If you are an owner of the DR-921 D-Link router be warned – your account can be credited with a fairly large bill, just like one of the Niebezpiecznik’s readers.
In his case the cybercriminals have increased the limits for premium rate services.
Cybercriminals have exploited the vulnerability in the router to change the limits set for premium services by Orange operator, in the first stage to PLN 300 and in the second to PLN 4,000.
According to Niebezpiecznik billing has shown 35 premium rate SMS being sent out. The victim received an SMS from the Orange network operator informing about exceeding a total of PLN 1,000 in charge and the SIM card being locked out of the network.
The consumer should be protected by the default limits enforced by the telecommunications law, which are set to the sum of PLN 35. However, criminals have probably changed the limits via the operator’s website. Due to similar attacks Orange is now considering disabling SMS and voice calls for SIM cards used only for data transfers. They also warn their clients of vulnerability in the particular D-Link router model which can be exploited to overcharge users for premium rate SMS.