100 10 SMS vulnerability event

On 201February 2 1 day, a hacker broke the news that there were huge loopholes in the customer service system of China Unicom. Under normal circumstances, Unicom's 100 10 only sends some short messages about the usage of the package and whether the recharge is successful or not. However, on 2 1, some netizens took advantage of this loophole and posted their own short messages. The source of the short messages is "100 10". This news triggered a number of security software vendors to issue a "security warning" to remind consumers to be alert to fraudulent SMS posing as Unicom customer service.

You can send the short message of "100 10" at will.

A hacker who did not want to be named said that a security website named "Black Cloud" submitted this vulnerability. It is understood that the discoverer of this vulnerability is "zazaz", and the vulnerability of China Unicom involves its customer service system, that is, "China Unicom can use 100 10 (the customer service number of China Unicom) to send customized short messages to any Unicom number", and the hazard level is "high".

Or by fraud, Trojan horse.

Everyone in the industry believes that the risk behind this loophole should not be underestimated. The website "Wuyun" warned that "anyone can use the official 100 10 to send short messages to Unicom's mobile phone number, which is very harmful." Hackers also said that if a dangerous link is attached to the short message, once the user clicks the link, he can download Trojan, bind SP service customization, and even get the SID (security identifier, which is the number that uniquely identifies the user, group and computer account) in the user's mobile browser by combining WAP vulnerabilities.

The relevant person in charge of China Unicom's media contact said that it has been concerned about this news, and the relevant technical departments have fixed this loophole and are conducting further investigation. Users can make complaints through 100 10 hotline, 100 10 SMS, or through Weibo @ Beijing Unicom, @ China Unicom Beijing Customer Service, etc. China Unicom's mobile phone business hall client has also added a "one-click report" function of spam messages for customers to use for free. From 1 to September this year, Beijing Unicom's reporting channel blocked a total of 26 10 spam messages.