Ring Ring Failphone: Smartphone user? Websites can possibly see your phone number

Visiting a website from a smartphone? If you’re on Verizon or T-Mobile (also Cricket and MetroPCS), your phone number is included in the headers of every HTTP request you make.

D’oh. Especially since (as covered here a few times) just about anyone these days can translate your cell number into your location. And do it pretty precisely.

http://seclists.org/dailydave/2012/q3/15
http://click-fraud-fun.blogspot.ca/2012/07/header-hunter-beware-misconfigured.html http://click-fraud-fun.blogspot.de/2012/07/more-mobile-madness.html http://www.theregister.co.uk/2012/01/25/o2_hands_out_phone_numbers_to_websites/

“Essentially for some US carriers when you visit a website via your 3g/4g connection your phone number can be leaked via a web request, in some cases it is leaked via internal telco proxy credentials that are passed past the last proxy.* The blog notes that this issue has come up before and provides some background links.

By watching the development of Silica and STALKER for the past few years Mark and AlexI have basically convinced me that 802.11 wireless is the devil. So I keep it permanently disabled on my phone. Now it seems that if I leave a snarky comment on a site I got to using my phone I might get a phone call from the site owner. If we can’t be jerks to each other anonymously on the internet then what’s the point?”

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: