Huge Security Hole Discovered in BSNL Internal Application Dotsoft

BSNL is India’s largest telecom provider, a game changer in the telecom industry in India and probably the  only organization that drives competition in this sector by going out of its way. The success of BSNL in India can be attributed to a number of factors, the primary one being its ties with the Government. The Government of India owns BSNL and it also forms a strategic partner for the Government of India. This makes BSNL a powerful organization when it comes to the telecom industry and as the good old saying goes, “with great power comes great responsibility”.

BSNL has been hacked numerous times in the past. Last year in August, Pakistani hackers pwned BSNL India’s Punjab website and managed to get hold of user data. There was a déjà vu in July (last month) when the Pakistani Cyber Army hacked a BSNL website (again!). Now, we are seeing another security hole in a BSNL website, which can compromise numerous employee accounts inside the organization.


The Dotsoft application used by BSNL for its internal operations is a flawed one when it comes to security. As you can see, the application allows public access, for anyone to modify any internal user account at BSNL. The Dotsoft project page (probably) at BSNL explains it as,

Dotsoft  is in-house developed software, integrating the Commercial Activities, Telecom Billing & Accounting,  FRS and Directory Enquiry. It has been implemented  in  171  SSAs (Districts) across the country.
All the SSAs of Andhra Pradesh,  Tamil Nadu, Karnataka, Assam, Punjab, Chhattisgarh and  Gujarat Telecom Circles  have implemented it. Rest of SSAs is from states of  Maharashtra, Madhya Pradesh, Uttar Pradesh, Rajasthan,  J&K and Haryana. Many Telecom Circles like Bihar Telecom Circle,  Orissa Telecom Circle and Uttaranchal  Telecom Circle  are in various stages of finalizing the plans for implementation of Dotsoft in their SSAs.

Clearly, this application holds extreme value inside the organization as it forms a critical part of their business. Severe security vulnerability like this should be fixed immediately. Any plans to extend this application across more states, without fixing this vulnerability might put BSNL in jeopardy.

Published by

Chinmoy Kanjilal

Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. You can connect with him on Twitter @ckandroid.