O2 Privacy Flaw Sends Users' Mobile Numbers to Visited Websites
As noted by think broadband, a privacy flaw in the way UK carrier O2 handles web traffic on mobile devices has resulted in users' mobile numbers being sent to any website visited from the device as part of the headers in the HTTP requests. While O2 is apparently still investigating the situation, it appears to have the potential for significant privacy-related issues.
If you're reading this news article using your O2 mobile phone, you'll be pleased to know that O2 have already sent us your mobile phone number within the HTTP headers which normally contain information about how content can be displayed on your device. These headers are not normally seen by users, and usually not logged by most websites, but the flaw allows malicious sites to get more personal information about you than you may be willing to share.
For example, if you open an e-mail which includes references to external images, the mere action of opening the e-mail would divulge your phone number. This could be used by anyone undertaking a phishing attack or other scam to get more information from you. The opportunity to abuse this is potentially endless.
The issue was discovered by Twitter user @lewispeckover, who then set up a website to allow users to see what headers are being sent as part of their HTTP requests to websites.
He now notes that the headers coming from his device appear to have stopped showing his mobile phone number, although O2 has yet to issue an official statement on the matter. The company's Twitter account is continuing to blast out responses to concerned users, noting only that the company is looking into the situation and will issue an update when it knows more.
The issue is not exclusive to the iPhone and has the potential to affect all mobile data on the second-largest carrier in the UK, although some users have reported that they are not seeing their mobile numbers appearing in their HTTP request headers. The issue has the potential to for a significant impact on UK iPhone users, as O2 has proven to be a popular choice for iPhone users dating back to its status as the exclusive iPhone carrier in the UK when the device originally launched back in 2007.
Those familiar with the UK's privacy laws have indicated that mobile phone numbers are not considered protected information, but the disclosure of such numbers as part of standard HTTP requests does have the potential to carry implications for users.
Popular Stories
The iPhone 14 Pro and Pro Max introduce some major improvements in camera technology, adding a 48-megapixel lens and low-light improvements across all lenses with the new Photonic Engine. We've spent the last week working on an in-depth comparison that pits the new iPhone 14 Pro Max against the prior-generation iPhone 13 Pro Max to see just how much better the iPhone 14 Pro Max can be.
Subscrib ...
Thursday September 29, 2022 12:38 pm PDT by
Juli CloverTony Blevins, Apple's vice president of procurement, is set to depart the company after he made a crude comment about his profession in a recent TikTok video, reports Bloomberg.
Blevins was in a video by TikTok creator Daniel Mac, who was doing a series on the jobs of people he spotted with expensive cars. After seeing Blevins in an expensive Mercedes-Benz SLR McLaren, Mac asked Blevins what ...
Wednesday September 28, 2022 4:27 pm PDT by
Juli CloverThe Dark Sky weather app that's owned by Apple is no longer available for download in the U.S. App Store, suggesting that it has been removed ahead of schedule.
Apple acquired Dark Sky back in March 2020 and has since incorporated elements of the app into the Weather app available on the iPhone (and soon, the iPad).
Dark Sky remained available for purchase as a standalone weather app...
The third beta of iOS 16.1 that was released earlier this week expands the Adaptive Transparency feature introduced with the second-generation AirPods Pro to the original AirPods Pro.
As noted on Reddit, first-generation AirPods Pro owners who also have the AirPods beta software will now see an "Adaptive Transparency" toggle in the AirPods section of the Settings app. The 5A304A beta...
Thursday September 29, 2022 7:26 am PDT by
Sami FathiSpeaking at Università Degli Studi di Napoli Federico II in Naples, Italy, Apple CEO Tim Cook said that not too long from today, people will wonder how they led a life without augmented reality, stressing the "profound" impact it will have on the not so distant future. At the university, Cook was awarded an Honorary Degree in Innovation and International Management and also sat down for a...
Wednesday September 28, 2022 10:22 am PDT by
Juli CloverApple has seen high demand for the 6.7-inch iPhone 14 Pro Max, which could lead the company to further differentiate the next-generation iPhone 15 Pro and Pro Max, according to Apple analyst Ming-Chi Kuo. Apple could add exclusive features to the iPhone 15 Pro Max in an effort to encourage more people to purchase the larger and more expensive device.
Kuo last week said that Apple asked...
Thursday September 29, 2022 9:08 am PDT by
Sami FathiOne of the biggest new features in iOS 16 is a completely redesigned iPhone Lock Screen. The new Lock Screen is entirely customizable, letting you change the colors and fonts, add widgets and new wallpapers, and more to make your iPhone uniquely yours. Of course, even before iOS 16, you could customize your Lock Screen with a wallpaper of your choice. iOS 16 takes the Lock Screen wallpaper...
An Apple Watch Ultra user has modified their new device's casing to add a brushed finish and remove the orange color of the Action Button in an effort to make it more visually appealing.
The Apple Watch Ultra offers the first complete redesign of the Apple Watch since the product line's announcement in 2014, and while the design has been met with praise from many users, some have criticized...
Wednesday September 28, 2022 12:01 am PDT by
Juli CloverLogitech today announced the launch of several new mice and keyboards that have been developed for use with Apple's Macs, including Logitech's first mechanical keyboard that has been optimized for the Mac.
The MX Mechanical Mini for Mac Keyboard has a keyboard layout designed for Macs, with tools to customize shortcuts with Logi Options+. The keyboard uses Tactile Quiet low-profile switches...
The iPhone 14 and iPhone 14 Pro models bring over a longstanding Mac feature, but the setting to enable it is off by default.
The feature, which is actually a new accessibility option, allows the iPhone to play a startup chime like the Mac. When enabled, the sound comes alongside a new shutdown chime.
The Mac has featured a startup chime since 1987's Macintosh II, and the iconic "bong"...
Top Rated Comments
Everything Everywhere are very good, but Three (in the south of England at least) are best by far for 3G coverage.
Perhaps if O2 spent more money on, well, being a service provider and improving their network, rather than all that "priority moments" crap, they might increase their 3G coverage.
It wasn't inserted into the user agent, it was a separate header: "x-up-calling-line-id".
I'm thrilled they fixed it so quickly.
I'm going to treat o2 with a bit more suspicion from here on out.
One is Bango, the company that runs O2's adult verification software and thought sending credit card numbers in plaintext over http was a good idea.
O2 might "trust" them. I don't.
Phazer
*The junk texts don't stop when you leave Vodafone. The other day I received a text that said "Come back to Vodafone and we'll give you a free Windows 7 laptop". If there's one thing that would be guaranteed to STOP me going back to them, it's the threat of a crappy low end piece of junk with a crappy low end OS turning up at my house.