Beware !! Vodafone’s spying on you

Hello,

Today, while surfing on Twitter, I noticed Brute Logic’s Tweet about the JS event handler “onbeforescriptexecute”, which makes a tag execute JS right before every tag on the page starts execution.

I followed the link provided in the tweet anticipating that only one alert will be there because of the tag that is already in the page, but I was surprised to see that actually two alert boxes appeared.

I inspected the source code of the page, and was thrilled to see a completely new tag there, which was not there in the first place on the page, neither was it injected in the payload. See the following screenshot:

After some research on Google, I found out that the script gets injected by my ISP, Vodafone. This means that they are intercepting and eavesdropping on EVERY request I make to EVERY page that doesn’t use HTTPS as protocol, and of course EVERYONE else’s requests as well.

The script basically replaces all the images in a given page with low quality ones, saving bandwidth for Vodafone, and giving them the opportunity to inspect every request issued by the devices connected to them.
 
Reference: http://www.sphaero.org/blog:2012:0418_am_i_hacked_oh_it_s_just_vodafone

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s