All the latest UK technology news, reviews and analysis
|
|
|
21 Jul 2008
O2 has been forced to take down its web-based MMS viewing service after hundreds of pictures sent by customers became viewable using a straightforward Google search.
The privacy storm arose after Google searches turned up O2 customer photos, complete with the sender's phone number at the top of each image.
The security breach was caused by MMS messages sent to mobile owners who do not own a compatible phone, including the new iPhone 3G.
Instead of a photo, users receive a URL from which they then click through to a website to view the O2 customer's image.
But because these websites have no password protection or log-in requirements the images can be easily accessed using a simple InURL Google search.
"As these web pages were wide open to the internet, not requiring any authentication, a very small handful were indexed by Google," said David Cawley, on the MailChannels Anti-Spam Blog, who discovered the flaw.
"I was able to craft a Google search that results in some matches to show an example of how this is an insecure method of hosting."
The gaffe is doubly embarrassing for O2, which promotes itself as a leading light in the world of online privacy through its Protect Our Children website.
"We have temporarily taken down our MMS web-based viewing service while we investigate this issue fully. This has no impact on the service for customers with MMS-enabled handsets," said an O2 spokesperson.
Latest stories from Communications
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Onsite IT Support Technician / Manager - Leek - circa...
Lead Infrastructure Engineer (Microsoft) – Hosted Services...
Hi Greetings, Job Title : Business Analyst Location...
Magento Senior Developer, London : Magento / PHP / CSS...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
It gets worse - much worse
It gets worse: Turns out that O2 had left a web server status page running, which allowed anyone to view the MMS message URLs, images, and videos that were currently being requested from their server. When we investigated this status page, we found literally dozens of private MMS videos that we could simply download and view. O2 probably did the right thing by taking their MMS web servers off-line as soon as the problem was disclosed. For that, they should be commended. However, this is a serious breach of privacy and O2 customers should demand more of their provider.
Posted by: Ken Simpson 23 Jul 2008