Is Airtel Secretly Injecting Scripts Into User’s Web Browser? If So, It’s Serious…

19

Update 1 – Vodafone Script Injection,
Update 2 – Cease & Desist Notice to Thejesh,
Update 3 – Airtel Statement (see at end of post)

You wouldn’t believe it even if you are not a loyal Airtel user. We were not expecting such behaviour from Airtel either, but the truth is truth. Airtel is now being accused of secretly injecting Javascripts, and iframes into the web browser and is trying to alter the browsing experience.

We are not sure if Airtel is doing it deliberately or it is due to some technical glitch. It might also happen if the user who reported this anomaly was using some kind of proxy while using Airtel 3G and the scripts were inserted as some kind of web optimizations. But according to Thejesh GN, an InfoActivist and programmer, Airtel is inserting javascripts into user browsing sessions. Check out these screenshots shared by him.

Airtel script injected 1

 

This injection of scripts without user consent is a highly unethical thing.

According to a GitHub thread, Airtel is also inserting iframe into the browser forcibly.

Here is the tweet by Thej:

As reported on the GitHub thread, the inserted iframe tries to insert a toolbar into the browsing session.

iframe embedded

It is worth noting the parent URL of both the iframe and the javascript (223.224.131.144) belongs to Bharti Airtel, Bangalore. As per the GitHub thread that URL leads to the following webpage of Flash Networks, but it gave us a 404 when we tried to open it.

IP information

We were certainly not expecting an ISP like Airtel to come to this for collecting user data from the browser. Getting user data is like hitting a gold mine these days. Internet companies, ad companies, and intelligence agencies are willing to pay any price for getting such personal info.

If it is proved that Airtel is doing this purposely then it can soon land up in the court of law.

PS: Airtel has already been condemned nation-wide for violating net neutrality via its Airtel Zero platform, and it certainly won’t be in the best interest of the company to do such a malicious thing.

We have contacted Airtel for a word about this and we’ll update the post as soon as they give some clarification.

[Updated – 1]

It looks like even Vodafone has been accused of doing the same. One of our readers, Dayson Pais pointed us out on Facebook that Vodafone does this when user is connected through USB dongle. He also showed us a screenshot of the same. here it is.

Vodafone script insertion

The encircled script is essentially inserted when users browse through their USB dongle. Vodafone around the globe has been accused of doing so, You can check this, this, this and this

If Vodafone and Airtel are doing it, chances are that other telecom operators may be doing the same. If you come across something like this with your mobile operator, do let us know.

[Update – 2 9th June]

The person – Thejesh G N – who exposed the Airtel Javascript injection has now got a legal Cease & Desist letter. The interesting part is that it has not been sent by Airtel, but by Flash Networks, Ltd., a company based out of Herzliya, Israel, via their attorneys in Mumbai. This is the company who have created that Javascript that has been inserted in Airtel user’s browsers.

The C&D order mentions that Thejesh has illegally uploaded that script to Github, as it is propreitary to them. The C&D letter was uploaded by Thejesh on Archive.org site and here is the full copy of the same.

 

LEGAL NOTICE TO THEJESH GN- CEASE AND DESIST - INFRINGEMENT_0000 LEGAL NOTICE TO THEJESH GN- CEASE AND DESIST - INFRINGEMENT_0001 LEGAL NOTICE TO THEJESH GN- CEASE AND DESIST - INFRINGEMENT_0002 LEGAL NOTICE TO THEJESH GN- CEASE AND DESIST - INFRINGEMENT_0003 LEGAL NOTICE TO THEJESH GN- CEASE AND DESIST - INFRINGEMENT_0004

The letter clearly states that Flash Networks has created the Javascript thats get’s injected by mobile operators for their 3G network against payment of royalties and/or license fees.  

Flash Networks also sent a DMCA takedown notice to Github where the Javascript was uploaded and as of writing this update, it has been pulled down. Here is the notice that Flash Networks sent.

As of writing this, we have not recieved any communication from Airtel. We will update this post as soon as we have more to share.

Update 3 – Statement from Airtel

Airtel representatives have got back to us with their statement. They are stating that it is a standard procedure which many telco’s globaly adopt. Here is their statement in full.

