Home » Communications

Cell Session Mixup Crosses Connections

Posted 17 Jan 2010 | Comments Off on Cell Session Mixup Crosses Connections | 1,230 views

It all started with a few people logging into Facebook. The messages from strangers were unusual, but not too worrisome. That was until they realized that they were logged into someone elses account. According to a Washington Times article, this has happened to several people logging into Facebook from their cell phones.

Without knowing the exact architecture or more reports from other people, it is not possible to determine the exact cause of the problem. An AT&T spokesman said that a misdirected cookie was involved. From the description it appears that there is a network device (perhaps near the cellular-to-internet border) that is performing some sort of NAT or connection pooling. A NAT device would make multiple cellular users appear to be originating from the same source IP address. A connection pooling device attempts to reduce latency by making use of an existing TCP connection. A misconfigured device has the potential to cross all sorts of sessions.

If you happen to experience to contact AT&T so they are aware of the scope of the problem. We recommend not doing anything financial or sensitive from your cell phone until this is ironed out. This may be a bigger problem than map coverage.

Comments are closed.