Is your mobile phone giving out your phone number?
IDG News Service - When mobile users surf the Web, they also may be inadvertently disclosing their phone numbers, a security researcher said Thursday.
The problem lies in the way some networks are reformatting Web data on what are known as proxy servers, which are used to help Web sites display properly on the tiny screens of some phones. According to Collin Mulliner, a graduate student at the Berlin Institute of Technology, some service providers are reformatting Web data they send to Web sites too, and adding sensitive customer information, such as phone numbers, which can then be logged by Web publishers.
Mulliner, a self-described mobile phone hacker, discovered the problem by reviewing his personal site's Web server logs and studying a large number of HTTP headers from mobile carriers.
In a talk at the CanSecWest conference in Vancouver, British Columbia, Mulliner said that he found data that could be used to identify users in some mobile Web traffic sent by large carriers, such as the U.K.'s Orange and Canada's Rogers Wireless. This information sometimes included unique identifiers such as the International Mobile Subscriber Identity number, customer account numbers and -- most troubling -- the actual mobile phone numbers.
"This is a pretty nice way to track mobile phone numbers," Mulliner said.
Mulliner does not know why carriers are adding this information to mobile proxy Web requests, but he said it's a bad practice.
Neither Orange nor Rogers Wireless immediately responded to requests for comment.
In some countries, it's possible to do reverse lookups of mobile phone numbers to find the name of a person who uses a particular phone number, so a Web operator could mine this header information and use it to profile visitors without their knowledge. "You can actually check out who is visiting your Web site," Mulliner said. "Phone numbers are way more personal than your e-mail address."
The issue primarily affects "medium-price-ranged" phones that need a Web proxy to reformat Web pages for their smaller displays. Modern smartphones such as the iPhone or Android do not require this.
For people who worry that their phone may be vulnerable to this problem, Mulliner has set up a Web page that tests for data leakage and reports the HTTP headers it finds. The Web page turns red if it finds a phone number, green if everything seems normal.
Mulliner promised not to save any of the data from these tests.
- How WAN Optimization Helps Enterprises Reduce Costs If you wanted to break down innovation into a tidy equation, it might go something like this: Technology + Connectivity = Productivity. Productivity...
- Four Little-Known Ways WAN Optimization Can Benefit Your Organization WAN optimization has evolved into a complete system that optimizes traffic across a broad range of most popular applications while providing deep visibility...
- SharePlan Security SharePlan is a continuous, secure, enterprise-ready file sync and share platform that facilitates smart, real-time collaboration across all devices.
- Three Ways Your DNS Can Impact DDoS Attacks Domain Name System (DNS) plays a big role in consumers' day-to-day Internet usage and is a critical factor when it comes to distributed...
- Online Video and Web Traffic: Sochi 2014 Winter Olympic Games Over 25 leading global broadcasters worked with Akamai to deliver the action, excitement and inspiration of Sochi because they understand online viewers expect...
- Video surveillance for IT: maximum image quality, minimum bandwidth Join us on Thursday, May 8th at 1 p.m. EST when Willem Ryan, Senior Product Marketing Manager at Avigilon, will discuss how IT... All Networking White Papers | Webcasts