CastleCops® - GSM Phone Hijacking?

Need help? Click here to register for free! Absolutely zero advertisements on this site!

	Donation/Premium

	Donations. Become Premium Today!

	Security Central

	· Home · PIRT/Fried Phish · MIRT · SIRT · Deutsch · Wiki · Newsletter · O16/ActiveX · CLSID List · Contest2007 · Downloads · Feedback (send) · Forums · HijackThis · Hijacktrend · LSPs · My Downloads · O18 · O20 · O21 · O22 · O23 · O9 · Premium · Private Messages · Proxomitron · Reviews · Search · StartupList · Stories Archive · Submit News · WsIRT · Your Account · Acceptable Use Policy

News by the Boss!: GSM Phone Hijacking?

Crack Attack

GSM Phone Hijacking?

by Paul Laudanski, AKA Zhen-Xjell
April 20, 2004

I've been a faithful GSM cellphone subscriber for years. Never had any issues. In fact, I was on the CDMA network for a couple years on a business cellphone and received SPAM SMS pages on occasion, but never on my GSM provided cellphone. Until now, and my Motorola Cellphone was hijacked!

Last Friday I received an SMS update text message that appeared to come from my provider. As anyone else might do, I read its incoherant message and quickly deleted it.

Tonight however, I noticed when trying to call someone that the very first entry in the phonebook said 411 AND MORE.

What?

Ok, I view the item and the number it contains is '411'. Its Speed number was set to #503. Now anyone with a GSM card knows that numbers upwards of 501 take time to enter and save since the default is '1'. One must backspace and enter a new number. Then it finds the next available number. Otherwise, if the number is on a used spot, the phone asks you if you desire to replace it.

It just so happens that my #503 was already prefilled for a couple years. This '411 AND MORE' simply replaced it!

Talk about a major privacy issue with this GSM cellphone provider. So I talked with a representative tonight for about 20 minutes, got his name and employee number. I asked to share his data and was politely told no. Ok, I'm being professional about this.

This person, lets collectively call him 'Shelby' (fictitious and used just for the purpose of giving him a fake name), told me he heard from another customer they received SPAM SMS messages containing '411 AND MORE' previously, but that my instance of speed dial hijacking was a first. This wasn't even in their database system.

Long wait times... so I'll follow up with my provider tomorrow.

However, I'm not very pleased with this at all. If my speed dials can be remotely hijacked, then how secure is my phone book?

Cellphone users beware. Will we need anti-hijack software on our 'simple' mobile cellphones?

Now you may ask yourself, did I make a boo-boo? With 100% confidence I can tell you that when surfing my cellphone I pay strict attention. That entry did not get added by any manual means via physical phone access.

Bewildered and concerned.
Paul

@Copyright ComputerCops 2004

Posted on Tuesday, 20 April 2004 @ 09:35:08 UTC by phoenix22 (7231 reads)
[ Trackback ]

"News by the Boss!: GSM Phone Hijacking?" | Login/Create an Account | 4 comments | Search

The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register

Re: GSM Phone Hijacking? (Score: 1)
by Ian-OG on Tuesday, 20 April 2004 @ 12:11:27 UTC
(User Info | Send a Message)

I've disabled WAP push and Cell push on my new handset, ever since someone thought I'd be interested in stuff about a certain Toxic pop starlet. Watch out, 'cos this is only just the start. Several sources are reporting attack kits for Symbian and (naturally) the MS SmartPhone OS. Check your phone bills, and look out for 'location-based charges'...

Nice heads-up, Paul.

Re: GSM Phone Hijacking? (Score: 1)
by Paul on Wednesday, 21 April 2004 @ 00:54:57 UTC
(User Info | Send a Message) http://www.laudanski.com

Hi Ian, I've made an interesting update here:

/article-5037-nested-0-0.html

]

Re: GSM Phone Hijacking? (Score: 1)
by Ian-OG on Thursday, 22 April 2004 @ 00:16:53 UTC
(User Info | Send a Message)

Nicely followed-up Paul. Seems someone's gotta move quick before the random number diallers get hold of this...

]

Re: GSM Phone Hijacking? (Score: 1)
by jimnite on Monday, 10 January 2005 @ 10:41:42 UTC
(User Info | Send a Message)

Hi,

I was fine with my phone until I went on holiday from the UK to Germany 2 summers again. When I got back I was plagued by spam calls and especially SMS adverts. The typical you have won x, y, z... please phone etc. It's only now it has pretty much stopped, although I still get the occasional one.

I had one message which appeared to be from my cell net provider only to find out that I had phoned Denmark. I sussed it out fairly quickly and it didn't cost too much. I was annoyed with myself as if the said message turned up in my e-mail inbox it would have been deleted very quickly!

Nobody here believes me when I tell them this happens. I guess they will when this becomes more widespread. Now I'm really bothered. I (and countless others) have got enough trouble with PCs being hijacked (like mine) without it spreading to phones. Mind you I'm not surprised.

	Login

	Nickname Password Security Code: Type Security Code: Usage signifies AUP acceptance · New User? · Click here to create a registered account.

	Related Links

	· del.icio.us! · digg it! · reddit! · TrackBack (0) · HotScripts · Linux Manuals · W3 Consortium · Spam Cop · More about Crack Attack · News by phoenix22 Most read story about Crack Attack: Beware Attacker from IP 200.55.7.235 and Whole 200.x.x.x Block

	Article Rating

	Average Score: 5 Votes: 4 Please take a second and vote for this article:

	Options

	Printer Friendly Page


	2002-2008 © Computer Cops LLC dba CastleCops®. All rights reserved. Acceptable Use Policy. Use signifies your agreement. 44ppm 0.163s (0.017s) Making cybercriminals unhappy since 2002*