[guardian-dev] weird network activity on mobile network
Hans-Christoph Steiner
hans at guardianproject.info
Mon May 25 10:47:04 EDT 2020
Interesting, thanks for the report.
.hc
Matej Kovacic via guardian-dev:
> Hi,
>
> maybe this story (which is still ongoing) will be of interest of some
> people around here.
>
> I a blogging (in Slovenian language, but you can use google Translate)
> about the second largest mobile operator in Slovenia. In short, I have
> noticed they are doing MITM on HTTPS connections and it turned out that
> they are using Secucloud DNS filtering with quite stupid implementation
> - they were sending requests to blacklisted domains through proxy, which
> did MITM with self signed certificate.
>
> And few days after that I found out that their mobile network has been
> inserting additional HTTP headers: X-MCCMNC with the value “29340”
> (mobile country code and network code) and - oh yes, baby -
> X-Asmp-User-Msisdn, which in fact contained the phone number of the
> subscriber.
>
> There is much more of course. I would say it is quite fun reading,
> however it is really a bad practice and - my personal opinion - terrible
> incompetence of maintaining their own network.
>
> Here are the links:
>
> # https://telefoncek.si/2020/05/12/prestrezanje-v-omrezju-a1/
> # https://telefoncek.si/2020/05/18/nenavadno-dogajanje-v-omrezju-a1/
> # https://telefoncek.si/2020/05/24/poseganje-v-promet-uporabnikov-operaterja-bob/
>
>
> If there is an interest, I can try to compile an English version.
>
> Regards,
> Matej
>
>
> _______________________________________________
> List info: https://lists.mayfirst.org/mailman/listinfo/guardian-dev
> To unsubscribe, email: guardian-dev-unsubscribe at lists.mayfirst.org
>
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
More information about the guardian-dev
mailing list