Skip Navigation


O2 shares your mobile phone number with every website you visit
Wednesday 25 January 2012 00:35:08 by Sebastien Lahtinen

If you're reading this news article using your O2 mobile phone, you'll be pleased to know that O2 have already sent us your mobile phone number within the HTTP headers which normally contain information about how content can be displayed on your device. These headers are not normally seen by users, and usually not logged by most websites, but the flaw allows malicious sites to get more personal information about you than you may be willing to share.

For example, if you open an e-mail which includes references to external images, the mere action of opening the e-mail would divulge your phone number. This could be used by anyone undertaking a phishing attack or other scam to get more information from you. The opportunity to abuse this is potentially endless.

This issue was uncovered by @lewispeckover and has been confirmed by thinkbroadband as being correct, although by the time we took this photo, the issue seems to have stopped affecting the phone we tested:

O2 IP Address flaw

This screenshot from an iPhone still shows the problem:

O2 IP Address Sharing
(click to view full screenshot)

We understand from other sources that it is still affecting some individuals, however we suspect O2 has been quick to start fixing the issue. Our suspicion is that the feature is used by internal O2 websites to identify the user trying to make changes to the account, but that one or more of O2's proxy servers have been misconfigured.

We have tested this on Vodafone ourselves and have found no trace of a similar problem

O2 users may be able to confirm if they are still affected by visiting Lewis Peckover's website here (external link), noting that by visiting the site, you're probably giving him your phone number (although we very much suspect he would be more careful with it).

Comments

Posted by mixt over 3 years ago
Just tried it on my O2 PAYG phone and the issue still exists. My Orange contract phone doesn't have this problem.

I've known about the O2 transparent proxy for a while, especially on their BB dongles, which by default, come with a whole array of TCP ports which are caught (just do a simple TCP port scan on any IP address from an O2 BB dongle and you'll see what I mean). Ports 22 and 443 are the only ones that aren't tampered with (obviously), plus a few other lesser known ones.
Posted by seb (Favicon staff member) over 3 years ago
My ipad still exhibits this issue but my O2 phone SIM doesn't any more (tried it with both a Nokia E90 and an HTC Android device)
Posted by bosie over 3 years ago
I wonder if this also applies to the proxy bypass APN mobile.o2.co.uk username: bypass password: password
Posted by adamtemp over 3 years ago
yes still affected complaint to ico and ofcom may follow screen print of iphone taken as evidence ios 4.01 4s
Posted by athegn over 3 years ago
Just tried my O2 phone and found my mobile number published!!!
Posted by Apilar over 3 years ago
Pretty shocking.
Posted by perksie over 3 years ago
My HTC Android also has this issue, I can't say I'm too impressed.
Posted by TonyHoyle over 3 years ago
At one time (back when we all went via WAP gateways) a whole load of stuff was sent, including phone type, APN used, etc.... the companies mostly don't bother any more.

It's probably been doing this for years but it took till today for anyone to care.
Posted by Gandalf over 3 years ago
Just tried my phone, on Vodafone. No number reported. Then I tried a friends phone who is on O2 and his number is reported! Bad O2, I was considering migrating as I'm out of contract now, but I think I'll be staying with Vodafone for now!
Posted by bonnington over 3 years ago
My Monte Carlo Android on Tesco also exhibits this issue.
Posted by bifkinuk over 3 years ago
Just tried on my Nokia on an O2 contract and my mobile number showed up in the headers
Posted by adamtemp over 3 years ago
O2 twitter feed swamped with this issue and a blanket response of " we're checking with internal teams, and will come back with more as soon as we can."
Joke ico ofcom etc should deal with this
Posted by ronreid over 3 years ago
shows up on giffgaff (which uses O2 network)
Posted by cohech over 3 years ago
My 02 phone is still being displayed. Unbelievable security hole.
Posted by dustofnations over 3 years ago
Heh, smells like a DPA violation to me. I would think there are plenty of places that now have reams of this information inadvertently stored through analytics, HTTP debug logs... Wonderful!
Posted by ianbb over 3 years ago
Were O2 contacted about this breach of privacy before it hit the public domain?

If not, whoever first released this info has behaved recklessly to say the least.
Posted by dustofnations over 3 years ago
It was first revealed ages ago, but the operators took no notice:

http://nakedsecurity.sophos.com/2012/01/25/smartphone-website-telephone-number/
Posted by adamtemp over 3 years ago
Just re run the check and now mu o2 number not shown using idata apn perhaps a fix is in place already
Posted by carphead over 3 years ago
My 4S is no longer displaying it. It was at about 9am this morning.
Posted by perksie over 3 years ago
Appears to be fixed for me too.
By heck, they can move when they have to.
Posted by adamtemp over 3 years ago
official o2 response http://blog.o2.co.uk/home/2012/01/o2-mobile-numbers-and-web-browsing.html
Posted by orly2 over 3 years ago
Posted by cohech
My 02 phone is still being displayed. Unbelievable security hole.

---

Care to explain what the security issue is? Apart from getting a nuisance phone call from any website admin bored enough to bother...but that's more a privacy thing.
Posted by KarlAustin over 3 years ago
You can stop O2 from downgrading images etc. by changing your APN login details if your APN is mobile.o2.co.uk to:

User: bypass
Pass: password

More annoyingly is that you can't get a PPTP VPN to work over the iPhone Data Tariff APN of idata.o2.co.uk - it'll work over mobile.o2.co.uk - but then you get charged for the data!
Posted by chrysalis over 3 years ago
they have fixed it but it seems they do still share the number with some companies, here is a quote of their blog. "When you browse from an O2 mobile, we add the user's mobile number to this technical information, but only with certain trusted partners." I suspect one such partner is the android market but I dont know who others would be.
You must be logged in to post comments. Click here to login.