topic Re: EE serious security hole in Android Devices

EE serious security hole

Pixel-is-a-scam — Mon, 03 Apr 2023 17:11:28 GMT

Re: EE serious security hole

Pixel-is-a-scam — Mon, 03 Apr 2023 17:14:48 GMT

When I call EE, from my phone, they send a pass code to me by SMS. This seems ridiculous. If I'm calling them from my phone they know for certain that I have access to the phone. How do they think sending a pass code by text, to the phone they are already certain I have access to, is adding any level of security?

Whenever I put this to them they can't seem to comprehend the futility of what they're doing.

Anyone able to explain how it's secure? EE can't.

Re: EE serious security hole

bristolian — Mon, 03 Apr 2023 20:58:24 GMT

Caller-ID is not 100% flawless, and an OTP seems a sensible way to be 100% certain, at little-to-no inconvenience to a genuine caller.

No security system is introduced without a valid basis.

Re: EE serious security hole

Pixel-is-a-scam — Tue, 04 Apr 2023 09:52:30 GMT

Obviously it would help prevent fraud by number spoofing. That's not my point. I'd prefer they actually ask some security questions. As I said, the text doesn't offer any security for my personal data or account.

Re: EE serious security hole

Chris_B — Tue, 04 Apr 2023 12:43:40 GMT

@Pixel-is-a-scam But that text is sent to your number and not a caller who might of spoofed your number. Only your number gets that’s text. That’s 2FA right there.

Re: EE serious security hole

Pixel-is-a-scam — Tue, 04 Apr 2023 19:38:08 GMT

It's not 2FA. It only guards against number spoofing.

Because it replaces all other security measures if someone has my phone, or sim, they can do what they like with the account because they just call 150, receive the text, and proceed unchallenged.

Re: EE serious security hole

354- — Fri, 07 Apr 2023 14:00:19 GMT

I had a brief look at EE's help portal section in security, nothing about pass codes, or any "pinned" topics on the community forums for pass code.

Re: EE serious security hole

Chris_B — Fri, 07 Apr 2023 14:04:13 GMT

@Pixel-is-a-scam Then have a pass code on your device nothing that’s easy to guess.
Use a sim pin on the SIM card so if it’s removed from your device is then needs that code to unlock it to use it and any apps that have a password to open then use it.

Re: EE serious security hole

Pixel-is-a-scam — Fri, 07 Apr 2023 14:16:42 GMT

I called EE from my mate's phone yesterday and was able to add a line to his account. When the poop connects to the spinney thing I'll just remind EE that they told me repeatedly that they believe their approach is secure.