How confidential are your calls?
This case, discovered by Indian cybersecurity researcher Anand Prakash, was just a bug of bad programming, and is euphemistically called IDOR, short for Insecure Direct Object Reference.
If you think that selling banana phones as “secure” cell phones on eBay is the only scam that Deniz Ok sell, you are wrong. There is another scam he sell on eBay, even bigger: “Secure 4G WIFI router portable Hotspot VPN encrypted ~ IMEI ~ untrace stealth”.
Well, nothing special. Is just a regular Huawei router (E5573/E5770/E5885 series) which have a built in feature that allow IMEI changing by AT commands or directly from router control panel. There is no “encrypted” connection as scammer lie on eBay. Just to make it look more complex and complicated as actually is (for unaware buyers), scammer Deniz Ok is using “Airport Express” as model name, a term which is used only by iOS devices. Not to mention that scammer is faking also device manufacturer: instead of Huawei (Huawei logo is clear shown on some pics he posted), he pretend that the brand is called “Securwifi” (?!), a name that does not exist on a simple search on Google.
Huawei router price is only about 30-40 USD. You can check it on Google. Taking advantage on regular people lack of knowledge, scammer Deniz Ok is reselling this device with 400 GBP (about 540 USD) without making any modifications to make it more “secure”. Nothing. Nada. Zero. But 200% profit margin. Cool or what?
On Aliexpress.com you can find the same product he sell (and same pictures he use on eBay), with detailed description. Nothing about “special” security, encrypted connection and all that sort of lies scammer use: Aliexpress. Same here. And here.
No need to pay huge prices to this scammer. Here is how you can change regular router IMEI:
Huawei mobile routers & WIFI hotspots are well known for IMEI change capabilities. Nothing new about this. But this is not enough to make a mobile router secure, untraceable and stealth, as scammer Deniz Ok pretend.
Here is why:
Compared with regular cell phones, a mobile router is more vulnerable to remote attacks, interception and monitoring because is using 2 vulnerable wireless connections (since a cell phone usually have a single connection with cell towers): wireless connection with cell towers and wireless connection with your cell phone, laptop or PC. Different radio frequencies but same vulnerabilities:
This is how “secure wifi hotspot” sold by Deniz Ok provide “secure” internet connection.
Any mobile WIFI router / mobile hotspot is more vulnerable to over the air attacks than a regular cell phone. There are 2 essential vulnerabilities:
1. Wireless connection between router and your mobile device (cell phone, tablet, laptop, PC, etc.). Intercepting WIFI is trivial and more easy to do than intercepting a cell phone, due to WIFI security lack (authentication procedures, encryption, etc.) compared to regular mobile networks. As a matter of fact, tactical WIFI interception systems are way more cheap than mobile interception systems. You can find plenty of such systems on a simple Google search. Just to name few:
2. Wireless connection between router and outer world (regular mobile network).
Thinking of connecting your cell phone or PC to WIFI router / mobile hotspot via cable, which will reduce attack surface? Well, is remaining another vulnerable connection: data connection to cell tower that provide internet connection. If you think that your “secure” router is connected somehow directly (via cable?) to some sort of “secure” servers, you are completely wrong. This is not how it works. Your “secure” router will connect to the closest cell tower within your area (in the very same way as your cell phone does), in order to provide internet connection. Hence, no matter which kind of data connection exist between cell tower and the rest of the network: wireless connection is the weak point, exploitable by regular IMSI catchers and GSM interceptors that will intercept data connection (like this one), not to mention lawful interception systems.
Not least, “Secure 4G WIFI router portable Hotspot VPN encrypted ~ IMEI ~ untrace stealth” scam sold by Deniz Ok, is made by Huawei. Remember that back in May 2019, the US added Huawei to a trade blacklist over the company’s alleged ties to Beijing, which were seen as a national security threat. So, a totally unsecure device is sold as a “untraceable stealth” router. No other comments are needed.
Read the full first SCAM report here.
This case, discovered by Indian cybersecurity researcher Anand Prakash, was just a bug of bad programming, and is euphemistically called IDOR, short for Insecure Direct Object Reference.
There are times when you need to be able to use a mobile phone without anyone intercepting your calls and texts, including government agencies.
We have always rejected user requests for caller ID spoofing solutions. Once the phone is out in the wild, it exposes the user to many security threats. Read the full article for an overview.