O2 plugs MMS picture leak

 

Gallery

Posted on 21 Jul 2008 at 08:01

Mobile network O2 is at the centre of a privacy storm after it was revealed that photos sent by MMS could be found with a simple Google search.

Recipients of MMS photos who don't own a compatible phone - such as the new iPhone 3G - would instead be sent a URL from which they could view the O2 customer's image.

However, it was discovered late last week that the library of photos could be accessed using a simple InURL search on Google.

"As these web pages were wide open to the internet, not requiring any authentication a very small handful were indexed by Google," writes David Cawley on the MailChannels Anti-Spam Blog, who discovered the flaw.

"I was able to craft a Google search that results in some matches to show an example of how this is an insecure method of hosting."

The Google search allowed anyone to view customers' photos, with the sender's phone number published at the top of each photo.

The problem was highlighted on dozens of blogs, news websites and even O2 messageboards over the weekend.

O2 eventually decided to take the nuclear option and take down the website viewing service. Now anyone attempting to view the leaked images is met with an Apache server error message.

The picture leak - many of which contained images of children - is particularly embarrassing for O2, as it also runs a Protect Our Children website.

Author: Barry Collins