Airtel Kenya – compromised systems or backdoor access?
At the risk of being called naive (because I haven’t done deeper research
on how the alleged $subject is achieved), I’d like to know if there is
someone else who thinks like me – that there is a problem at Airtel.
I happen to have an Airtel phone number that I believe is perhaps one of
the easiest to pick from a random pool (?) – 0732000004 (should I care
about privacy?).
In a week, I get at least 5 calls from the Mulot ICT Hub guys who are
intent on either wiping clean my non-existent Airtel Money balance or they
just want to take away my number (even though it’s duly registered).
I love playing games with these Mulot guys, but one thing has always gotten
me intrigued: How they are able to generate OTPs instantly – from the
Airtel systems, or some systems mimicking Airtel systems.
All the OTPs they send to me in the process of trying to achieve their
objectives (whatever it is), do come from (I believe) Airtel Systems –
because on my phone, they are threaded together with messages that I
do receive from Airtel.
And my question then is – how is that possible without them having access
to the Airtel system (that generates the OTP) either via a compromise or a
deliberately provided backdoor (by an insider collaborator)?
And what can I do to mitigate this?
The best Airtel has always done is to send me an SMS advising that I should
not share my details with anyone, even an Airtel employee and that official
calls from Airtel can only originate from a specific number.
on how the alleged $subject is achieved), I’d like to know if there is
someone else who thinks like me – that there is a problem at Airtel.
I happen to have an Airtel phone number that I believe is perhaps one of
the easiest to pick from a random pool (?) – 0732000004 (should I care
about privacy?).
In a week, I get at least 5 calls from the Mulot ICT Hub guys who are
intent on either wiping clean my non-existent Airtel Money balance or they
just want to take away my number (even though it’s duly registered).
I love playing games with these Mulot guys, but one thing has always gotten
me intrigued: How they are able to generate OTPs instantly – from the
Airtel systems, or some systems mimicking Airtel systems.
All the OTPs they send to me in the process of trying to achieve their
objectives (whatever it is), do come from (I believe) Airtel Systems –
because on my phone, they are threaded together with messages that I
do receive from Airtel.
And my question then is – how is that possible without them having access
to the Airtel system (that generates the OTP) either via a compromise or a
deliberately provided backdoor (by an insider collaborator)?
And what can I do to mitigate this?
The best Airtel has always done is to send me an SMS advising that I should
not share my details with anyone, even an Airtel employee and that official
calls from Airtel can only originate from a specific number.
