Thursday, January 26, 2012

O2 Uses Openwave to Insert Users' Mobile Numbers into HTTP Requests

The press reports that Lewis Peckover, system administrator, Probability, found that O2 inserts customers' mobile number into HTTP headers (x-up-calling-line-id field) sent to web sites. Lewis even set a web page (here) for O2 users (or anyone else) to see that. This is a common mobile proxy gateway, generally known as "header insertion".

According to the following article, x-up-calling-line-id field is generated by Openwave gateways, which are also used by O2. Equipment from other vendors does it as well, of course, see an example for that here. One reason to do that is to identify the user to 3rd parties, for chagrining or other purposes.

Few hours after his discovery, Lewis tweeted that "Looks like @O2 may have just resolved the issue. It has stopped showing my number. Anyone still seeing it?"

See report by Anna Leach for The Register - "O2 leaks 3G users' mobile numbers to every website visited" - here.

No comments:

Post a Comment