Mobilink Blunder of Injecting Code into User Browser

Mobilink Toolbar – Exploiting Users

Isn’t it worse when you watch a movie on your mobile and some shady toolbar appears on the side and covers half the display?
What would you do if I tell you that it is NOT just a toolbar providing users easy access to company features (in fact annoying you all the time) but a way for a hacker to hack into your mobile and capture your logs and sensitive data ? One of our admin recently had a bad experience with Zong Tool Bar Code Injection & they resolved it somehow after a lengthy discussion with Zong Management (Meh ? ), why Zong removed it ? Because it was unethical and they had no logical answer to explain their actions ,nor its first time a company has done such shady activity : Ufone has been messing with user web traffic & Now Mobilink, One of the largest telecommunication company in Pakistan (Huh Seriously?).

Do you wonder how someone can exploit into our mobile and spy on us? Let me explain a bit here!

Mobilink ToolBar Leads to Hack:

This toolbar is only working on websites with HTTP, not HTTPS (Secure protocol), Simple is that, they can see what we are doing, they can have our logs, they can track our online activities. ( Oh Shit, Privacy? No Privacy!!! ) It’s not just a matter of privacy. Let’s dig deeper, Let’s suppose if a hacker hack into that toolbar and replace the code with their malware, who will be responsible for the leakage and misuse of user critical information such as credit cards, identification numbers, and other personal information?

Do you think they discussed it with some security professionals before the launch? I don’t!

Mobilink and Huawei launched this toolbar in Marriott Hotel Islamabad & they “Proudly” announced, you don’t need to download it, no need to install it, it will “automatically” show up on your sidebar (Just Wow!!).