Stuff

    Subscribe to our newsletter

    What's Hot
    Ghost Robotics Main

    Ghost Robotics’ unmanned dog-bots may soon patrol Cape Canaveral Space Force Station

    August 11, 2022

    The Red Bull Campus Clutch esports tournament returns for 2022

    August 11, 2022
    Canon EOS R5 Transformers

    The Canon EOS R5 is a Prime candidate for a Transformers upgrade

    August 11, 2022
    Facebook Twitter Instagram YouTube SoundCloud
    Trending
    • Ghost Robotics’ unmanned dog-bots may soon patrol Cape Canaveral Space Force Station
    • The Red Bull Campus Clutch esports tournament returns for 2022
    • The Canon EOS R5 is a Prime candidate for a Transformers upgrade
    • SA schools to receive updated tech-focused curriculum
    • Know when to Fold ’em? – Our first look at Samsung’s Galaxy Fold 4
    • Blockchain-based certificates. Legitimate qualifications.
    • Disney+ is raising prices in the U.S – what that could mean for us
    • Samsung hopes you’ll Flip – Our first look at the Galaxy Flip 4
    Facebook Twitter Instagram YouTube
    StuffStuff
    • News
      • App News
      • Business News
      • Camera News
      • Gaming News
      • Headphone News
      • Industry News
      • Internet News
      • Laptops News
      • Motoring News
      • Other Tech News
      • Phone News
      • Tablet News
      • Technology News
      • TV News
      • Wearables News
    • Reviews
      • Camera Reviews
      • Car Reviews
      • Featured Reviews
      • Game Reviews
      • Headphone Reviews
      • Laptop Reviews
      • Other Tech Reviews
      • Phone Reviews
      • Tablet Reviews
      • Wearables Reviews
    • Columns
    • Stuff Guides
    • Podcasts & Videos
      • Videos
      • Stuffed
      • Stuffing Around
      • Tech Byte
      • T2S2
    • Win
    • Subscribe
      • Print
      • Digital
        • Google Play
        • iTunes
        • Download
        • Zinio
    • Stuff Shop
      • Shop Now
      • My Account
      • Downloads
    • Contact Us
      • Get In Touch
      • Advertise
    0 Shopping Cart
    Stuff
    Home » News » Massive security flaw in Johannesburg’s new online municipal system leaves residents’ information exposed
    News

    Massive security flaw in Johannesburg’s new online municipal system leaves residents’ information exposed

    Max MilellaBy Max MilellaOctober 19, 2021No Comments3 Mins Read
    Johannesburg
    Share
    Facebook Twitter LinkedIn Pinterest Email

    In case you didn’t know, the city of Johannesburg has a new online system with which residents can look over their municipal bills, making it easy to bring up invoices for electricity, water, property taxes and more online. In theory, it makes a rather dull and often obtuse process a lot simpler and more efficient. 

    However, there’s one con, and it’s a big one: the system’s site lets just about anyone find personal information on just about anyone else.

    Johannesburg has more to shore up than its roads

    The online system’s security vulnerabilities aren’t obscure backdoors or something along those lines. No, this is something far simpler and easier to exploit. 

    This system is relatively new, but some Johannesburg residents have probably seen it by now, most likely if they’ve received an SMS from the City of Joburg regarding an invoice or amounts due to be paid. An accompanying link directs recipients to the City of Joburg’s new online system, where they’re presented with a number of options.

    From the system’s dashboard, users can view their invoices in a browser, pay their dues and download, email, or simply view relevant municipal documents. These documents contain, alongside invoices and balances and the like, droves of sensitive personal information, such as one’s full name and initials, the market value of their property, their address and more.  

    This is where the security woes begin. To start with, the site isn’t HTTPS-encrypted, which is definitely an oversight but pales compared to its other big issue.

    The door’s unlocked, come on in

    See, Johannesburg residents don’t actually have to login anywhere, they just have to click the link they were sent, or head over to the site and type in their account number to access their information. There’s no authentication to speak of. 

    This means that if someone were to somehow get your account number, they’d be able to access all of this without much trouble. Now, realistically, the chances of someone randomly seeing your specific account number are pretty low. But that doesn’t mean prying eyes can’t get into your account anyway. See, all one has to do to view another account is to go back over to where they input their own number and bump it up or down by one, which will cycle them over to the previous or next person’s account. Yikes.

    What’s worse is that writing a program to scan through and collect data from the City of Joburg domain en masse is relatively easy for someone with that kind of know-how. 

    It’s a shockingly obvious vulnerability that puts some pretty sensitive information at risk. The domain is reportedly down at the moment, which could mean that these issues are currently being worked on. Fingers crossed. Knowing Johannesburg, that could take a while.

    Source: My Broadband

    Data featured information Joburg Johannesburg municipality security security vulnerabilities
    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Tumblr Email
    Max Milella

    Related Posts

    Ghost Robotics Main

    Ghost Robotics’ unmanned dog-bots may soon patrol Cape Canaveral Space Force Station

    August 11, 2022

    The Red Bull Campus Clutch esports tournament returns for 2022

    August 11, 2022
    Canon EOS R5 Transformers

    The Canon EOS R5 is a Prime candidate for a Transformers upgrade

    August 11, 2022

    Leave A Reply Cancel Reply

    In The Mag
    Stuff August-September 2022 Latest Issue

    In This Issue – The Women in Tech (August-September 2022) Issue

    By Brett VenterAugust 1, 20220

    August is a pretty special month. It’s the host of International Women’s Day and is…

    2021 Wish List
    wish list Stuff Wish List 2021

    Stuff Wish List: for the tech impaired

    By Duncan PikeDecember 22, 20210

    Are you from the time before being glued to a smartphone was considered normal? Here’s…

    Wishlist DIY Stuff tech

    Stuff Wish List: for the DIY Diehard

    December 21, 2021
    Wish List Gearhead

    Stuff Wish List: For the petrol-soaked gearhead

    December 20, 2021
    outsiders

    Stuff Wish List: for the Outsiders

    December 17, 2021

    Latest Video

    Sonos

    SONOS Roam SL unboxing by Toby Shapshak

    Mini Cooper

    The Mini Cooper SE Electric with Toby Shapshak

    MSI Crosshair 15 Rainbox Six Extraction Edition unboxing

    MSI Crosshair 15 Rainbox Six Extraction Edition unboxing

    Samsung Galaxy S22 Ultra Unboxing

    Samsung Galaxy S22 Ultra unboxing with Toby Shapshak

    Contact

    South Africa's Consumer Tech News Hub

    General: stuff@stuff.co.za
    Subscriptions: stuff@onthedot.co.za or 087 353 1291
    Editorial: 072 735 2614
    Sales: 083 375 2418

    Facebook Twitter Instagram YouTube SoundCloud

    Subscribe to Updates

    • Terms and Conditions
    • Privacy & POPI
    • My account
    © 2022 Stuff Group. Designed by Chronon.

    Type above and press Enter to search. Press Esc to cancel.