The claims made by IS about a vulnerability caused by Vodacom's 'Content Adaptation' service, have been deemed incorrect.
According to a statement issued by Brett Steingo, GM of Mobility Solutions at IS, the recent proxy server, implemented by Vodacom in order to provide their new 'Content Adaptation' service and to better render Web sites on small screen devices, has inadvertently created a serious security issue.
"Since all traffic is routed first through their proxy server, sites requiring login information result in your password being intercepted and reformatted. Clients logging in, for example to Webmail, have their passwords captured in plain text and forwarded on. In the event of a failure, this password is being re-directed to a Google search page in plain text," Steingo explained.
He said, "Clients are also reporting the inability to use a variety of applications over this platform and VLive APNs since the implementation of Content Adaptation. IS clients using the IS Internet APNs (mobile.is.co.za and vpn.is.co.za) remain unaffected."
According to Shameel Joosub, MD of Vodacom South Africa, the statement issued by IS on the 8th of July, 12 days after the launch of Vodacom's Content Adaptation service, is factually incorrect.
"At service launch, the 'login' problem was immediately detected by Vodacom, and Vodacom immediately addressed the issue and resolved the matter to ensure that no information from customers could be intercepted. Any inputs from a customer's cellphone are carried securely across the mobile network to the Mobile Access Gateway and the destination website - at no time is any customer-input logged or cached," he says.
Share
