Your mobile numbers are being stolen by websites
Yes, your mobile numbers are beings stolen by the websites that you visit from your mobile phone using GPRS/EDGE. Lots of people are really unaware of this. This is a big privacy problem due to improper use of technology by the Telecom Operators to provide mobile internet to their consumers. Big Tech companies like Facebook, Google are even not proactive in responding to the privacy issues that they cause. So what can we expect out of the Telecom operators. Atleast people should understand that this is happening and how this works, So that you can save yourself in situations in which you will be able to.
How it Works
Whenever you hit a website from your mobile browser, the request will go to the particular website routed throws your mobile internet provider(Telecom Service Provider eg: Airtel). When you access a website, the mobile internet providers include some additional information to the request to make billing and tracking easier for them.
How Airtel does it
I hope most of the mobile internet users know that Airtel Live (http://live.airtelworld.com) is a place where you can buy and download wallpapers,ringtones and you will be charged automatically. Generally these wallpapers that you download will be from external content providers like hungama.com and for them to know the information about the subscriber who is buying the content, Airtel add a subscriber’s mobile number also along with each and every request that is sent to Hungama.com. Unfortunately Airtel sends the mobile number along with every request that is sent to any website.
Who are affected
Don’t be shocked !!! All Airtel GPRS/EDGE Users are not affected by this. For eg:- People who use GPRS/EDGE with the Mobile Office access-point are safe.
As Far as I know most of the Telecom Operators in India have this loop hole.
For Techies
The mobile numbers are sent in the HTTP request Headers. Given below is a small subset of headers that are used to send the mobile numbers (Few of them are standards).
HTTP_MSISDNHTTP_X_MSISDNHTTP_X_NOKIA_MSISDNHTTP_X_NETWORK_INFO
[HTTP_X_NETWORK_INFO] => GPRS,9198945xxxxx,airtelfun.com,unsecured
Specimens
I tried my best to dig into my logs and came up with these specimens for different operators.
BSNL WAP
[HTTP_CALLED_STATION_ID] => bsnlwap
[HTTP_X_MMS_SGSNMCCMNC] => 40472
[HTTP_X_MMS_PREPAID_FLAG] => N
[HTTP_X_MSISDN] => 9194461407xx
[HTTP_VIA] => 192.168.1.77:8080 (TeleDNA 2.0), 1.1 demil1.byetcluster.com:80 (Lusca/LUSCA_HEAD)
The full header is available here http://pastebin.com/iW2Dc43y
In the above specimen the first line is obvious. The second line’s header name ends with MCC MNC
MCC – Mobile Country Code – 404 – Mobile Country Code for India
MNC – Mobile Network Code – 72 – Mobile Network Code for BSNL Kerela
Check here for MCC / MNC codes reference
The third line is the actual mobile number and number starting with 9446 also confirms that it is BSNL Kerela
http://en.wikipedia.org/wiki/Mobile_telephone_numbering_in_India
BSNL LIVE header http://pastebin.com/cvBvGgpt
BSNL Cell One Header http://pastebin.com/rEYFkqhr
Interesting part in the Cell One Header. See what they are storing in the COOKIE
[HTTP_COOKIE] => User-Identity-Forward-msisdn=9194310316xx;Bearer-Type=w-TCP;wtls-security-level=none;network-access-type=GPRS;roaming-information=no_info
Vodafone Live
[HTTP_X_MSISDN] => 9197690476xx
[HTTP_VIA] => Jataayu CWS Gateway 4.2.0 at smsc1.mms-vlan.live.vodafone.in, 1.1 demil1.byetcluster.com:80 (Lusca/LUSCA_HEAD)
The first line is the mobile number and 9769 is the series for Vodafone Mumbai Metro Circle
The second line also confirms that it uses live.vodafone.com as a gateway that runs on Jataayu CWS Gateway.
IDEA Cellular
[HTTP_X_NOKIA_GATEWAY_ID] => NBG/2.0
[HTTP_X_NOKIA_BEARER] => 255
[HTTP_X_NOKIA_MSISDN] => 9198260177xx
[HTTP_X_NOKIA_IPADDRESS] => 10.9.122.233
[HTTP_X_NOKIA_PREPAIDIND] => 8
The full header is available here http://pastebin.com/9PRgJ1vA
The mobile number series 9826 is for IDEA Cellular Madhya Pradesh Circle
IDEA Cellular uses the Nokia WAP Gateway. I am not able to interpret rest of the headers, please let me if anybody is able to make sense out of it.
Airtel
[HTTP_X_NETWORK_INFO] => GPRS,9197948400xx,airtelfun.com,unsecured
[HTTP_MSISDN] => 9197948400xx
[HTTP_APN] => airtelfun.com
[HTTP_X_NOKIA_CONNECTION_MODE] => TCP
[HTTP_X_NOKIA_BEARER] => GPRS
The full header is available here http://pastebin.com/CEkyvxib
The above mobile numer series 9794 is Airtel Uttar Pradesh EAST.
I also remember seeing few REQUESTS with airtelwap.com instead of airtelfun.com.
I will also develop a small link that you can hit from your mobile phone to check if you are also affected. Will do it sometime and update this page.
Co-Founder,
How does it help the providers in tracking the usage?? They can track it better at the router level. Btw, do you have any test site which spits out the headers??
Yes they can track it in the router level (The WAP gateway actually), But they are using the mobile number for this, because finally to bill the user they need only the mobile number.
I have an huge sample data for this. I collected this using spoturtrain.com that I am running.
This might be used by sites to generate spam, I’m concerned if there is any kind of monitoring that is done by 3rd party sites using information provided by service providers.I don’t know about the laws regarding this, but this is unethical in my opinion. Have you tried mailing Airtel about this?Would like more substantial proof
Amey, I will soon update this page with substantial proof. Its in progress.
Nope I did not mail airtel about this and I do not think it makes sense. I should probably mail this to the WAP Gateway providers who implement them for the Telecom Operators. For eg:- TeleDNA is the company that implemented WAP Gateway for BSNL.
The network service companies in India want money and profit.
They dont care about its customers.
They suck the money from us like leechers.