Ethiopian Telecoms System Has Critical Security Flaws

Uploaded on 2020-12-14 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

A white-hat hacker has recently found a critical security flaw on Ethiopia’s Ethio Telecom servers that makes it possible for a hacker to control the entire Ethiopian GSM communication system.

'Sisay Sorsa' is a security researcher and white-hat hacker who has found a critical security flaw on Ethio Telecom servers. He told Cyber Security Intelligence that he accessed the system by writing a python script to make a proof of concept and that now he can exploit the entire Ethio Telecom network and has explained that she now will help the company reduce the risks and help them solve the problem. 

The hacker says it is possible to almost completely access each and every SIM cards (phone numbers) and to steal by making money transfers, pay bills and buy packages from every phone number. All of this is an extremely dangerous vulnerability on the apparently secured Ethio Telecom infrastructure.

Current news reports claim Ethiopia is planning to sell a 45% stake in Ethio Telecom, the monopoly player at the centre of the country’s ICT liberalisation strategy. The latest development, reported by Reuters, quoted an adviser to the state minister of finance, who confirmed that the sale is back on the table. The transaction is expected to take nine months and tenders for two new operating licences will be issued in December, a process in itself expected to take three to four months. “It is 40% to all interested bidders and 5% will be dedicated to Ethiopians. The 55% will remain with the government of Ethiopia,” Brook Taye, senior adviser at the ministry of finance, told media.

The telecom service was introduced in Ethiopia by Emperor Menelik II in 1894 during the commencement of the telephone line installation from Harar to Addis Ababa. Then the inter-urban network was expanded in all other directions from the capital and many important centers in the Empire were interconnected by landlines to facilitate long-distance communications with the help of intermediate operators acting as verbal human repeaters.

Ethio telecom was created in November 2010, with the aim of helping the steady growth of the country and now has over 48 million users.

Sisay Sorsa told us "My next move would be to help them to patch these critical security flaws before they are exploited and attacked by other cyber-terrorist or blackhat hackers"  ​

UPDATE:  Sisay Sorsa has since contacted us to say that to date he has had no response to his report to the Ethiopian Informatiom Network Security Agency (INSA), which included a screenshot of the vulnerable server host IP address. He says that Ethio Telecom has now shutdown its service for every client side application, used by almost 48 million  users. "...the  vulnerability still exist. This is too weird they decided to shut down the service instead of patching the security flaw and making there customers safe and secure."

Ethio Telecom:      Capacity Media:      The Africa Report:  

You Might Also Read:  

Who Do You Trust With Your Personal Data?

 

« US Government Agencies Under Attack
The Personal Data Being Used To Get Your Vote »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Oodrive

Oodrive

Oodrive is the first trusted European collaborative suite allowing users to collaborate, communicate and streamline business with transparent tools that ensure security.

Jamcracker

Jamcracker

Jamcracker is a cloud services management and cloud governance solutions company, with more than a decade of experience providing industry leading software and services.

Riskified

Riskified

Riskified is a leading eCommerce fraud-prevention company, trusted by hundreds of global brands – from luxury fashion houses and retail chains, to gift card and ticket marketplaces.

SecuDrive

SecuDrive

SecuDrive, provides hardware encrypted external storage devices to protect a company’s sensitive and important data.

i-Sprint Innovations

i-Sprint Innovations

i-Sprint is a leader in Securing Identity and Transactions in the Cyber World for industries that are security sensitive.

ACA Group

ACA Group

ACA Group are a leading governance, risk, and compliance (GRC) advisor in financial services.

Securden

Securden

Securden provide an all-in-one Platform for Next-Gen Privileged Access Governance, helping you to prevent identity thefts, malware propagation, cyber attacks, and insider exploitation.

Privafy

Privafy

Privafy helps mobile service providers, IoT manufactures , and enterprises redefine the way they protect Data-in-Motion.

General Informatics

General Informatics

General Informatics is a team of technology enthusiasts with one mission: to make our clients even more successful through the best use of technology.

Capgemini

Capgemini

Capgemini is one of the world's foremost providers of consulting, technology and outsourcing services. Areas of expertise include Cybersecurity.

Cybernatics

Cybernatics

Cybernatics is inspired by bringing together best-in-class innovations around Cybersecurity and Analytics. We offer tailored enterprise solutions to safeguard your organisations best interests.

AT&T Cybersecurity

AT&T Cybersecurity

AT&T Cybersecurity’s Edge-to-Edge technologies provide threat intelligence, collaborative defense, security without the seams, and solutions that fit your business.

View

View

View is the leader in smart building technologies including OT cybersecurity to securely connect buildings to the cloud and manage building networks and OT devices.

Seven AI

Seven AI

Seven AI develops cyber security software designed to identify online threats.

HanaByte

HanaByte

HanaByte is a security consultancy focused on delivering state of the art solutions in the cloud. We specialize in delivering cloud services with an emphasis on security.

Digital Twin Consortium (DTC)

Digital Twin Consortium (DTC)

Digital Twin Consortium is a global ecosystem of users who are driving best practices for digital twin usage and defining requirements for new digital twin standards.