[OSM-talk-be] Cell Phones Antennas

Pol d.paolino at gmail.com
Thu Apr 21 20:14:31 UTC 2011


Hello,

Someone forwarded me the mail from Lennard talking about the revert or not
of my commit.
I wasn't aware of the existence of that mailing list until now.

Let me explain to all of you how it all began...

One year ago I was looking, for personal purpose, the coordinates of each
cell phones antennas in Belgium.

The first site I found was: http://www.antennes-gsm.be/
But that one seems to be old and no more maintained.

Then I found the one of IBPT: http://www.sites.ibpt.be/

The one you are currently seeing at this address is the new version.
When I first found it, they were using an old version.

By doing some searches, I found a huge security hole in it.
I was unemployed at that time and I decided to make an exploit.
The exploit was simple, using HTML and JavaScript, I could manipulate their
databases by sending custom queries.
I'm not a kid and I'm someone who destroy someone else's work, so I
contacted them and explained the problem.
The reaction was fast, some days later I was in their offices with my
laptop, showing them the problem and the possible solutions.
I also made a new local proof of concept that it could be done in a nicer
and cleaner way.
Unfortunately, they were really kind and say thanks but we do not rely on
our team to do the map, we rely on another company and we cannot break the
current contract with them.
Before leaving, I asked to the head of security if it was possible to get a
dump of the antennas coordinates in a more easy way to put it on
OpenStreetMap and he said that it couldn't be done: "Imaginez ce que
pourrait faire qqun de mal intentionné s'il trouve ces données!" which
means: "Imagine what could do someone malicious if they finds these datas!".
Which is completely a non sense because those datas can be retrieved from
THEIR online website.
I said him that ! Someone could spot by himself all the antennas and put
them on OpenStreetMap. He didn't reply to that one.
So, I leaved, quite sad.

Some month later, the current new system was in place and the security hole
vanished, problem solved.

With the new system, it's even easier to get their datas.
I decided to save in a file all the data I could get from their map in a
file and submit it to OpenStreetMap.

That's the end of the story.

It's up to you now to decide if you want to remove them or not.
If you have questions, I'll reply to them on that mailing list.

Nice evening all.

-*φol d.*-
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/talk-be/attachments/20110421/0a1e0797/attachment.htm>


More information about the Talk-be mailing list