AT&T hotspot found inserting ads into webpages

It didn"t take long for computer scientist and lawyer Jonathan Mayer to realize something strange was happening when he found the Stanford website touting jewelry last week.

Mayer discovered ads were being inserted into webpages on a free AT&T Wi-Fi hotspot he was using while waiting to catch a flight at Dulles Airport.

AT&T hotspots are tampering with HTTP traffic and injecting ads. Uncool. https://t.co/1BxQWwPvVv pic.twitter.com/Y4zaoFEb2P

— Jonathan Mayer (@jonathanmayer) August 25, 2015

Even websites already including advertising, like the Wall Street Journal, had more placed on them.

Mayer identified the ad injection platform RaGaPa as the culprit. RaGaPa was intercepting unsecured HTTP traffic over the AT&T hotspot and using JavaScript to insert and overlay advertising.

A video and datasheet promoting RaGaPa"s service are unapologetic in promising to, "MONETIZE YOUR NETWORK".

Excerpt from RaGaPa"s marketing datasheet

Mayer points out while injecting ads into browsers is a legal grey area, the secrecy in this case is unsettling.

"It certainly doesn’t help AT&T and RaGaPa that the ads aren’t labeled as associated with the hotspot, and that AT&T’s wifi terms of service are silent about advertising injection."

The discovery is not the first time a major U.S. telecommunications provider has been found controversially injecting ads into webpages. Last year Comcast used a similar method on users connected through its Xfinity hotspots, however Comcast only pushed advertising for its own services.

A further breakdown, including portions of the JavaScript discovered by Mayer, can be found at his blog.

Source: Jonathan Mayer via ARN

Report a problem with article
Next Article

Xbox One Preview Program is nearing capacity

Previous Article

Google Calendar will now automatically add events from Gmail using flight info, other triggers