Are you a victim of VAS activation without your concern have you ever been charged for the VAS service what you have never used ?Do you know it can be a mischief played on you by your friend.
A avid TT reader Gaurav Sharma who hails from Sangrur in Punjab has come up with a so called major bug in RCOM portal which exposes Rcom web security level the bug shows any user in a public domain can activate and deactivate any VAS service of Reliance Mobile
So what is the bug all about ? To make this bug work on should be online via Rcom apn which is RCOMNET once connected you should open a unique url (Link not attached on purpose).
The url consist of appID , reqID and mdn this is where the bug is appID stands for the VAS service like for 101 it stands for music station and it differ from one VAS service to another, reqID is used to subscriber and unsubscribe a service take for example reqID=1 is use to activate the service and reqID=2 is use to deactivate the service and mdn is the mobile number of user.
While testing we tested the same bug on our very own RCOM Mobile Number 90223030** and we were able to activate Reliance Mobile music station service remotely.
We atleast thought that Rcom guys would be aware of the same, so called CC Guy’s on 198 from Reliance Mobile to file a complain around 9Pm on 23rd March, the CC executive Ms. Ansia said that their system is not updated so we were asked to call after 6 hours.
On 24th March, 9.30 am we again made call at 198 and Mr Shyam the CC executive first he said he can de-activate the service but didn’t book any complain regarding that and no refund will be possible for the activation of the VAS.
But when we said we didn’t sent any request for this VAS then how come music station service was activated without our concern ,all we wanted was to make sure if Rcom system was able to understand the service was remotely activated.
But unfortunately the system what Rcom was using was unable to detect the same and even CC guys never cared to give us a complain number after 2 or 3 time when we insisted the same then he finally agreed to book the complain and gave us the complain number which was 149699250.
Today at 12.22pm we got a call from 022-303457** and the guy said he is from Relaince Customer Care and quoted the complain what we made was FALSE and he cited we have activated the VAS service from R-World or R-Menu so now complain is closed and NO REFUND is possible.
We again said we never activated the service but they never care to listen and said what ever we said is false hence the complain is closed so end of the day we lost Rs.30 🙂 for the service which we dint even use.
So now the question is this the bug behind all false activation made by Rcom ? We would also like to remind Reliance that recently you topped in highest number of customer complains in TRAI charts we hope it has nothing to do with this bug for faulty activation.
If Reliance Guys are reading this, fix this bug before things goes out of hand
A Happy Geek and a Network Research Engineer with a really cool day job…