UK Mobile Operator O2 Leaks MMS Photos

← Back to Stories (view on slashdot.org)

UK Mobile Operator O2 Leaks MMS Photos

Posted by Soulskill on Friday July 18, 2008 @06:05PM from the like-a-sieve dept.

Anonymous Hero writes "UK Mobile Operator O2 allows its customers to send Multimedia Messaging Service (MMS) photos to email recipients by way of a web interface. The URLs published by the MMS-to-email application are not authenticated, so a simple Google search reveals hundreds, if not thousands of private photos." Reader ttul points out similar coverage of this issue at InformationWeek.

6 of 154 comments (clear)

Min score:

Reason:

Sort:

All your creativity are belong to google.com by AHuxley · 2008-07-18 18:27 · Score: 5, Insightful

I blame web 2.0 and young people.
Back in the good old days you would have used safe ftp.
ftp never hurt anyone.
I do harbour dreams of being a Tor node operator.

--
Domestic spying is now "Benign Information Gathering"
Re:Disappointing by GradiusCVK · 2008-07-18 18:49 · Score: 5, Insightful

Funny it includes the sender's phone number... oughta MMS everyone back and tell them to start taking some photos of hot chicks.
Presents an interesting new way for us Slashdotters to meet girls...
Re:Problem solved! by duguk · 2008-07-18 19:26 · Score: 3, Insightful

At least it might get O2's attention! All the action they've taken so far is deleting forum posts from their own forums and ignoring any email or telephone complaints.

Are you really from the O2 Team? If so, I've got a few words for you...
Not as bad as it sounds by srjh · 2008-07-18 19:32 · Score: 5, Insightful

Try searching for each of those 16-character IDs, and you'll see that each has already been posted publically, and most seem to be from just the one user. Which makes sense, if Google managed to index them in the first place.

Sure, 02 should have taken steps to avoid being indexed, but they aren't responsible for leaking the photos.

And It would be quite easy to write a script to try various combinations of 16 hex digits to try and randomly view a photo but depending on how many photos are being hosted the hit rate could be quite low.? Yeah, seeing as there are about 10^19 combinations, the hit rate would be fairly low. Did the author seriously consider this to be flaw?
1. Re:Not as bad as it sounds by duguk · 2008-07-18 19:42 · Score: 3, Insightful
  
  Sure, 02 should have taken steps to avoid being indexed, but they aren't responsible for leaking the photos.
  Their site is not suitabled secured, usually it would require a mobile number and pin code but this 16-digit code circumnavigates this requirement.
  
  From TFA, apparently these are also being picked up by Google's Toolbar.
  
  Surely if you'd MMS'd a friend a picture message, and they'd changed to a phone without MMS without you knowing - your picture will most likely be available on O2's website. Is this right? Should it be more secured? Or don't you care about who see's your 'private' conversations?
what is wrong with you people? by speedtux · 2008-07-18 19:32 · Score: 5, Insightful

Worse still, the majority of the images taken on cameras turns out to be children. Ironically, O2 has a website dedicated to "Protect Our Children", well a good first step would be to avoid leaking customer photos.
What bullshit idea is it that pictures of children need to be removed from the world? If you look at the history of photography, pictures of children have always been an important part of street photography, portraits, and artistic photography. In the US and many other places, it's legal to take pictures of children, even without permission of their parents. There are many pictures of children on Flickr and elsewhere.
There is no evidence that pictures of children place them at risk. Can we please stop and reverse this meme that there is anything wrong with taking pictures of children?
I don't really give a damn about pictures of children per se, but demonizing legitimate and legal content is a serious threat to free speech and democracy.