All your MMSs are belong to us

Hand holding a mobile phone

Interesting article on Information Week about how Google can help someone snoop through O2s MMS databank. O2 have taken a decision to protect people’s photos by simply obfuscating the URLs, but Google can easily work it’s way through *that* barrier. MMS is a technology used to send photos using mobile phones in similar method to SMS. The way it works is by uploading your photo to a server and sending a link to the image to the recipient phone. O2 seems to be getting slated for leaving these photos open to the world. In reality, you could attach credentials to the URL that allow people to access the photos, but this wouldn’t stop this exploit from taking place.

The “exploit” involves using Google to scan for photos that it has in it’s database. These URLs would probably have been picked up Google’s Toolbar and can be found using an inurl: operator.

UPDATE: It seems like the hole has been closed as I haven’t been able to pull down any photos recently.

Vegas or Bust

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.