Update: It seems O2 has now tweaked things to prevent its network from including phone numbers in HTTP headers. We'll keep you updated with any further developments.
If you're browsing the web on your phone or tablet on O2 UK, then the network could be exposing your phone number to every website you visit. O2 customer Lewis Peckover recently discovered that when you're browsing over 3G on O2, your handset's phone number is often included in the HTTP headers sent to each website you visit, in plain text.
HTTP headers are information exchanged between your browser and the web server before a page is loaded. In theory, the way O2 includes your phone number -- alongside more mundane information like your IP address, browser and OS -- means that any website you visit could easily find out your number. It's worth pointing out that the header used by O2 to send phone numbers -- "x-up-calling-line-id" -- isn't one that's routinely logged by web servers. However, just a couple of lines of code would allow a malicious server to find your phone number just by having you visit a website over 3G.
Lewis Peckover has set up a site to allow O2 customers to see whether they're affected. We've tried this with an O2 SIM in our Galaxy Nexus, and sure enough, there our phone number was in the list of "headers received". If you're on O2, make sure you've got Wifi disabled on your device, then click here and see if you spot your phone number among the HTTP headers. For what it's worth, early reports indicate that not all O2 customers are affected, though a large proportion apparently are.
This isn't an Android-specific problem, however due to the fact that it's a network-level issue, it'll affect Android phones just the same as any other device that's browsing over O2's data network. For this reason, just about anything that connects via HTTP over O2's network could potentially access this information. For its part, O2 says it's "investigating" the issue, and while this is a big deal for O2 customers, the fact that this is a network-level problem should mean that a fix will be relatively quick and easy to deploy.
More: Lew.io; via: ThinkBroadband
Source: http://feedproxy.google.com/~r/androidcentral/~3/W0LTWSsLFNU/story01.htm
matthew shepard matthew shepard aaron curry aaron curry ios 5 features ios 5 features ellen degeneres show
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.