■■■■■ Header Enrichment: A technique used by Telco operators to acquire MSISDN (phone number) through a website (HTTP-GET is enough).
It can be used to trace users and target them for ads by the ISP or their associated vendors. And if the API key is leaked through a vendor or ISP itself.
Scenarios:
1. The token can be used by anyone in a get request to fetch the end-user’s phone number. This request can be posted via QR-codes of restaurant menus where there will be HTTP-302 (redirection) to the actual menu or by injecting .js in a vulnerable website (viz. XSS); which is famous (like some blog or forum).
2. A user sharing hotspot from their phone, the hotspot client can acquire the phone number. In addition to this, if the HE enables authentication. This would lead to 0-click account takeover.
● I had tested systems for this implementation for a telco. The telco without informing users (IMHO) was sharing data to third parties.
-Admin cKure
Source: https://conferences.sigcomm.org/sigcomm/2015/pdf/papers/hotmiddlebox/p25.pdf
https://t.me/cKure/14394
https://t.me/cKure/14396