Open server with lots of explosive content
The US Vovox company claims that it deals with communications services for corporate customers and also offers SMS delivery to over 180 countries. As Techchrunch reports now, it was exactly about this SMS service that it found an ugly discovery about. The Berlin security researcher found that an unassigned server was on the net, where the provider's complete SMS database was stored.
Infographic: verify two ways
According to the report, there were around 26 million text messages found on the server that is accessible to all. Thanks to the integration of Kibana ahead and Elastic Elasticsearch search, it was very easy to search the name and telephone number as well as the content of the submitted data. As can be seen in a first review of the list, it contains a very explosive.
So, under the news, clear text passwords could be found, the Chinese dating service Badoo has been sent to a customer. In addition, there are no codes that have been sent to validate two factors, ranging from Google accounts to corporate networks.
Bronze in real time
Especially explosive: As Techcrunch noted, the data was given to the public database almost in real time, allowing attackers to read the content at the same time or even in front of the user – for example use a verification code for their own purposes,
Heise received confirmation from Vovox on request confirming the event: "The vulnerability would allow unacceptable people to access text messages sent by our network or network," he said. the statement. After becoming known, there was the "stuffed stuff" within minutes. An investigation did not disclose any compromise by a third party.
2010-11-20T13: 20: 00 + 01: 00John Wool