Aug 312010
 August 31, 2010  Posted by  Breaches, Non-U.S.

From the Certificate Error blog:

I’m currently assessing how mobile operators modify and enrich HTTP headers. I´ve already analyzed the main operators in France, Germany, Italy, Spain and UK with very interesting results I´ll publish soon.


During the assessment I found that Orange Spain is adding the user MSISDN in any HTTP request sent in its network. This means that it is really simple to get the user phone number from an Orange Spain user. On one hand, I saw that Orange Spain uses the header x-up-calling-line-id to add a user temporary ID that changes every 24h but I also found that in any HTTP request they will add the user phone number in the header X-Network-info.

I copy below an example of the headers where I removed some information. In green there are the headers added by my crawler while in red you can see the extra headers added by the Orange Spain WAP Gateway:

Read more on Certificate Error.

Via ZDNet (UK)

Sorry, the comment form is closed at this time.