Ele. Me mobile phone verification can be used as phone bombing (killing you)

Ele. Me mobile phone verification can be used as phone bombing (killing you)

Now, the food on campus is filled with little brother and sister who often send takeaways. I can't resist the temptation to start using ELE. Me, too, but what makes me angry is that there is a restaurant that looks so good that it actually increases the take-out fee, and I am very dissatisfied with this. Far away... As a result, the detection of ELE. Me mobile terminals has been launched. Various possible problems may be that I have no technical skills, and security measures have been well performed. The hacker did not find a valuable vulnerability, only find the mobile phone bombing. After a meal, if the take-out mobile phone number is new, the system will prompt for phone verification if you are hungry, and then call the verification code to intercept the data packet during the process as follows:


Obviously, the checkpoint sig exists here, so it is troublesome to modify the data, so I will not modify it. I will directly enter the target mobile phone number for replay attacks. It is tested that the interval is only 30 seconds, but there is no limit on the number of times. That is to say, a script is used to replay the data. The target mobile phone will receive a verification code call every thirty seconds. If you don't shut down, what should you do ....



There is a time difference between them because I went out for a meal.

Solution:

This vulnerability can be exploited to increase the number of phone numbers. I am a programmer and I have a suggestion. Ele. Me's current ticket list can only be made by friends. We recommend that you add a function to list orders between strangers, scan the users who buy the same seller around according to the positioning information, and then submit the ticket together. This will attract users who want to get takeout but cannot afford to pay for it, and sellers will also send it once, so that each win is mutually beneficial.