phone number that I believe is perhaps one of the easiest to pick from a random pool (?) - 0732000004 (should I care about privacy?). In a week, I get at least 5 calls from the Mulot ICT Hub guys who are intent on either wiping clean my non-existent Airtel Money balance or they just want to take away my number (even though it's duly registered). I love playing games with these Mulot guys, but one thing has always gotten me intrigued: How they are able to generate OTPs instantly - from the Airtel systems, or some systems mimicking Airtel systems. All the OTPs they send to me in the process of trying to achieve their objectives (whatever it is), do come from (I believe) Airtel Systems - because on my phone, they are threaded together with messages that I do receive from Airtel. And my question then is - how is that possible without them having access to the Airtel system (that generates the OTP) either via a compromise or a deliberately provided backdoor (by an insider collaborator)? And what can I do to mitigate this? The best Airtel has always done is to send me an SMS advising that I should not share my details with anyone, even an Airtel employee and that official calls from Airtel can only originate from a specific number.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
Unsubscribe or change your options at %(user_optionsurl)s
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
Correct, I not sure if the ODPC has jurisdiction but they may just be what is needed to nip this issue in the bud. Best Regards On Tue, 10 Jan 2023, 7:31 pm Alex Watila via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
Wash, I have a suspicion they have insider help and / or knowledge.
Regards,
Alex
On Tue, Jan 10, 2023 at 5:38 PM Odhiambo Washington via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
At the risk of being called naive (because I haven't done deeper research on how the alleged $subject is achieved), I'd like to know if there is someone else who thinks like me - that there is a problem at Airtel. I happen to have an Airtel phone number that I believe is perhaps one of the easiest to pick from a random pool (?) - 0732000004 (should I care about privacy?). In a week, I get at least 5 calls from the Mulot ICT Hub guys who are intent on either wiping clean my non-existent Airtel Money balance or they just want to take away my number (even though it's duly registered). I love playing games with these Mulot guys, but one thing has always gotten me intrigued: How they are able to generate OTPs instantly - from the Airtel systems, or some systems mimicking Airtel systems. All the OTPs they send to me in the process of trying to achieve their objectives (whatever it is), do come from (I believe) Airtel Systems - because on my phone, they are threaded together with messages that I do receive from Airtel. And my question then is - how is that possible without them having access to the Airtel system (that generates the OTP) either via a compromise or a deliberately provided backdoor (by an insider collaborator)? And what can I do to mitigate this? The best Airtel has always done is to send me an SMS advising that I should not share my details with anyone, even an Airtel employee and that official calls from Airtel can only originate from a specific number.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
Unsubscribe or change your options at %(user_optionsurl)s
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
Unsubscribe or change your options at %(user_optionsurl)s
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
I think there is a way of masking the originating number and replacing the identity with a name, such as Airtel (and number as well?) ensuring that on your side the communication is threaded together with Airtel. I think it would be really sloppy of them to consistently contact you fraudulently as they risk their own exposure. On Wed, Jan 11, 2023 at 7:16 AM Barrack Otieno via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
Correct,
I not sure if the ODPC has jurisdiction but they may just be what is needed to nip this issue in the bud.
Best Regards
On Tue, 10 Jan 2023, 7:31 pm Alex Watila via KICTANet, < kictanet@lists.kictanet.or.ke> wrote:
Wash, I have a suspicion they have insider help and / or knowledge.
Regards,
Alex
On Tue, Jan 10, 2023 at 5:38 PM Odhiambo Washington via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
At the risk of being called naive (because I haven't done deeper research on how the alleged $subject is achieved), I'd like to know if there is someone else who thinks like me - that there is a problem at Airtel. I happen to have an Airtel phone number that I believe is perhaps one of the easiest to pick from a random pool (?) - 0732000004 (should I care about privacy?). In a week, I get at least 5 calls from the Mulot ICT Hub guys who are intent on either wiping clean my non-existent Airtel Money balance or they just want to take away my number (even though it's duly registered). I love playing games with these Mulot guys, but one thing has always gotten me intrigued: How they are able to generate OTPs instantly - from the Airtel systems, or some systems mimicking Airtel systems. All the OTPs they send to me in the process of trying to achieve their objectives (whatever it is), do come from (I believe) Airtel Systems - because on my phone, they are threaded together with messages that I do receive from Airtel. And my question then is - how is that possible without them having access to the Airtel system (that generates the OTP) either via a compromise or a deliberately provided backdoor (by an insider collaborator)? And what can I do to mitigate this? The best Airtel has always done is to send me an SMS advising that I should not share my details with anyone, even an Airtel employee and that official calls from Airtel can only originate from a specific number.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
Unsubscribe or change your options at %(user_optionsurl)s
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
Unsubscribe or change your options at %(user_optionsurl)s
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
_______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
Unsubscribe or change your options at %(user_optionsurl)s
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
-- ----------------------------------------- A KEBS 9001:2015 Certified Organization, No. KEBS/QMS/RF:064 Rev. 03
On Wed, Jan 11, 2023 at 10:44 AM Clifford Gulu Nderi via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
I think there is a way of masking the originating number and replacing the identity with a name, such as Airtel (and number as well?) ensuring that on your side the communication is threaded together with Airtel.
