Broadband News

O2 shares your mobile phone number with every website you visit

If you're reading this news article using your O2 mobile phone, you'll be pleased to know that O2 have already sent us your mobile phone number within the HTTP headers which normally contain information about how content can be displayed on your device. These headers are not normally seen by users, and usually not logged by most websites, but the flaw allows malicious sites to get more personal information about you than you may be willing to share.

For example, if you open an e-mail which includes references to external images, the mere action of opening the e-mail would divulge your phone number. This could be used by anyone undertaking a phishing attack or other scam to get more information from you. The opportunity to abuse this is potentially endless.

This issue was uncovered by @lewispeckover and has been confirmed by thinkbroadband as being correct, although by the time we took this photo, the issue seems to have stopped affecting the phone we tested:

O2 IP Address flaw

This screenshot from an iPhone still shows the problem:

O2 IP Address Sharing
(click to view full screenshot)

We understand from other sources that it is still affecting some individuals, however we suspect O2 has been quick to start fixing the issue. Our suspicion is that the feature is used by internal O2 websites to identify the user trying to make changes to the account, but that one or more of O2's proxy servers have been misconfigured.

We have tested this on Vodafone ourselves and have found no trace of a similar problem

O2 users may be able to confirm if they are still affected by visiting Lewis Peckover's website here (external link), noting that by visiting the site, you're probably giving him your phone number (although we very much suspect he would be more careful with it).

Comments

Just tried it on my O2 PAYG phone and the issue still exists. My Orange contract phone doesn't have this problem.

I've known about the O2 transparent proxy for a while, especially on their BB dongles, which by default, come with a whole array of TCP ports which are caught (just do a simple TCP port scan on any IP address from an O2 BB dongle and you'll see what I mean). Ports 22 and 443 are the only ones that aren't tampered with (obviously), plus a few other lesser known ones.

  • mixt
  • over 5 years ago

My ipad still exhibits this issue but my O2 phone SIM doesn't any more (tried it with both a Nokia E90 and an HTC Android device)

  • seb
  • thinkbroadband staff
  • over 5 years ago

I wonder if this also applies to the proxy bypass APN mobile.o2.co.uk username: bypass password: password

  • bosie
  • over 5 years ago

yes still affected complaint to ico and ofcom may follow screen print of iphone taken as evidence ios 4.01 4s

  • adamtemp
  • over 5 years ago

Just tried my O2 phone and found my mobile number published!!!

  • athegn
  • over 5 years ago

Pretty shocking.

  • Apilar
  • over 5 years ago

My HTC Android also has this issue, I can't say I'm too impressed.

  • perksie
  • over 5 years ago

At one time (back when we all went via WAP gateways) a whole load of stuff was sent, including phone type, APN used, etc.... the companies mostly don't bother any more.

It's probably been doing this for years but it took till today for anyone to care.

  • TonyHoyle
  • over 5 years ago

Just tried my phone, on Vodafone. No number reported. Then I tried a friends phone who is on O2 and his number is reported! Bad O2, I was considering migrating as I'm out of contract now, but I think I'll be staying with Vodafone for now!

  • Gandalf
  • over 5 years ago

My Monte Carlo Android on Tesco also exhibits this issue.

  • bonnington
  • over 5 years ago

Just tried on my Nokia on an O2 contract and my mobile number showed up in the headers

  • bifkinuk
  • over 5 years ago

O2 twitter feed swamped with this issue and a blanket response of " we're checking with internal teams, and will come back with more as soon as we can."
Joke ico ofcom etc should deal with this

  • adamtemp
  • over 5 years ago

shows up on giffgaff (which uses O2 network)

  • ronreid
  • over 5 years ago

My 02 phone is still being displayed. Unbelievable security hole.

  • cohech
  • over 5 years ago

Heh, smells like a DPA violation to me. I would think there are plenty of places that now have reams of this information inadvertently stored through analytics, HTTP debug logs... Wonderful!

  • dustofnations
  • over 5 years ago

Were O2 contacted about this breach of privacy before it hit the public domain?

If not, whoever first released this info has behaved recklessly to say the least.

  • ianbb
  • over 5 years ago

It was first revealed ages ago, but the operators took no notice:

http://nakedsecurity.sophos.com/2012/01/25/smartphone-website-telephone-number/

  • dustofnations
  • over 5 years ago

Just re run the check and now mu o2 number not shown using idata apn perhaps a fix is in place already

  • adamtemp
  • over 5 years ago

My 4S is no longer displaying it. It was at about 9am this morning.

  • carphead
  • over 5 years ago

Appears to be fixed for me too.
By heck, they can move when they have to.

  • perksie
  • over 5 years ago

official o2 response http://blog.o2.co.uk/home/2012/01/o2-mobile-numbers-and-web-browsing.html

  • adamtemp
  • over 5 years ago

Posted by cohech
My 02 phone is still being displayed. Unbelievable security hole.

---

Care to explain what the security issue is? Apart from getting a nuisance phone call from any website admin bored enough to bother...but that's more a privacy thing.

  • orly2
  • over 5 years ago

You can stop O2 from downgrading images etc. by changing your APN login details if your APN is mobile.o2.co.uk to:

User: bypass
Pass: password

More annoyingly is that you can't get a PPTP VPN to work over the iPhone Data Tariff APN of idata.o2.co.uk - it'll work over mobile.o2.co.uk - but then you get charged for the data!

  • KarlAustin
  • over 5 years ago

they have fixed it but it seems they do still share the number with some companies, here is a quote of their blog. "When you browse from an O2 mobile, we add the user's mobile number to this technical information, but only with certain trusted partners." I suspect one such partner is the android market but I dont know who others would be.

  • chrysalis
  • over 5 years ago

Post a comment

Login Register