Telkom has rejected claims that it is employing the same techniques used by malicious hackers in so-called “man in the middle” attacks to edit code on websites in order to serve the telecommunications operator’s own content to end users.
The code, which MacLean says in only added on non-secure (that is, non-HTTPS) websites, is used to show subscribers to Telkom’s Internet service provider who also use its broadband ADSL service how much bandwidth they have left before they are capped.
“Admittedly this is a relatively benign addition and in fact it may be seen as useful, and I can see it being sold that way to non-technical managers and executives,” MacLean writes. “Do not be fooled, though. Even this simple addition can cause major issues for you. It is impossible for Telkom to know what this addition will do to every website on the Web.”
Telkom, he says, is exposing its users to potential security risks, which he explains in greater technical detail in his blog post.
Worse still, he says, having a server that can manipulate what traffic users are sending and receiving provides a “very easy point for someone to capture traffic” and see what Telkom’s users are doing on the Internet.
“While I am sure they will tell you they take security very seriously and that they do not allow that type of access to employees, what is stopping an executive at a later stage from using this to prevent adverts from MTN showing up or causing Web pages that support the EFF or the DA to not load at all? Nothing, and they have the power to do that, without oversight and without your permission. Do you trust Telkom enough to not abuse that?”
Lastly, the image displayed on users’ screens, alerting them of how much bandwidth they have left, is an extra overhead. “They are making you download more than 84,8kB of extra code and 120kB of extra images, plus the manipulation of the Web page slows down rendering,” MacLean writes. “In short, they are making the Web slower for you and helping use more of your bandwidth.”
Asked to respond to MacLean’s claims, Telkom has denied that it is using a technique similar to a “man in the middle” attack.
“HTTP redirect is a common mechanism used in service provider networks for content caching and to optimise video streaming and does not alter the Web service content. In this instance, it overlays a notification on usage that can be done on SMS or e-mail as well.
“The in-browser notification has been purpose-built to inform the customer when they have reached 100% of the service threshold on their ‘soft cap’ product. As a result, it does not interfere with the customer’s browsing, is not a security risk, will not ‘break’ a website and poses no threat to the browser’s privacy. Telkom places the highest priority on the security and privacy of its customers.” — © 2015 NewsCentral Media