Ethiopian Telecoms System Has Critical Security Flaws

Uploaded on 2020-12-14 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A white-hat hacker has recently found a critical security flaw on Ethiopia’s Ethio Telecom servers that makes it possible for a hacker to control the entire Ethiopian GSM communication system.

'Sisay Sorsa' is a security researcher and white-hat hacker who has found a critical security flaw on Ethio Telecom servers. He told Cyber Security Intelligence that he accessed the system by writing a python script to make a proof of concept and that now he can exploit the entire Ethio Telecom network and has explained that she now will help the company reduce the risks and help them solve the problem. 

The hacker says it is possible to almost completely access each and every SIM cards (phone numbers) and to steal by making money transfers, pay bills and buy packages from every phone number. All of this is an extremely dangerous vulnerability on the apparently secured Ethio Telecom infrastructure.

Current news reports claim Ethiopia is planning to sell a 45% stake in Ethio Telecom, the monopoly player at the centre of the country’s ICT liberalisation strategy. The latest development, reported by Reuters, quoted an adviser to the state minister of finance, who confirmed that the sale is back on the table. The transaction is expected to take nine months and tenders for two new operating licences will be issued in December, a process in itself expected to take three to four months. “It is 40% to all interested bidders and 5% will be dedicated to Ethiopians. The 55% will remain with the government of Ethiopia,” Brook Taye, senior adviser at the ministry of finance, told media.

The telecom service was introduced in Ethiopia by Emperor Menelik II in 1894 during the commencement of the telephone line installation from Harar to Addis Ababa. Then the inter-urban network was expanded in all other directions from the capital and many important centers in the Empire were interconnected by landlines to facilitate long-distance communications with the help of intermediate operators acting as verbal human repeaters.

Ethio telecom was created in November 2010, with the aim of helping the steady growth of the country and now has over 48 million users.

Sisay Sorsa told us "My next move would be to help them to patch these critical security flaws before they are exploited and attacked by other cyber-terrorist or blackhat hackers"  ​

UPDATE:  Sisay Sorsa has since contacted us to say that to date he has had no response to his report to the Ethiopian Informatiom Network Security Agency (INSA), which included a screenshot of the vulnerable server host IP address. He says that Ethio Telecom has now shutdown its service for every client side application, used by almost 48 million  users. "...the  vulnerability still exist. This is too weird they decided to shut down the service instead of patching the security flaw and making there customers safe and secure."

Ethio Telecom:      Capacity Media:      The Africa Report:  

You Might Also Read:  

Who Do You Trust With Your Personal Data?

 

« US Government Agencies Under Attack
The Personal Data Being Used To Get Your Vote »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

European Internet Forum (EIF)

European Internet Forum (EIF)

EIF’s mission is to help provide European political leadership for the political, economic and social challenges of the worldwide digital transformation.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

Applause

Applause

Applause provides real-world software testing for functionality, usability, accessibility, load, localization and security.

Protiviti

Protiviti

Protiviti consulting solutions span critical business problems in technology, business process, analytics, risk, compliance, transactions and internal audit.

LaoCERT

LaoCERT

LaoCERT is the national Computer Incident Response Team for Laos.

Eco Recycling (Ecoreco)

Eco Recycling (Ecoreco)

Eco Recycling is India's first and leading professional E-waste Management Company that has set industry benchmarks with its innovative & environment friendly disposal practices.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

Global Accelerator Network (GAN)

Global Accelerator Network (GAN)

Global Accelerator Network are a highly curated community of independent Accelerators, Partners and Investors.

Connectria

Connectria

Connectria provides cloud hosting, remote monitoring, and compliant cloud security solutions and services to enterprises, medium and small businesses.

Fortiphyd Logic

Fortiphyd Logic

Fortiphyd Logic equips operators of the power grid, oil & gas, and other critical infrastructure with the tools and training they need to defend their industrial networks from advanced cyberattacks.

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professionals advocating for more effective cyber security solutions.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.

Realm.Security

Realm.Security

Realm.Security is pioneering the creation of an easy-to-implement, simple-to-use security fabric solution that is purpose-built for cybersecurity.

Assurestor

Assurestor

Assurestor's singular focus is delivering leading cloud-based backup and disaster recovery designed to increase levels of IT resilience.