Itemized invoice monthly. Add an arbitrary phone number in the personal account of the mobile operator Kyivstar (Ukraine) Kyivstar call history personal account
Do you want to know who your teenage child communicates with in his free time? Or where does your friend spend her evenings? Or maybe you need to check your husband's phone? Then it's time to take advantage of our call detailing services. Today the cost is so low that it will allow each of you to get a detailed transcript without “leaving your place.” There are also ways to get information on conversations completely free of charge.
How to make call details for free
1. Just be left alone with the desired phone.
In order to avoid doubts and suspicions, you need to pick up the phone and check the call history, as well as received and sent SMS messages. This can be done if the person you are checking is near you and you have time to look through the phone without being noticed. Do not forget that such a test may end badly. For example, if the owner of the phone appears earlier than you expected, then get ready for a scandal. Or, some prudent people simply delete the entire history from the phone in advance, and then you will no longer be able to achieve the truth in such a banal and free way.
2. Get details for free through your mobile operator.
This option is possible if the number is registered to you. Today, absolutely any telecom operator provides call details in a way convenient for you. You can come to the office in person and present your identification document to freely receive the coveted report. Or, order a statement by number or it is also called account details via the Internet in your personal account. As you understand, for this you need to have direct access to the phone. Go to the website of the mobile operator and indicate the number from which you want to receive. To do this, enter your number on the website, an SMS with a login password will be sent to it. Next, by logging into your personal account, you indicate your email address, to which the conversation file will be sent. You can make it even easier by checking out your details right there online. It is downloaded directly to your personal account, where it can be read immediately. True, it is not stored for long - within 3 days.
There are NO alternatives to getting details for free! Doesn't exist in nature! Remark - unless you have a friend who works in a cellular company, and again NO. No programs will show you other people's conversations, there are only viruses.
3. Leave a request to a competent company and entrust your order.
By using the “Monthly Detailed Bill” service, you have the opportunity to receive a monthly printed statement by mail that displays complete information about all toll calls to your number for the calendar month, namely: the date of the call, time, duration, cost and number, from which/to which this or that call was made.
This statement will be mailed to you along with your monthly invoice.
Connecting the service
In order to order the “Detailed monthly bill” service, you need to contact the subscriber service center and submit an application to connect the service. Subscribers registered in the system can activate this service independently (section “Services and promotions”).
If several subscriber numbers are registered on your personal account, you can order the provision of the service both for all numbers and selectively (for example, for only one subscriber number).
The “Monthly Detailed Invoice” service is provided only at the end of the month.
The subscriber has the opportunity to receive the service at the subscriber service center one-time, for the desired period not exceeding one calendar month.
Rates
There is no service connection fee.
Rates are inclusive of all fees and taxes.
Kyivstar call details is a service provided to all network subscribers, which monthly displays information about past paid events by number. Using it, you can find out the date and time of the call, the duration of the call, its cost, as well as a list of phone numbers from which or to which the calls were made.
Kyivstar call details - how to connect and use?
Before making call details, you need to submit an application to connect to the service. This can be done either by calling the operator for a contract, or independently, using the My Kyivstar self-service system. Follow these instructions:
Having entered the My Kyivstar service, you should go to “Services and promotions”, then - “Overview” - “Expenses” - “Charges and payments”. The next step is to select the month for which calls and SMS are detailed. The information displayed will contain:
- phone numbers;
- data on the calculation of subscription fees;
- information about receiving and canceling bonuses.
In the case when several phones are connected to one account at once, in the “Change balance” and “Write off balance” columns, you can see from which number the payment for services was made.
Detailed data in your personal account is stored for six months. Information is updated with a slight delay: up to 2 hours for prepayment; and up to 2 days for a contract. This is also worth keeping in mind.
Tariffication
The initial fee is not charged upon connection; it is free. You will only have to pay a monthly subscription fee of 15 hryvnia. But you can also do call detailing once.
The ability to order becomes available only at the end of the month, not earlier. In the current month, you can take a printout only for the previous one, and for the current month - only in the next one.
If you connect several numbers to your personal account at the same time, you need to pay separately for the details of each of them. For two rooms, for example, it will cost 30 hryvnia, and for three, respectively, 45 hryvnia.
Other information
Before you take a printout of calls, you need to decide in what form you need them: electronic or printed. Electronic displayed data can be copied to your file, or viewed online when needed. But it is worth remembering that after 6 months, information for the first month will no longer be stored. Therefore, in the case of long-term accounting, you should duplicate information from your personal account on a monthly basis.
Call data in printed form, together with an invoice, can be ordered by mail. This statement will contain information about all past paid events by number for the previous month.
Unfortunately, it is not possible to order details of other people's calls. Only the owner of the number can contact the service center regarding this issue. Be careful, as attempting to obtain data about other people's calls may be considered fraud.
Call printout in essence the same as call detailing. Thus, mobile phones involve obtaining data about the owner of the SIM card, numbers of incoming and outgoing calls, the content of SMS texts, date and time of validity, duration and location.
You can read about the effectiveness of call printouts in the call detailing section.
