Privacy invasion: Now Mobilink is injecting javascript into unsuspecting users browsers

LAHORE – Over a few days, internet users are complaining of a shady toolbar from Mobilink that appears on mobile screens and covers half the display. The illegal and unethical toolbar which was launched jointly by Huawei and Mobilink to provide users “easy access to company features” is actually a way for a hacker to hack into your mobile and capture your logs and sensitive data. Pakistani security researcher/ethical hacker said, since Javascript has complete access to the webpage (DOM), “anything you type (Credentials, Credit card numbers) can be intercepted by Mobilink.” Rafay further said that websites using Strict Tansport Layer Security header or Forced SSL such as Whatsapp, Facebook are not vulnerable. The toolbar, which only works on websites with HTTP, not HTTPS (Secure protocol), allows the company to track the user’s activities and logs. “It’s not just a matter of privacy. Let’s dig deeper, Let’s suppose if a hacker hack into that toolbar and replace the code with their malware, who will be responsible for the leakage and misuse of user critical information such as credit cards, identification numbers, and other personal information?,” said Dr hack.  The article further said that Mobilink and Huawei launched this toolbar in Marriott Hotel Islamabad and “proudly” announced, saying “you don’t need to download it, no need to install it, it will “automatically” show up on your sidebar.” “It’s illegal and unethical to inject and manipulate user traffic let Mobilink know what you think,” Dr Hack added.