Bug in Premium-Rate Fortune Telling Service Signs any Mobile User Up
If you’re into fortune telling, here’s next week’s prediction: extra charges on your mobile phone bill, provided that you shared your number with the wrong person.
Mobile phone user Mark Hole made an unexpected discovery when looking into an unexplained weekly charge on the phone bill of the mobile phones linked to his business. The charge, made in the name of Buongiorno – the maker of a premium rate fortune-telling service – was reported to Orange, but the operator claimed Hole must have signed up himself for the service.
Looking into the matter, the computer consultant discovered that it only took a valid mobile number in the Orange network and a Firefox add-on able to spoof the browser to appear as if the request was made from an iPhone to sign anyone in the network up for the iFortune service.
According to a BBC report, Mark Hole contacted content maker Buongiorno to get extra information about the charge. “There was a bug in the system,” said a Buongiorno spokesman. “When that was found out, we very quickly moved to pin it down, find out what happened and stop it from happening again.”
The company refunded Mark Hole’s charge, which apparently was the only abusive subscription detected by Buongiorno. However, as companies that deal in premium rate content are making subscription increasingly easy for, they are relaxing the security aspects that protect users from fraud.