I was thinking that would apply only IF I have a contact number for an entity named Airtel, no? But if it's possible, then the SMS provider is committing an illegal act (impersonation?) and so should face legal action from the regulator.
I think it would be really sloppy of them to consistently contact you fraudulently as they risk their own exposure.
Even IF they constantly change the numbers, the next question would be - are those numbers registered? To whom? If there was an entity interested in tackling these issues, all they would do is look at my incoming call logs (on the Airtel line) as well as the SMSes purporting to come from Airtel (if the masking is actually happening). -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
It can happen even when you do not have a contact named Airtel. I remember a long time ago there was an online service for sending free sms's and one of the features was that you could define the name that would be displayed on the recipient's side. The recipient would then receive the texts with the sender id displaying the name you had defined. This service is of course no longer available to the public however the possibility might still be there. On Wed, Jan 11, 2023 at 11:49 AM Odhiambo Washington via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
On Wed, Jan 11, 2023 at 10:44 AM Clifford Gulu Nderi via KICTANet < kictanet@lists.kictanet.or.ke> wrote:
I think there is a way of masking the originating number and replacing the identity with a name, such as Airtel (and number as well?) ensuring that on your side the communication is threaded together with Airtel.
I was thinking that would apply only IF I have a contact number for an entity named Airtel, no? But if it's possible, then the SMS provider is committing an illegal act (impersonation?) and so should face legal action from the regulator.
I think it would be really sloppy of them to consistently contact you fraudulently as they risk their own exposure.
Even IF they constantly change the numbers, the next question would be - are those numbers registered? To whom? If there was an entity interested in tackling these issues, all they would do is look at my incoming call logs (on the Airtel line) as well as the SMSes purporting to come from Airtel (if the masking is actually happening).
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-) _______________________________________________ KICTANet mailing list -- kictanet@lists.kictanet.or.ke To unsubscribe send an email to kictanet-leave@lists.kictanet.or.ke
Mailing List Posts Online: https://posts.kictanet.or.ke/
Twitter: https://twitter.com/KICTANet/ Facebook: https://www.facebook.com/KICTANet/ Instagram: https://www.instagram.com/KICTANet/ LinkedIn: https://www.linkedin.com/company/kictanet/ YouTube: https://www.youtube.com/channel/UCbcLVjnPtTGBEeYLGUb2Yow/
Unsubscribe or change your options at %(user_optionsurl)s
KICTANet is a multi-stakeholder Think Tank for people and institutions interested and involved in ICT policy and regulation. KICTANet is a catalyst for reform in the Information and Communication Technology sector. Its work is guided by four pillars of Policy Advocacy, Capacity Building, Research, and Stakeholder Engagement.
KICTANetiquette : Adhere to the same standards of acceptable behaviors online that you follow in real life: respect people's times and bandwidth, share knowledge, don't flame or abuse or personalize, respect privacy, do not spam, do not market your wares or qualifications.
KICTANet - The Power of Communities, is Kenya's premier ICT policy engagement platform.
-- ----------------------------------------- A KEBS 9001:2015 Certified Organization, No. KEBS/QMS/RF:064 Rev. 03
On Wed, Jan 11, 2023 at 11:55 AM Clifford Gulu Nderi <cliffnderi@uonbi.ac.ke> wrote:
It can happen even when you do not have a contact named Airtel. I remember a long time ago there was an online service for sending free sms's and one of the features was that you could define the name that would be displayed on the recipient's side. The recipient would then receive the texts with the sender id displaying the name you had defined. This service is of course no longer available to the public however the possibility might still be there.
Let me try and see IF I can raise this issue on a serious note with Airtel and see what they think. I have never had the motivation to because I don't fall under the vulnerable group. It's just the bother bit.
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
participants (4)
-
Alex Watila -
Barrack Otieno -
Clifford Gulu Nderi -
Odhiambo Washington