New ADSL cap warning not a man-in-the-middle attack: Telkom
Telkom has rolled out a new feature to capped ADSL subscribers which overlays a notification while browsing websites that shows how much of your cap you’ve used.
This feature first appeared in June 2015, and has attracted a wave a criticism following a blog post by Robert MacLean.
MacLean states that Telkom is effectively using a man-in-the-middle attack to inject code into the websites you browse to display this notification.
He warns that not only does this have the potential to break websites, it exposes Telkom Internet subscribers to potential security risks and infringes on their Internet privacy.
Telkom has disputed MacLean’s claims, saying that the notification uses a simple HTTP 3XX redirect, which works in much the same way as the login portals for public Wi-Fi hotspots.
“Contrary to his claims, this is not a technique similar to a ‘man-in-the-middle’ attack,” said Telkom, linking to the following flow diagram of the process at Wifidog.
The HTTP redirect injects JavaScript code to overlay the notification once certain cap thresholds have been reached.
“HTTP redirect is a common mechanism used in service provider networks for content caching and to optimise video streaming and does not alter the web service content. In this instance it overlays a notification on usage that can be done on SMS or email as well.”
Telkom said the in-browser notification was purpose-built to let subscribers know whether they’ve reached the usage threshold of their Softcap prouct.
“As a result, it does not interfere with the customer’s browsing, is not a security risk, will not ‘break’ a website, and poses no threat to the browser’s privacy,” said Telkom.
The notification is around 205 kilobytes for the code and image, and Telkom said subscribers could turn it off.
“All notifications, whether in-browser, SMS, or email, can be enabled or disabled by the Internet subscriber by logging on to the Telkom Internet self-help tools.”
Original forum thread: Telkom Internet ISP – Injecting Code into HTML
Vodacom & BMI.js
Telkom is not the only company to come under fire for modifying the web traffic of its subscribers.
In 2012 and 2013, Vodacom subscribers noticed that images downloaded over 3G seemed to be of much lower quality than when using other Internet connections.
It was discovered that Vodacom was injecting a file called “BMI.js” in unencrypted webpages that its 3G customers were visiting.
Reports at the time suggested that Vodacom’s parent company, Vodafone, was using ByteMobile technology to help subscribers reduce the amount of data they consumed on multimedia content such as images.
After receiving complaints from subscribers, Vodacom seems to have removed the JavaScript injection from its network.
More security news
How the ANC sent encrypted messages in the fight against apartheid
Here are the leaked e-mails from SARS spy unit to Hacking Team
WhatsApp warning – new subscription “competition” in South Africa
You need to watch out for these tax phishing scams