Is your smartphone telling every website you visit your telephone number?
O2 mobile users in the UK are venting on Twitter today, fuming at their discovery that their phone number is being shared with every website that they visit over the network.
I found a colleague who owns an iPhone on the O2 network, and we tried it out for ourselves. Making sure we turned off his WiFi connection, we used the O2 mobile network to access the web.
Sure enough, his mobile number was being secretly communicated to websites he visited, embedded inside an http header called HTTP_X_UP_CALLING_LINE_ID.
O2’s response so far is to tell concerned Twitter users that it is investigating the issue.
Well, maybe I can be of some assistance. Because, although the problem is getting a lot of people’s attention today, it’s actually been known about for almost two years at least.
Back in March 2010, Berlin student Collin Mulliner revealed his discovery at the CanSecWest conference in Vancouver and presented a paper on the topic entitled “Privacy Leaks in Mobile Phone Internet Access”.
It’s hard to understand why a mobile phone network operator would think it is necessary to transmit their customers’ mobile phone numbers to the website they visit. My guess is that it’s more likely to be a cock-up than malice which caused this data to be leaked – but what’s worse is that the problem is still present almost two years after it was first discovered.
It’s certainly easy to imagine how the information could be abused – for instance, if your mobile phone number is scooped up, it could then be used to SMS text spam you.
Occasional Naked Security contributor Terence Eden has made a video demonstrating the problem:
So, the big question is are other mobile networks – including those in other countries – also doing this?
If you want to know if your smartphone is revealing your phone number when you browse websites, you can test for yourself by visiting this demo page by Collin Mulliner: www.mulliner.org/pc.cgi
If it comes up green, you’re all clear. But if you see red, well.. maybe you’ll be seeing red with your mobile phone operator too.
(Remember, you have to turn off WiFi before you test. That way, your phone is forced to use your mobile phone network for the connection.)
- Dead Men’s Secrets – George Gordon forbidden archeology
- Sleep Paralysis Documentary
- RUSSIA WARNS: ASTEROID IMPACT in Atlantic Ocean
- Big Food Wants to Label GMO Foods ‘Natural’ in Outrageous Request
- An Inevitable Headache: US Allies Sell Defense Technology to China
- 2 years after new volcano appeared, seismic activity restarts on island
- September 2014
- December 2013
- November 2013
- October 2013
- August 2013
- March 2013
- February 2013
- January 2013
- December 2012
- September 2012
- August 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
Top Posts & Pages
- Nuclear Targets in America
- The Coming Four Blood Moons
- US NAVY MAP of the FUTURE – is this NOW??
- Dead Men's Secrets - George Gordon forbidden archeology
- Russian Threats of Nuclear War Grow Louder
- A Gigantic Pyramid on Ocean Sea Floor in Bermuda Triangle?
- USDA Wants RFID Tracking Technology To Be Mandatory In US Food Stamp Program
- THE TRUTH BEHIND FRATERNITIES AND SORORITIES
- Nibiru planet X 2012 PROOF of Government conspiracy
- Sphere Sculptures Across the Globe
- 1,053,156 hits