Zibago
ELITE MEMBER
- Joined
- Feb 21, 2012
- Messages
- 37,006
- Reaction score
- 12
- Country
- Location
Mobilink Blunder of Injecting Code into User Browser
2 days ago0 Comments1,828 Views3 min read
Isn’t it worse when you watch a movie on your mobile and some shady toolbar appears on the side and covers half the display?
What would you do if I tell you that is NOT just a toolbar providing users easy access to company features (in fact annoying you all the time) but a way for a hacker to hack into your mobile and capture your logs and sensitive data ? One of our admin recently had a bad experience with Zong Tool Bar Code Injection & they resolved it somehow after a lengthy discussion with Zong Management (Meh ), why Zong removed it ? Because it was unethical and they had no logical answer to explain their actions ,nor its first time a company has done such shady activity : Ufone has been messing with user web traffic & Now Mobilink, One of the largest telecommunication company in Pakistan (Huh Seriously?).
Do you wonder how someone can exploit into our mobile and spy on us? Let me explain a bit here!
“ToolBar” Leads to Hack:
This toolbar is only working on websites with HTTP, not HTTPS (Secure protocol), Simple is that, they can see what we are doing, they can have our logs, they can track our online activities. ( Oh Shit, Privacy? No Privacy!!! ) It’s not just a matter of privacy. Let’s dig deeper, Let’s suppose if a hacker hack into that toolbar and replace the code with their malware, who will be responsible for the leakage and misuse of user critical information such as credit cards, identification numbers, and other personal information?
Do you think they discussed it with some security professionals before the launch? I don’t!
Mobilink and Huawei launched this toolbar in Marriott Hotel Islamabad & they “Proudly” announced, you don’t need to download it, no need to install it, it will “automatically” show up on your sidebar (Just Wow!!).
Mobilink!! Are you kidding us?
It’s illegal and unethical to inject and manipulate user traffic let Mobilink know what you think
Ask Mobilink for an Explanation
Tweet to Mobilink
Lodge a Complaint with PTA
PTA Online Complaint
Service Type > Cellular Mobile Telephony > 3G/4G/LTE Related Issues > 4G/LTE Complaints > Mobilink
http://blog.drhack.net/mobilink-blunder-of-injecting-code-into-user-browser/
2 days ago0 Comments1,828 Views3 min read
Isn’t it worse when you watch a movie on your mobile and some shady toolbar appears on the side and covers half the display?
What would you do if I tell you that is NOT just a toolbar providing users easy access to company features (in fact annoying you all the time) but a way for a hacker to hack into your mobile and capture your logs and sensitive data ? One of our admin recently had a bad experience with Zong Tool Bar Code Injection & they resolved it somehow after a lengthy discussion with Zong Management (Meh ), why Zong removed it ? Because it was unethical and they had no logical answer to explain their actions ,nor its first time a company has done such shady activity : Ufone has been messing with user web traffic & Now Mobilink, One of the largest telecommunication company in Pakistan (Huh Seriously?).
Do you wonder how someone can exploit into our mobile and spy on us? Let me explain a bit here!
“ToolBar” Leads to Hack:
This toolbar is only working on websites with HTTP, not HTTPS (Secure protocol), Simple is that, they can see what we are doing, they can have our logs, they can track our online activities. ( Oh Shit, Privacy? No Privacy!!! ) It’s not just a matter of privacy. Let’s dig deeper, Let’s suppose if a hacker hack into that toolbar and replace the code with their malware, who will be responsible for the leakage and misuse of user critical information such as credit cards, identification numbers, and other personal information?
Do you think they discussed it with some security professionals before the launch? I don’t!
Mobilink and Huawei launched this toolbar in Marriott Hotel Islamabad & they “Proudly” announced, you don’t need to download it, no need to install it, it will “automatically” show up on your sidebar (Just Wow!!).
Mobilink!! Are you kidding us?
It’s illegal and unethical to inject and manipulate user traffic let Mobilink know what you think
Ask Mobilink for an Explanation
Tweet to Mobilink
Lodge a Complaint with PTA
PTA Online Complaint
Service Type > Cellular Mobile Telephony > 3G/4G/LTE Related Issues > 4G/LTE Complaints > Mobilink
http://blog.drhack.net/mobilink-blunder-of-injecting-code-into-user-browser/
