O2 be a fly on the wall…

The Anna Raccoon Archives

by Anna Raccoon on January 25, 2012

Post image for O2 be a fly on the wall…

When the Data Protection Ombudsman opens his mail in the morning.

If you’re reading this news article using your O2 mobile phone, you’ll be pleased to know that O2 have already sent me your mobile phone number within the HTTP headers which normally contain information about how content can be displayed on your device.

Fortunately for you, I am not technically savvy enough to retrieve this information, nor bitchy enough to send you a text message on your mobile phone in the middle of Coronation Street this evening apparently from the local STD clinic or worse…

Other web sites you visit might not be so well mannered or considerate.

For example, if you open an e-mail which includes references to external images, the mere action of opening the e-mail would divulge your phone number. This could be used by anyone undertaking a phishing attack or other scam to get more information from you. The opportunity to abuse this is potentially endless.

This glitch in O2s software was allegedly revealed by the thinkbroadband site this afternoon, but worryingly, a little research reveals that it was identified 12 months ago by a young hacker at the CanSecWest conference in Vancouver. Quite amazing that a full year later, the same glitch existed.

There is a site here where you can check whether O2 are handing out your mobile phone number to every Tom, Dick and Harry you surf to meet…..it means potentially giving your phone number to Lewis Peckover but at least you will know who you’ve given it to!

{ 10 comments }


john malpas January 25, 2012 at 22:03

It is fascinating that as the years drift by how much equipment is totally
foreign to one. I have no idea what an O2 is ( and dont want to know) . We
only own an electric mobile phone as the occaisional lorry cuts our outside
phone line.
The frenzy to buy new ‘stuff’ is quite amazing. But even more
so is how all the youf have become right chatterboxes.
Why do you do
it?


JimS January 25, 2012 at 18:26

I don’t understand this ‘modern’ generation. Once upon a time your phone
number was public, it appeared in telephone directories, the point of having a
telephone was that people could get in touch with you.


Now, with the advent of mobiles, the number is ‘private’, shared only with
your little in-group. Heaven forbid that your next door neighbour or fellow
worker might urgently want to contact you.


But then these self-same people tell all on Facebook. Anyone in the world
can now potentially track you down with clues of pictures, friends, schools
etc. apparently freely give. A far cry from the thick directory set in small
type in which you were hidden amongst all the other “Smith, J.”‘s.


So what a shock that people using their mobiles to access the internet are
having their ‘secret’ IDs forwarded and that the Data Protection Commissioner
might need to get involved. Don’t shout too loud though, don’t these wombats
realise that when they access the internet using their PCs that their unique
IP address is also being forwarded and revealed to every website that they
visit too. Better block that too – oh sorry, that is how the internet
works.



Woodsy42 January
25, 2012 at 21:32

“Once upon a time your phone number was public, it appeared in telephone
directories,”


Yes, but that was before the whole world caught paranoia and started
treating everyone else as strangers and criminals.



ThePresentOccupier January 27, 2012 at 10:23

Perhaps, but it was also before the advent of automated diallers, voice
playout systems and call centres with scripts to try and sell you services
no sane person should want.


Cold-calling then required a phone book, calloused fingers for manual
dialling and a very thick skin.


Uncle Nick
January 26, 2012 at 10:38

Playing Devil’s Advocate here for a moment…


Firstly an IP address might not be related to a person specifically –
DHCP from an IP address pool means that it’s far easier for most of Joe
Public to change an IP address than a phone number.


And secondly, you can’t harrass someone via an IP address; unlike a
mobile phone number which will have a device on the other end capable of
receiving a torrent of spam, cold callers or heavy breathing depending on
the outlook of the tormentor…


I fully agree with your diatribe against the idiots who want to live
their lives splashed across the internet. *shudders*



2Mac January 26, 2012 at 12:18

Well explained Uncle Nick,


Browser User Agent string (HEADER) usually carries 5-15 bits of
identifying information.. That means that on average, only one person in
about 1,500 (210.5) will have the same User Agent as you of all the people
on the internet.


On its own, that isn’t enough to recreate cookies and track people
perfectly, but in combination with another detail like geolocation to a
particular ZIP/post code or having an uncommon browser plugin installed,
the User Agent string becomes a real privacy problem.


If you add a unique telephone number it is a perfect method of
tracking. The people who are in the business of tracking operate across
millions of websites via Ads and plugins. Eg. All the handy Apps you
download on your iphone or plugins for your browser are often frontend
surveillence for advertising trackers, spammers, botnets and government
snoopers.


O2 already had all your demographic information stored on your
registration for the phone. By using your phone number as a reference
point for all websites you they visited they have you totally monitored at
all times.


The leaking of the information is likely to have occurred when the O2
servers have not been configured to modify the User Agent tags from the
outbound requests to the internet thus rebroadcasting externally the
information they were wishing to secretly harvest for themselves.


There failure has allowed every website you travel too and every server
you travel through (Any their are many) to gather information and identify
you precisely while also being able to track your habbits and preferences
via cookies through the wider adware networks.


There are many criminal activities that can be exploited by such
information but their is no point in explaining these in detail, I am sure
you an imagine.


If you want to see how Big Brother techincally works Google “bits of
entropy” & “internet anonymity” then proceed to make a toilfoil hat
for your head.


The only real solution is TOR Bundle also to be found. It is also wise
to request an https connection when ever possible to avoid snooping
between parts of the internet.


15 minutes of installation leaves your internet slightly slower but
totally Anonymous if operated correctly. This is how the Chinese and
Iranain, etc political activists operate.


ivan January 25, 2012 at 16:45

It appears that it has been fixed now http://www.theregister.co.uk/2012/01/25/o2_stop_phone_number_leak/


View from the
Solent January 25, 2012 at 16:08

Anna,
with a headline like that, are you angling to be a sub at the
Currant Bun?



Anna
Raccoon January 25, 2012 at 16:18

I know, I’m wasted here, wasted I tell you……


Peter MacFarlane
January 25, 2012 at 15:54

“Quite amazing that a full year later, the same glitch existed”


Only if you assume it’s a bug rather than a feature.


Comments are closed.