{"id":894,"date":"2010-08-01T16:20:09","date_gmt":"2010-08-01T09:20:09","guid":{"rendered":"http:\/\/deepquest.code511.com\/blog\/?p=894"},"modified":"2010-08-01T16:20:09","modified_gmt":"2010-08-01T09:20:09","slug":"ubertwitter-your-secret-spy","status":"publish","type":"post","link":"https:\/\/deepquest.code511.com\/blog\/2010\/08\/ubertwitter-your-secret-spy\/","title":{"rendered":"\u00dcberTwitter: your secret spy?"},"content":{"rendered":"<p>We discovered\u00a0<a href=\"http:\/\/www.ubertwitter.com\/\">\u00dcberTwitter<\/a> (<a href=\"http:\/\/twitter.com\/ubertwiter\">@ubertwiter<\/a>)\u00a0a well-known\u00a0twitter client for\u00a0BlackBerry platform.\u00a0During the traffic analysis we realized that this nice application each time you start it sends\u00a0without warning the following data to\u00a0UberTwitter&#8217;s\u00a0servers:<\/p>\n<ul>\n<li>Personal Identification Number BlackBerry (PIN)<\/li>\n<li>Phone Number<\/li>\n<li>e-mail<\/li>\n<li>Physical Location of equipment<\/li>\n<\/ul>\n<p><!--more--><\/p>\n<div id=\"gt-res-content\">\n<div dir=\"ltr\">In detail the application performs the following connections:<\/div>\n<\/div>\n<p><a href=\"http:\/\/deepquest.code511.com\/blog\/wp-content\/uploads\/2010\/08\/wireshark2.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-895\" title=\"wireshark2\" src=\"http:\/\/deepquest.code511.com\/blog\/wp-content\/uploads\/2010\/08\/wireshark2-300x129.jpg\" alt=\"\" width=\"300\" height=\"129\" \/><\/a><\/p>\n<p>We have 4 connections highlighted:<br \/>\n1 y 2 ) Packet 183\/204:\u00a0It connects to Google&#8217;s\u00a0<a href=\"http:\/\/code.google.com\/intl\/es\/apis\/gears\/api_geolocation.html\"><strong>Geolocation API<\/strong><\/a>,\u00a0this API allows getting the latitude and longitude information using as the cell phone towers that form the cell in which the cellphone is located.<\/p>\n<p><a href=\"http:\/\/deepquest.code511.com\/blog\/wp-content\/uploads\/2010\/08\/googlecellapi.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-896\" title=\"googlecellapi\" src=\"http:\/\/deepquest.code511.com\/blog\/wp-content\/uploads\/2010\/08\/googlecellapi-300x179.jpg\" alt=\"\" width=\"300\" height=\"179\" \/><\/a><\/p>\n<p>POST \/loc\/json HTTP\/1.1<br \/>\nHost: www.google.com<br \/>\nConnection: close<br \/>\ncontent-type: application\/json<br \/>\nContent-Length: 338<\/p>\n<p>{&#8220;host&#8221;:&#8221;ubertwitter.com&#8221;,&#8221;address_language&#8221;:&#8221;en_US&#8221;,&#8221;request_address&#8221;:false,&#8221;carrier&#8221;:&#8221;Verizon Wireless&#8221;,&#8221;home_mobile_country_code&#8221;:18,&#8221;cell_towers&#8221;:[{&#8220;mobile_country_code&#8221;:18,&#8221;location_area_code&#8221;:8,&#8221;signal_strength&#8221;:-80,&#8221;cell_id&#8221;:631,&#8221;age&#8221;:0,&#8221;mobile_network_code&#8221;:18}],&#8221;version&#8221;:&#8221;1.1.0&#8243;,&#8221;radio_type&#8221;:&#8221;CDMA&#8221;,&#8221;home_mobile_network_code&#8221;:0}<\/p>\n<p>HTTP\/1.1 200 OK<br \/>\nContent-Type: application\/json; charset=UTF-8<br \/>\nDate: Thu, 15 Jul 2010 19:49:56 GMT<br \/>\nExpires: Thu, 15 Jul 2010 19:49:56 GMT<br \/>\nCache-Control: private, max-age=0<br \/>\nX-Content-Type-Options: nosniff<br \/>\nX-Frame-Options: SAMEORIGIN<br \/>\nX-XSS-Protection: 1; mode=block<br \/>\nServer: GSE<br \/>\nConnection: close<\/p>\n<p>{&#8220;location&#8221;:{&#8220;latitude&#8221;:39.029105,&#8221;longitude&#8221;:-77.502686,&#8221;accuracy&#8221;:2801.0},&#8221;access_token&#8221;:&#8221;2:YK11P_4P71Dse06Q:RC8_epQWU46gR4KG&#8221;}<\/p>\n<p>In the response we can notice our position &#8220;latitude&#8221;:39.029105,&#8221;longitude&#8221;:-77.502686,&#8221;.<\/p>\n<p><strong>3 ) Packet 245: <\/strong>The application connects to server to reg3.ubbertwitter.com and sends: PIN Blackberry, cell phone number, email and twitter account.<\/p>\n<p><a href=\"http:\/\/deepquest.code511.com\/blog\/wp-content\/uploads\/2010\/08\/do_reg.