This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MMS leaks your photos online

Anonymous
Not applicable

on ‎18-07-2008 19:30 - last edited on ‎20-06-2012 09:07 by O2 Social Media Team

on ‎18-07-2008 19:30 - last edited on ‎20-06-2012 09:07 by O2 Social Media Team

As mentioned on this mailchannels.com, O2 have a rather major leak on their website, meaning anyone can access some customers photos and MMS messages without authentication. MMS messages are Picture Messages (Media Messages) that can contain images, video or audio.

Now MMS enabled phones are used much more frequently, O2 enabled a feature meaning that customers WITHOUT a MMS-capable mobile phone receive a text message informing them they can collect their message online, on o2's website.

You may assume that if you use this service to send a photo to a friend that your photo is protected and not broadcast for the entire world to see.

Unfortunately, O2's site has a fairly problematic bug meaning the images are only secured by a random passphrase.

After typing in your mobile phone number and PIN code, your web browser is given a 16 digit code, and this is the only code required to view images.

The URL for these images is protected by only a 16 digit HEX code. It would be quite easy to write a script to try various combinations of 16 hex digits to try and randomly view a photo but depending on how many photos are being hosted the hit rate could be quite low.

David at MailChannels has come up with a Google search which locates some of the images that could be found with this service:

http://www.google.com/search?hl=en&q=in ... N&filter=0

Worse still, the majority of the images taken on cameras turns out to be children. Ironically, O2 has a website dedicated to "Protect Our Children", well a good first step would be to avoid leaking customer photos.

I have reported the case to several agencies in the UK - including the ICO, Ofcom, O2 and my excellent local MP. Hopefully something will be done about this. In the mean time, please spread the news, and any advice you can offer would be excellent.
More information about this problem is listed at:

http://xcns.co.uk/o2/mmsleak.php

http://www.google.com/search?hl=en&q=in ... N&filter=0

and

http://blog.mailchannels.com/2008/07/o2 ... hotos.html

Thanks very much for reading this email, I look forward to any advice and any replies,

Dug Stokes with parts from Kirk Saywell and blog.mailchannels.com
Message 1 of 9
4,944 Views
0 Kudos
8 REPLIES 8

Anonymous
Not applicable

on ‎18-07-2008 21:38

on ‎18-07-2008 21:38

Could be simply fixed by requiring authentication on the actual image result pages ... but O2 don't seem to care much about their MMS legacy platform, I've been trying to discuss various aspects of it with them for ages 😞
Message 2 of 9
4,944 Views
0 Kudos

Anonymous
Not applicable

on ‎19-07-2008 07:58

on ‎19-07-2008 07:58

It'd be nice if they sent me text's telling me I had MMS, instead of just ignoring them....
Message 3 of 9
4,944 Views
0 Kudos

Anonymous
Not applicable

on ‎19-07-2008 08:17 - last edited on ‎20-06-2012 09:07 by O2 Social Media Team

on ‎19-07-2008 08:17 - last edited on ‎20-06-2012 09:07 by O2 Social Media Team

This has just been posted on Slashdot too, so expect a lot more people being aware of this problem too:

http://search.slashdot.org/article.pl?s ... 19/0121228

Amazingly, as the posted - O2 haven't deleted my Forum Account this time (yet!), but I suspect they will soon, they deleted my last account ('dug') and deleted both the previous posts.

Luckily I posted this after they all went home :smileyhappy:

Oh, is anyone aware that e-mail doesn't work on PAYG and won't work on the iPhone either?

http://www.xcns.co.uk/o2

Thanks everyone for your comments.
Message 4 of 9
4,944 Views
0 Kudos

Anonymous
Not applicable

on ‎19-07-2008 09:00

on ‎19-07-2008 09:00

Odd.. I've been emailing quite happily from my iphone on PAYG so far.
Message 5 of 9
4,944 Views
0 Kudos

Anonymous
Not applicable

on ‎19-07-2008 09:06

on ‎19-07-2008 09:06

Oh, is anyone aware that e-mail doesn't work on PAYG and won't work on the iPhone either?
http://www.xcns.co.uk/o2
Thanks everyone for your comments.


Would be nice if they (and you) did some research before posting this rubish. Email works just fine on the iPhone with PAYG.
Message 6 of 9
4,944 Views
0 Kudos

Anonymous
Not applicable

on ‎21-07-2008 08:34

on ‎21-07-2008 08:34

Weird, doesn't work on any other non-iPhone device such as windows mobile. I was just going by what Customer Services at O2 said.

Seems like O2 have managed to enable it for iPhone users but won't for any other user, such as those of us with Windows Mobile - aren't trusted with eMail unlike iPhone users.

Seems a tad unfair and discriminatory, O2.

(Watch as this forum post gets deleting in 3... 2... 1...)
Message 7 of 9
4,944 Views
0 Kudos

Anonymous
Not applicable

on ‎06-03-2010 09:56

on ‎06-03-2010 09:56

It'd be nice if they sent me text's telling me
Odd.. I've been emailing quite happily from my iphone on PAYG so far.
Message 8 of 9
4,944 Views
0 Kudos

Anonymous
Not applicable

on ‎31-05-2010 05:40

on ‎31-05-2010 05:40

sounds good to me
Message 9 of 9
4,944 Views
0 Kudos
Top Kudoed Authors
View All
Top