Is your smartphone telling every website you visit your telephone number?
O2 mobile users in the UK are venting on Twitter today, fuming at their discovery that their phone number is being shared with every website that they visit over the network.
I found a colleague who owns an iPhone on the O2 network, and we tried it out for ourselves. Making sure we turned off his WiFi connection, we used the O2 mobile network to access the web.
Sure enough, his mobile number was being secretly communicated to websites he visited, embedded inside an http header called HTTP_X_UP_CALLING_LINE_ID.
O2’s response so far is to tell concerned Twitter users that it is investigating the issue.
Well, maybe I can be of some assistance. Because, although the problem is getting a lot of people’s attention today, it’s actually been known about for almost two years at least.
Back in March 2010, Berlin student Collin Mulliner revealed his discovery at the CanSecWest conference in Vancouver and presented a paper on the topic entitled “Privacy Leaks in Mobile Phone Internet Access”.
It’s hard to understand why a mobile phone network operator would think it is necessary to transmit their customers’ mobile phone numbers to the website they visit. My guess is that it’s more likely to be a cock-up than malice which caused this data to be leaked – but what’s worse is that the problem is still present almost two years after it was first discovered.
It’s certainly easy to imagine how the information could be abused – for instance, if your mobile phone number is scooped up, it could then be used to SMS text spam you.
Occasional Naked Security contributor Terence Eden has made a video demonstrating the problem:
So, the big question is are other mobile networks – including those in other countries – also doing this?
If you want to know if your smartphone is revealing your phone number when you browse websites, you can test for yourself by visiting this demo page by Collin Mulliner: www.mulliner.org/pc.cgi
If it comes up green, you’re all clear. But if you see red, well.. maybe you’ll be seeing red with your mobile phone operator too.
(Remember, you have to turn off WiFi before you test. That way, your phone is forced to use your mobile phone network for the connection.)
- Facebook Lawsuit Shows How Outdated Our Privacy Laws Are
- German Defense Minister von der Leyen’s fingerprint copied by Chaos Computer Club
- Racism in the United States: By the Numbers
- ISIS Unveils Its New Gold-Backed Currency
- Putin stockpiles gold as Russia prepares for economic war
- MasterCard reveals biometric plans for password-killing protocol
- December 2014
- November 2014
- September 2014
- December 2013
- November 2013
- October 2013
- August 2013
- March 2013
- February 2013
- January 2013
- December 2012
- September 2012
- August 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
Top Posts & Pages
- Earthquakes and Volcanoes in Prophecy
- THE TRUTH BEHIND FRATERNITIES AND SORORITIES
- The Coming Four Blood Moons
- Nuclear Targets in America
- Sphere Sculptures Across the Globe
- Nibiru planet X 2012 PROOF of Government conspiracy
- Are Taylor Swift, Beyonce, Jay Z Illuminati/Satanic Pawns (Videos)
- Wikileaks: GMO conspiracy reaches highest levels of US Government
- Records fall as big spring storm hits Madison
- Why Are Modern Guillotines on Military Bases in America?
- 1,098,714 hits