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-897\" title=\"do_reg\" src=\"http:\/\/deepquest.code511.com\/blog\/wp-content\/uploads\/2010\/08\/do_reg-300x179.jpg\" alt=\"\" width=\"300\" height=\"179\" \/><\/a><\/p>\n<p>POST \/do_reg.php HTTP\/1.1<br \/>\nHost: reg3.ubertwitter.com<br \/>\nConnection: close<br \/>\nContent-Type: application\/x-www-form-urlencoded<br \/>\nContent-Length: 231<\/p>\n<p>twitter_user=infobytesec&amp;product=UberTwitter_4_6&amp;version=0.971&amp;bb_pin=2100000a&amp;model=9000&amp;platformversion=&amp;swversion=4.6.0.92&amp;phone=15198887465&amp;email=unknown&amp;tweets_sent=0&amp;gps_on=NO&amp;carrier=Default+3G+Network&amp;country=&amp;in_app=606622<\/p>\n<p>HTTP\/1.1 200 OK<br \/>\nDate: Thu, 15 Jul 2010 19:50:09 GMT<br \/>\nServer: Apache\u00a0X-Powered-By: PHP\/5.2.12<br \/>\nVary: Accept-Encoding<br \/>\nContent-Length: 340<br \/>\nConnection: close<br \/>\nContent-Type: text\/html<\/p>\n<p>{&#8220;RUN&#8221;:&#8221;YES&#8221;,&#8221;PAID&#8221;:&#8221;NO&#8221;,&#8221;INTERVAL&#8221;:10615737,&#8221;CALL_HOME_INTERVAL&#8221;:1080,&#8221;LOCATION&#8221;:&#8221;YES&#8221;,&#8221;SHOW_ADS&#8221;:&#8221;YES&#8221;,&#8221;VERSION_MESSAGE&#8221;:&#8221;You are running the latest version!&#8221;,&#8221;QUATTRO_SLICE&#8221;:1,&#8221;RIOTWISE_SLICE&#8221;:5,&#8221;MILLENNIAL_SLICE&#8221;:1,&#8221;PLUSONE_SLICE&#8221;:5,&#8221;BUZZCITY_SLICE&#8221;:1,&#8221;NEXAGE_SLICE&#8221;:1,&#8221;ADLY_SLICE&#8221;:1,&#8221;IP_ADDRESS&#8221;:&#8221;186.56.158.5&#8243;,&#8221;AD_LINGER_MINUTES&#8221;:1}<\/p>\n<p>4 ) Packet 254:\u00a0The application server sends to storeinfo.myloc.me our latitude, longitude, information cells with Blackberry PIN number.<\/p>\n<p><a href=\"http:\/\/deepquest.code511.com\/blog\/wp-content\/uploads\/2010\/08\/savelocation.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-898\" title=\"savelocation\" src=\"http:\/\/deepquest.code511.com\/blog\/wp-content\/uploads\/2010\/08\/savelocation-300x188.jpg\" alt=\"\" width=\"300\" height=\"188\" \/><\/a><\/p>\n<p>POST \/storeinfo.php HTTP\/1.1<br \/>\nHost: storeinfo.myloc.me<br \/>\nConnection: close<br \/>\ncontent-type: application\/json<br \/>\nContent-Length: 369<\/p>\n<p>[{&#8220;BBPIN&#8221;:&#8221;2100000a&#8221;,&#8221;gpsaccuracy&#8221;:0,&#8221;mcc&#8221;:18,&#8221;mobile_country_code&#8221;:18,&#8221;capture_time&#8221;:1279309740783,&#8221;mnc&#8221;:0,&#8221;latitude&#8221;:39.029105,&#8221;accuracy&#8221;:2801,&#8221;longitude&#8221;:-77.502686,&#8221;mobile_network_code&#8221;:18,&#8221;altitude&#8221;:0,&#8221;location_area_code&#8221;:8,&#8221;cell_id&#8221;:631,&#8221;nettype&#8221;:&#8221;SIM&#8221;,&#8221;carrier&#8221;:&#8221;Verizon Wireless&#8221;,&#8221;gpslat&#8221;:0,&#8221;altitudeaccuracy&#8221;:0,&#8221;signal_strength&#8221;:-80,&#8221;usegps&#8221;:false,&#8221;gpslon&#8221;:0}]<\/p>\n<p>HTTP\/1.1 200 OK<br \/>\nDate: Thu, 15 Jul 2010 19:50:10 GMT<br \/>\nServer: Apache\u00a0X-Powered-By: PHP\/5.2.11<br \/>\nVary: Accept-Encoding<br \/>\nContent-Type: text\/html<br \/>\nContent-Length: 28<br \/>\nConnection:<\/p>\n<p>close\u00a0{&#8220;success&#8221;:true,&#8221;records&#8221;:1}<\/p>\n<p>Note that in the configuration you can set the publication of our location, but at the time of testing this feature was not enabled &#8230;<\/p>\n<p>credit: infobyte<\/p>\n","protected":false},"excerpt":{"rendered":"<p>We discovered\u00a0\u00dcberTwitter (@ubertwiter)\u00a0a well-known\u00a0twitter client for\u00a0BlackBerry platform.\u00a0During the traffic analysis we realized that this nice application each time you start it sends\u00a0without warning the following data to\u00a0UberTwitter&#8217;s\u00a0servers: Personal Identification Number&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[67,3],"tags":[],"class_list":["post-894","post","type-post","status-publish","format-standard","hentry","category-blackberry","category-security"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p4bBYZ-eq","_links":{"self":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/894","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/comments?post=894"}],"version-history":[{"count":2,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/894\/revisions"}],"predecessor-version":[{"id":900,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/posts\/894\/revisions\/900"}],"wp:attachment":[{"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/media?parent=894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/categories?post=894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/deepquest.code511.com\/blog\/wp-json\/wp\/v2\/tags?post=894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}