Few months back it was Ufone injecting code into users web traffic by replacing Google Analytic Code. This time its Zong, a Cellular Company in Pakistan Owned by China Mobile performing even more unethical activity by injecting Malware code into mobile Data users of Zong, showing a total lack of interest by Zong to protect its Users.Such code injections mean that they are tracking and can modify all our online activity for their Advertisement and Financial gains. A Technical explanation of the injection is below
Zong Internet Traffic Manipulation (3G / 4G)
Every Zong user on mobile data is presented with a sidebar injected in every website(HTTP). Which shows a small Zong icon , once clicked it expands and gives out more options. Icon Sidebar is visible at bottom right on the image above.
Tapping on the icon the Toolbar expands(as shown at the top of the screen on above image) and give out more options ,apart from one option rest all is advertisement which Zong is doing just because users are using their network. (Shame)
The only useful thing is the “Usage” which shows users about their data usage , else its all spam and a hindrance in user browsing experience
Zong is calling this unethical act of theirs “Toolbar Function”
How to Unsubscribe from Zong Toolbar (Mobile Data Users)
Although you can not completely disable code injection by using this method but you can unsubscribe from the toolbar by Clicking on “About” and hitting the “Unsubscribe” link .The toolbar will not appear anymore
The same toolbar also injects and appears for Desktop users and on every other website.
How to Permanently block the Code Injection
During research i came to know that the toolbar and malware is served from 18.104.22.168 IP Address. This IP is based in Pakistan and blocking it in your Firewall will get you rid of such shady practices of Zong.
Interesting Stuff on Zong Toolbar Server
Overlook of the the server gave me various URLs which reveal partial information about how Zong is injecting code in Internet traffic, please note Zong can change this anytime , they can even redirect you to any other website of their choosing.
- http://22.214.171.124:8080/ – It presents interesting forum
- cmpklbar stands for China Mobile Pakistan Lower Bar
Are SSL (HTTPS) sites completely Safe ?
No , if you are website is using Mixed SSL or Flexible SSL it means code can be injected in that site aswell. Zong can anytime make a plan to inject Google Analytics code as it was done by UFone. The only solution for webmasters is to use Forced SSL, so that all non http content is stripped OFF and not served.
Researchers may explore more and share what interesting things you found out , and even complain to your local Telecom Authority so they may know this act of Zong