Will the ISPs overwrite this header if already present?
If so, isn't that a kind of huge problem?
If not, can't someone make a mobile browser that sets these headers to some random value?
Make a web service that "coincidentally" uses the same header for something else, or add it as part of a new feature of an existing popular web service. Of course, it should have an app. Tell its users to complain to Verizon when the service breaks for them/the app doesn't work.
I remember for a while the only way to change the User Agent header for iOS UIWebViews was to set the user agent header in lowercase, as long as it's after the actual header, PHP will uppercase both and the later one will win (for $_SERVER atleast, obviously this is PHP specific.)
Yes, the fun is to figure out what they're using and exploit it. HTTP is a terrible format to parse, with lots of idiotic extra features that have no legitimate usage. But it'd be fairly easy for them to harden things, just abort if they run into anything weird.
Which may be a way around this. Run a local proxy that does stuff like use line folding, comments in headers, and other things to make their parse code abort. Of course, you then run the risk of breaking compatibility with actual HTTP servers (with good reason-those are bad features and such messages are probably an attack). And of course the ISP can always fix their code.