For example, even if your other half regularly meets with someone a couple of times a month, and you managed to take a printout of calls without coming to the attention of law enforcement agencies and without becoming a victim of scammers, it is 100% impossible to draw conclusions from it turn out. At most, some unfamiliar number. This is provided that your other half only has a dozen contacts in the phone’s address book, and if there are at least fifty, and it’s signed correctly, there’s zero chance. What if half of them have two phones or agreed in a couple of days? Or maybe I was or was just passing through the indicated place? Maybe they are just friends and periodically drink coffee together (by the way, a real case from practice)? Or maybe your other half doesn’t use a mobile phone in such cases?
As you can see, it raises more questions than answers that outdoor surveillance using video and photo shooting can provide. External surveillance can not only confirm or refute any doubts, but also record them.
There is also a category of people who type in search engines something like - free or call printouts for free. Comments are unnecessary here; a person who gives a printout of calls is already breaking the law and is subject to certain sanctions. It is unlikely that anyone will risk (job, career, reputation) for free, and regularly.
There is also a category of scammers who, having taken money or part of it (as an advance), will simply disappear, or the printout of calls will be far from the original. Here it would also be appropriate to recall the legal side of mobile phone printouts.
Call printout - legal side
Call printout from the legal side - a violation of Article 31 of the Constitution of Ukraine, which guarantees citizens the secrecy of telephone conversations; Article 163 of the Criminal Code of Ukraine, which provides for a maximum sanction in the form of restriction of freedom for up to three years for violating the secrecy of correspondence and telephone conversations; Art. 182 of the Criminal Code of Ukraine for the illegal collection, storage, use or distribution of confidential information - the same maximum sanction.
Summarize. Call printout by itself will not be able to confirm or refute your guesses. There is also the possibility of falling into the hands of scammers or the attention of law enforcement agencies.
If you still decide to act in this direction, it may be better not to type in search engines - mts call printout, Kyivstar call printout, and turn to the services of a private detective? Specialists, working in the legal field, having sufficient practice and professionalism, without invading personal life, will be able to 100% confirm or refute your concerns using photo and video recording. And it’s not a fact that it’s more expensive.
I am a client of the Ukrainian cellular operator Kyivstar and a user of their web service my.kyivstar.ua. Like many other operators, Kyivstar offers a web version of your personal account, where you can view your account balance, call details, change the tariff, order or disable a service, etc.
They also recently launched a new version of their personal account new.kyivstar.ua. It has an interesting feature - adding another Kyivstar phone via SMS verification. I undertook to check it for vulnerabilities, since it actually gave the same access to the added phone as to my own, which did not particularly please me as a client.
The new site has the following interface for adding a phone:
Adding is done in 4 steps:
Entering a phone number 
Selecting the option through joining via SMS (sometimes also through a static password, but it doesn’t show up for me) 
Enter the received SMS. 
Confirmation.
These 4 steps translate into a series of POST and GET requests. The last three requests in this series are responsible for adding a number after passing OTP verification.
And I decided to check: what if I repeat these requests without those responsible for SMS verification.
Let's take a closer look at these last 3 queries.
They look like this in the Google Chrome Developer Tool (Shift+Ctrl+I): 
Merge.rpc requests are sent to account.kyivstar.ua/cas/merge/merge.rpc.
Contents of the first request:
The request contains the phone number to be added (097...)
Contents of the second request:
The third request to the address new.kyivstar.ua/ecare/addOrMerge is a GET request without parameters, confirming the previous two operations.
Next, I decided to reproduce these 3 requests again, after first deleting the phone number I had just added from my personal account.
I used the Postman application to reproduce it. 
As expected, after updating the page, the phone was successfully added to your personal account. 
What we have.
We can add any phone number to our personal account without SMS verification and manage it as our own, namely:
- view balance and call details
- view the PUK1 code and serial number of the SIM card, which allows you to replace the SIM card yourself
- add new services and change tariff plan
- and most importantly - transfer money from phone to phone
As expected, I immediately contacted Kyivstar customer support and asked to provide me with the contacts of the security service or the responsible employee of the development department, so that they could describe in detail the essence of the vulnerability and how to reproduce it. As expected, my request was denied and they suggested that I send a description of the vulnerability either in the chat or through a universal form on the website.
Understanding the possible risks if a detailed description of the vulnerability were available to any customer support employee, I still insisted on my request, but again to no avail. Realizing that there was no other way out, I compiled detailed instructions for reproducing the vulnerability into a Google Docs file, wrapped it in a link through the clickmeter.com link tracking service, and sent it to the chat.
As I expected, my application caused a stir and increased interest among the company’s employees, which was reflected in the analytics of the clickmeter.com service: 
The application was viewed by 22 unique users within 2 days. 
Statistics show that the link was viewed from both computers and mobile devices. The geography of views was also not limited to the Kyiv office, the list included Kyiv, Lvov, Dnepropetrovsk, Tbilisi.
Analyzing the statistics, it becomes clear that the existing communication channel with the company is not intended for filing applications of this kind and can lead to information leakage and exploitation by third parties until the vulnerability is closed.
To give credit to the company, the responsible employee contacted me on the second day, thanked me and asked me to remove the link from public access. Over the next few weeks, the vulnerability was closed, and I was contacted again and informed that the application had been completed.
This story reminds us that we need to be more attentive to information security issues in companies of the size of Kyivstar, and create separate communication channels for this, to which only authorized employees will have access. Well, the company’s participation in bug-bounty programs or the creation of its own also has a positive effect on strengthening the security of services.
