08.01
We discovered ÜberTwitter (@ubertwiter) a well-known twitter client for BlackBerry platform. During the traffic analysis we realized that this nice application each time you start it sends without warning the following data to UberTwitter’s servers:
- Personal Identification Number BlackBerry (PIN)
- Phone Number
- Physical Location of equipment
We have 4 connections highlighted:
1 y 2 ) Packet 183/204: It connects to Google’s Geolocation API, this API allows getting the latitude and longitude information using as the cell phone towers that form the cell in which the cellphone is located.
POST /loc/json HTTP/1.1
Host: www.google.com
Connection: close
content-type: application/json
Content-Length: 338
{“host”:”ubertwitter.com”,”address_language”:”en_US”,”request_address”:false,”carrier”:”Verizon Wireless”,”home_mobile_country_code”:18,”cell_towers”:[{“mobile_country_code”:18,”location_area_code”:8,”signal_strength”:-80,”cell_id”:631,”age”:0,”mobile_network_code”:18}],”version”:”1.1.0″,”radio_type”:”CDMA”,”home_mobile_network_code”:0}
HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8
Date: Thu, 15 Jul 2010 19:49:56 GMT
Expires: Thu, 15 Jul 2010 19:49:56 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close
{“location”:{“latitude”:39.029105,”longitude”:-77.502686,”accuracy”:2801.0},”access_token”:”2:YK11P_4P71Dse06Q:RC8_epQWU46gR4KG”}
In the response we can notice our position “latitude”:39.029105,”longitude”:-77.502686,”.
3 ) Packet 245: The application connects to server to reg3.ubbertwitter.com and sends: PIN Blackberry, cell phone number, email and twitter account.
POST /do_reg.php HTTP/1.1
Host: reg3.ubertwitter.com
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 231
twitter_user=infobytesec&product=UberTwitter_4_6&version=0.971&bb_pin=2100000a&model=9000&platformversion=&swversion=4.6.0.92&phone=15198887465&email=unknown&tweets_sent=0&gps_on=NO&carrier=Default+3G+Network&country=&in_app=606622
HTTP/1.1 200 OK
Date: Thu, 15 Jul 2010 19:50:09 GMT
Server: Apache X-Powered-By: PHP/5.2.12
Vary: Accept-Encoding
Content-Length: 340
Connection: close
Content-Type: text/html
{“RUN”:”YES”,”PAID”:”NO”,”INTERVAL”:10615737,”CALL_HOME_INTERVAL”:1080,”LOCATION”:”YES”,”SHOW_ADS”:”YES”,”VERSION_MESSAGE”:”You are running the latest version!”,”QUATTRO_SLICE”:1,”RIOTWISE_SLICE”:5,”MILLENNIAL_SLICE”:1,”PLUSONE_SLICE”:5,”BUZZCITY_SLICE”:1,”NEXAGE_SLICE”:1,”ADLY_SLICE”:1,”IP_ADDRESS”:”186.56.158.5″,”AD_LINGER_MINUTES”:1}
4 ) Packet 254: The application server sends to storeinfo.myloc.me our latitude, longitude, information cells with Blackberry PIN number.
POST /storeinfo.php HTTP/1.1
Host: storeinfo.myloc.me
Connection: close
content-type: application/json
Content-Length: 369
[{“BBPIN”:”2100000a”,”gpsaccuracy”:0,”mcc”:18,”mobile_country_code”:18,”capture_time”:1279309740783,”mnc”:0,”latitude”:39.029105,”accuracy”:2801,”longitude”:-77.502686,”mobile_network_code”:18,”altitude”:0,”location_area_code”:8,”cell_id”:631,”nettype”:”SIM”,”carrier”:”Verizon Wireless”,”gpslat”:0,”altitudeaccuracy”:0,”signal_strength”:-80,”usegps”:false,”gpslon”:0}]
HTTP/1.1 200 OK
Date: Thu, 15 Jul 2010 19:50:10 GMT
Server: Apache X-Powered-By: PHP/5.2.11
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 28
Connection:
close {“success”:true,”records”:1}
Note that in the configuration you can set the publication of our location, but at the time of testing this feature was not enabled …
credit: infobyte
No Comment.
Add Your Comment