[guardian-dev] weird network activity on mobile network

Hans-Christoph Steiner hans at guardianproject.info
Mon May 25 10:47:04 EDT 2020


Interesting, thanks for the report.

.hc

Matej Kovacic via guardian-dev:
> Hi,
> 
> maybe this story (which is still ongoing) will be of interest of some
> people around here.
> 
> I a blogging (in Slovenian language, but you can use google Translate)
> about the second largest mobile operator in Slovenia. In short, I have
> noticed they are doing MITM on HTTPS connections and it turned out that
> they are using Secucloud DNS filtering with quite stupid implementation
> - they were sending requests to blacklisted domains through proxy, which
> did MITM with self signed certificate.
> 
> And few days after that I found out that their mobile network has been
> inserting additional HTTP headers: X-MCCMNC with the value “29340”
> (mobile country code and network code) and - oh yes, baby -
> X-Asmp-User-Msisdn, which in fact contained the phone number of the
> subscriber.
> 
> There is much more of course. I would say it is quite fun reading,
> however it is really a bad practice and - my personal opinion - terrible
> incompetence of maintaining their own network.
> 
> Here are the links:
> 
> # https://telefoncek.si/2020/05/12/prestrezanje-v-omrezju-a1/
> # https://telefoncek.si/2020/05/18/nenavadno-dogajanje-v-omrezju-a1/
> # https://telefoncek.si/2020/05/24/poseganje-v-promet-uporabnikov-operaterja-bob/
> 
> 
> If there is an interest, I can try to compile an English version.
> 
> Regards,
> Matej
> 
> 
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email:  guardian-dev-unsubscribe at lists.mayfirst.org
> 

-- 
PGP fingerprint: EE66 20C7 136B 0D2C 456C  0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556


More information about the guardian-dev mailing list