I recently purchased a new internet stick from WIND. It’s a Huawei E1691. In addition to improving the device hardware, they also replaced the software.
Instead of a slow Java monstrosity, it’s now a Windows XP-clone written in QT. Ugh. Today I discovered it has a built in auto-updater. Every now and then, it checks in with update-america.huaweidevice.com.
192.168.001.102.62516-077.222.090.003.00080: POST /america/UrlCommand/CheckNewVersion.aspx HTTP/1.1 Content-Type: text/xml Content-Length: 476 Connection: Keep-Alive Accept-Encoding: gzip Accept-Language: en,* User-Agent: Mozilla/5.0 Host: update-america.huaweidevice.com:80 <?xml version="1.0" encoding="utf-8"?> <root> <rule name="DashBoard">21.003.27.06.562</rule> <rule name="DeviceName">E1691</rule> <rule name="FirmWare">11.126.15.02.562</rule> <rule name="HardWare">CD98TCPU</rule> <rule name="IMEI">HEX:434D98558CE2B347B456..</rule> <rule name="IMSI">HEX:A7F1D92A82C8D8FE..</rule> <rule name="Language">English</rule> <rule name="Network">tele.ring</rule> <rule name="OS">MAC</rule> </root> 077.222.090.003.00080-192.168.001.102.62516: HTTP/1.1 200 OK Date: Wed, 18 May 2011 17:03:42 GMT Server: Microsoft-IIS/6.0 X-Powered-By: ASP.NET X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=ac1su3ngww23xc2mouoosxfu; path=/; HttpOnly Cache-Control: private Content-Type: text/xml; charset=utf-8 Content-Length: 69 <?xml version="1.0" encoding="utf-8"?><root><status>1</status></root>
Checking for software updates is fine. Good, in fact. Apple does it. Google does it. Adobe does. But the software shouldn’t be sending private information such as my IMEI, and it definitely shouldn’t be sending those kind of details in the clear.
Hi. Found your post while searching for the Huawei E1691 firmware version (11.126.15.02.562).
You are perfectly correct, in that in a modern day and age, sending personal information like that is probably gauche. But business logic seems to follow, that if customers do not know, then they can’t complain.
Any way, wanted to point out, that in WIND dashboard (or whatever the inbuilt software thing is called), there is an option Help -> Online Update -> Settings, where you can, allegedly, disable checking for the updates.
P.S According to PTCRB, there are only two firmwares for Huawei E1691, that are certified to be out in the field. http://www.ptcrb.com/vendor/complete/view_complete_request_guest.cfm?modelid=18970
Not relevant, I know.
I haven’t checked that it works as advertised, however.