It is a relatively simple process to spoof an i-mode mobile's UID.
Checking the request comes within DoCoMo's network does offer some
security against this.
Kyle
On 2004 Aug 01, , at 01:03, nick may wrote:
> Is there some automagic at the imode gateway that makes a phone's uid
> available, or is the the UID spoofable? From a browser, for example,
> or some ad hoc script I cook up to hit a site with....
>
> I take the point about stealing sessions, I am just curious as to how
> much extra "real" security the UID gives...
>
> Nick
--
mobile web gear | pukupi.com
Received on Mon Aug 2 11:41:48 2004