“This is a standard solution deployed by telcos globally to help their customers keep track of their data usage in terms of mega bytes used. It is therefore meant to improve customer experience and empower them to manage their usage. One of our network vendor partners has piloted this solution through a third party to help customers understand their data consumption in terms of volume of data used. As a responsible corporate, we have the highest regard for customer privacy and we follow a policy of zero tolerance with regard to the confidentiality of customer data.

We are also surprised at the Cease & Desist notice served by Flash Networks to Thejesh GN, and categorically state that we have no relation, whatsoever, with the notice.”

19 Comments
  1. Arjun says

    Screenshot of a ‘view source’ screen is a violation of what, exactly?? Flash is trying to intimidate Thejesh. This will never hold up. Anyone and everyone can do a ‘view source’ and see the line of code. In any case, the JS will provide data onto a dashboard that Flash controls – you cant do anything with a line of code.

  2. rajasekhar says

    I support Thejesh. I suggest he go legal against Airtel. Is Airtel selling the information gathered from users to other countries? Indian Government should take this a serious note and take criminal action against all such ISP providers and make sure no other ISP providers does this in the future.

  3. dilip says

    What is the end result of this activity to customer. what kind of problem customer will face.

  4. Tim says

    brilliant for you to notice this. Would like to know the effects of these js injections into the users sessions?

  5. Rishi Kashyap says

    Never thought that it will become such a big news ! I too covered this at end may with 2 possible solutions.

    You can block the said javascript file using “Noscript” on Firefox and “scriptblock” on google chrome

    For website owners there are 2 options:
    1. Remove the javascript file dynamically as I have shown in
    https://www.jahajee.com/Is-AIRTEL-3G-slowing-your-browsing-experience/37380/1.html
    2. This is the permanent solution , make your website secure, switch to https and prevent eavesdropping by telecom providers !

    Hope these companies end this stupidity. There are far better and competent ways to gather users data rather then injecting files and i-frames on others website grrrrr……

    1. Albert says

      This is good option Rishi Kashyap. Is it possible to block more IP address like this? Because, Big ISPs can always change IP address easily as their have enough resource for that.

      Otherwise, Making our website HTTPS it the only best option.

  6. subin says

    How can they do it for a ssl secured website? only our browser can decode the response?

  7. Prateek says

    Looks like you have done some serious research XD

  8. psycho says

    so the issue is with 3G network only???

  9. rahul says

    its really serious issue

  10. Deepak says

    Vodafone has been doing this for years. Last I used vodafone 3g was like 2 years back, and they insert JS in all pages when using through USB tethering or Wifi hotspot. Not sure about browsing on mobile itself, though.

  11. Manoj kumar says

    Same with Aircel.
    I am from Hyderabad and these java scripts are used to show ads related to their company and if any one clicks or may not money is deducted from main balance and a shitty msg will appear ” thanks you for subscribing to our videos” how is gonna pay 100rs for those shit videos when we have YouTube to watch it for free, even after the deduction that service wont work..

  12. Mahesh says

    Vodafone also uses redirects to forcefully divert the user to certain offers and the offer plans. For example if I click on gmail.com or type it in, often Vodafone redirects to offer page for some netplan instead of showing me gmail.com So basically I lose my data while browsing and get irritated with the ads too.

  13. Vikas says

    add 223.224.131.144 to your PC hostfile to block it.

    223.224.131.144 localhost

  14. Albert says

    Hi,

    We can block these scripts by sending problematic codes to Anti virus companies. When whole India protest can’t stop Zero program, we can’t stop this malicious activity also.

    Government ISP BSNL is silenced by private ISPs. So nowhere else to go. All Indians completely screwed by largest ISP.

  15. Pushpesh says

    Even vodafone does so, if you are using the vodafone dongle.

    Check for “http://1.2.3.4/bmi-int-js/bmi.js” in the source.

  16. vinodh says

    if its true then the antivirus software (i use bit defender)
    will automatically block it.
    nothing to worry

  17. Sreekanth Yelicherla says

    I’m using Airtel 4G. I don’t see any script injections by Airtel in my case.

    1. Srikanth says

      Yes it is not ethical but technically there wont be any harm as child element iframe cannot access parent windows data due to security guidelines of Web Browsers.

Leave A Reply

Your email address will not be published.

who's online