News

Alert – Zong is intercepting web traffic to install scripts on websites

It has been discovered just recently that Zong, one of the leading network operators in Pakistan, has been automatically installing scripts in the browsers of anyone that uses the zonginternet APN. This script is being installed to accommodate a toolbar that has been named as the Zong Toolbar.

The toolbar allows the Zong internet user to:

  • Keep track of the usage of the current package that the user is subscribed to.
  • Subscribe to an internet package/bundle from a list of different options.
  • View Zong’s promotional websites with a single click.

If you’re an user of the Zong internet, you will be able to see the toolbar on all http websites that you access. However, currently, the toolbar does not appear on a secure https websites though. The problem with this toolbar is that it automatically installs a script on your web browser. What Zong does not realize is that this move can turn out to be disaster for the security of its users because potential hackers may override the script and install their own scripts in the user’s browsers. Through this toolbar, Zong as well as any other potential hacker that overrides the Zong toolbar script can:

  • Seize the user’s browser – infesting it with ads and malware.
  • Create a botnet of all Zong internet users (because the script can transmit data and information out of the network as needed).
  • Access private information of the user (by installing fake certificates) – hence eventually leading to data theft.

Not only this, but even if you unsubscribe from the toolbar, the script will still continue to run. This is a serious security concern that needs to be addressed immediately.

Currently, there is one workaround available for preventing the script from running automatically. Install AdBlock or any other similar application on your browser and add “”http://103.255.6.16” (without the quotation marks) in the blacklist. This will block the script from automatically installing and running itself in your browser. Credit for this solution goes to Asad Memon.

All in all, this initiative taken by Zong has backfired since it leaves an open invitation to potential hackers and perhaps even Zong itself to breach the Zong internet user’s security. This can lead to harmful acts such as data theft and data loss. So, if you’re a Zong user, be sure to forward your concerns and complaints to Zong regarding the matter. Zong is not the only telecom intercepting the traffic, we also informed our readers about Ufone installing script in http websites to show pop up ads.

Sponsored
Saad Mughal

Tech-savvy, gadget geek, love doing analysis on smartphones and hardware. You can reach out to me at saad@techjuice.pk.

Share
Published by
Saad Mughal

Recent Posts

VPN Ban Could Cost Pakistan’s IT Industry $1 Billion, Warns P@SHA

The Pakistan Software Houses Association (P@SHA) has raised alarms about the severe impact of the…

6 hours ago

WhatsApp Trials Group Chat Mentions in the Latest Status Update Feature

WhatsApp is rolling out a new feature in its latest Android beta version, allowing users…

6 hours ago

PTA Chairman Confirms No Orders for Mobile Service Shutdown

ISLAMABAD: Chairman of the Pakistan Telecommunication Authority (PTA), Major General (retd) Hafeez-ur-Rehman, confirmed that no…

7 hours ago

35,000 Students to Receive Free Laptops Under Punjab Government Scheme

Punjab Chief Minister Maryam Nawaz Sharif has announced the launch of a new initiative aimed…

8 hours ago

Meta Introduces New Features to Messenger: AI Backgrounds, HD Video Calls, and More

Meta has unveiled a set of new features for Facebook Messenger, designed to improve call…

9 hours ago

PTA Seeks Stakeholder Input on VPN Registration

Islamabad (21st November 2024): PTA hosted a stakeholder consultation on VPN registration, with key participants…

10 hours ago