Ethiopian Telecoms System Has Critical Security Flaws
A white-hat hacker has recently found a critical security flaw on Ethiopia’s Ethio Telecom servers that makes it possible for a hacker to control the entire Ethiopian GSM communication system.
'Sisay Sorsa' is a security researcher and white-hat hacker who has found a critical security flaw on Ethio Telecom servers. He told Cyber Security Intelligence that he accessed the system by writing a python script to make a proof of concept and that now he can exploit the entire Ethio Telecom network and has explained that she now will help the company reduce the risks and help them solve the problem.
The hacker says it is possible to almost completely access each and every SIM cards (phone numbers) and to steal by making money transfers, pay bills and buy packages from every phone number. All of this is an extremely dangerous vulnerability on the apparently secured Ethio Telecom infrastructure.
Current news reports claim Ethiopia is planning to sell a 45% stake in Ethio Telecom, the monopoly player at the centre of the country’s ICT liberalisation strategy. The latest development, reported by Reuters, quoted an adviser to the state minister of finance, who confirmed that the sale is back on the table. The transaction is expected to take nine months and tenders for two new operating licences will be issued in December, a process in itself expected to take three to four months. “It is 40% to all interested bidders and 5% will be dedicated to Ethiopians. The 55% will remain with the government of Ethiopia,” Brook Taye, senior adviser at the ministry of finance, told media.
The telecom service was introduced in Ethiopia by Emperor Menelik II in 1894 during the commencement of the telephone line installation from Harar to Addis Ababa. Then the inter-urban network was expanded in all other directions from the capital and many important centers in the Empire were interconnected by landlines to facilitate long-distance communications with the help of intermediate operators acting as verbal human repeaters.
Ethio telecom was created in November 2010, with the aim of helping the steady growth of the country and now has over 48 million users.
Sisay Sorsa told us "My next move would be to help them to patch these critical security flaws before they are exploited and attacked by other cyber-terrorist or blackhat hackers"
UPDATE: Sisay Sorsa has since contacted us to say that to date he has had no response to his report to the Ethiopian Informatiom Network Security Agency (INSA), which included a screenshot of the vulnerable server host IP address. He says that Ethio Telecom has now shutdown its service for every client side application, used by almost 48 million users. "...the vulnerability still exist. This is too weird they decided to shut down the service instead of patching the security flaw and making there customers safe and secure."
Ethio Telecom: Capacity Media: The Africa Report:
You Might Also Read:
Who Do You Trust With Your Personal Data?: