News

Alert – Zong is intercepting web traffic to install scripts on websites

It has been discovered just recently that Zong, one of the leading network operators in Pakistan, has been automatically installing scripts in the browsers of anyone that uses the zonginternet APN. This script is being installed to accommodate a toolbar that has been named as the Zong Toolbar.

The toolbar allows the Zong internet user to:

  • Keep track of the usage of the current package that the user is subscribed to.
  • Subscribe to an internet package/bundle from a list of different options.
  • View Zong’s promotional websites with a single click.

If you’re an user of the Zong internet, you will be able to see the toolbar on all http websites that you access. However, currently, the toolbar does not appear on a secure https websites though. The problem with this toolbar is that it automatically installs a script on your web browser. What Zong does not realize is that this move can turn out to be disaster for the security of its users because potential hackers may override the script and install their own scripts in the user’s browsers. Through this toolbar, Zong as well as any other potential hacker that overrides the Zong toolbar script can:

  • Seize the user’s browser – infesting it with ads and malware.
  • Create a botnet of all Zong internet users (because the script can transmit data and information out of the network as needed).
  • Access private information of the user (by installing fake certificates) – hence eventually leading to data theft.

Not only this, but even if you unsubscribe from the toolbar, the script will still continue to run. This is a serious security concern that needs to be addressed immediately.

Currently, there is one workaround available for preventing the script from running automatically. Install AdBlock or any other similar application on your browser and add “”http://103.255.6.16” (without the quotation marks) in the blacklist. This will block the script from automatically installing and running itself in your browser. Credit for this solution goes to Asad Memon.

All in all, this initiative taken by Zong has backfired since it leaves an open invitation to potential hackers and perhaps even Zong itself to breach the Zong internet user’s security. This can lead to harmful acts such as data theft and data loss. So, if you’re a Zong user, be sure to forward your concerns and complaints to Zong regarding the matter. Zong is not the only telecom intercepting the traffic, we also informed our readers about Ufone installing script in http websites to show pop up ads.

Sponsored
Saad Mughal

Tech-savvy, gadget geek, love doing analysis on smartphones and hardware. You can reach out to me at saad@techjuice.pk.

Leave a Comment
Share
Published by
Saad Mughal

Recent Posts

Microsoft Launches AI-Powered “Support Virtual Agent” for Xbox Users

Microsoft has launched its AI-powered “Support Virtual Agent” chatbot for Xbox Insiders in the U.S.,…

5 hours ago

Musk Says Tesla Won’t Enter Smartphone Market Unless Necessary

Android Authority recently polled its users to find out if they would purchase a Tesla…

5 hours ago

Sukkur IBA Sets Seven Conditions for Conducting MDCAT

The Secretary of the Sukkur IBA Testing Agency has formally requested urgent action from the…

5 hours ago

PSEB Opens Bidding for Nationwide e-Rozgar Centers

The Pakistan Software Export Board (PSEB) has launched a nationwide program to encourage IT startups…

6 hours ago

Google Play Services Bug Disrupts Access to Apps for Pixel Users: Here’s How to Fix It

A significant issue with Google Play Services has left many Pixel users unable to access…

6 hours ago

WhatsApp Beta Partners with Google for Innovative Image Search Feature

When it comes to Android messaging apps, WhatsApp stands out as one of the best.…

6 hours ago