The Unsorted BBS Collection

home *** CD-ROM | disk | FTP | other *** search

/ The Unsorted BBS Collection / thegreatunsorted.tar / thegreatunsorted / texts / cell_nfo / wiredcel.txt < prev next >

Wrap

Text File | 1994-08-04 | 12KB | 208 lines

Cellular Phreaks & Code Dudes - Hacking chips on cellular phones is the latest thing in the underground by John Markoff In Silicon Valley, each new technology gives rise to a new generation of hackers. Consider the cellular telephone. The land-based telephone system was originally the playground for small group of hardy adventurer who believed mastery of telephone technology was an end in itself. Free phone calls weren't the goal of the first phone phreaks. The challenge was to understand the system. The philosophy of these phone hackers: Push the machines as far as they would go. Little has changed. Meet V.T. and N.M., the nation's most clever cellular phone phreaks. (Names here are obscured because, as with many hackers, V.T. and N.M.'s deeds inhabit a legal gray area.) The original phone phreaks thought of themselves as "telecommunications hobbyists" who explored the nooks and crannies of the nation's telephone network - not for profit, but for intellectual challenge. For a new generation of mobile phone hackers, the cellular revolution offers rich new veins to mine. V.T. is a young scientist at a prestigious government laboratory. He has long hair and his choice in garb frequently tends toward Patagonia. He is generally regarded as a computer hacker with few equals. N.M. is a self-taught hacker who lives and works in Silicon Valley. He has mastered the intricacies of Unix and DOS. Unusually persistent, he spent almost an entire year picking apart his cellular phone just to see how it works. What V.T. and N.M. discovered last year is that cellular phones are really just computers - network terminals - linked together by a gigantic cellular network. They also realized that just like other computers, cellular phones are programmable. Programmable! In a hacker's mind that means is no reason to limit a cellular phone to the choice of functions offered by its manufacturer. That means that cellular phones can be hacked! They can be dissected and disassembled and put back together in remarkable new ways. Optimized! Cellular phones aren't the first consumer appliances to be cracked open and augmented in ways their designers never conceived. Cars, for example, are no longer the sole province of mechanics. This is the information age: Modern automobiles have dozens of tiny microprocessors. Each one is a computer; each one can be reprogrammed. Hot rodding cars today doesn't mean throwing in a new carburetor, it means ''rewriting' the software governing the car's fuel injection system. This is the reality science fiction writers William Gibson and Bruce Sterling had in mind when they created cyberpunk: Any technology, no matter how advanced, almost immediately falls to the level of the street. Here in Silicon Valley, there are hundreds of others like V.T. and N. M. who squeeze into the crannies of any new technology, bending it to new and more exotic uses. On a recent afternoon, V.T. sits at a conference room table in a San Francisco high-rise. In his hand is an OKI 900 cellular phone. It nestles comfortably in his palm as his fingers dance across the keyboard. Suddenly, the tiny back-lit screen flashes a message: "Good Timing!" Good Timing? This is a whimsical welcome message left hidden in the phone's software by the manufacturer's programmers. V.T. has entered the phone's software sub-basement -- a command area normally reserved for technicians. This is where the phone can be reprogrammed; a control point from which the phone can be directed to do new and cooler things. It is hidden by a simple undocumented password. How did V.T. get the password, or even know one was required? It didn't even take sophisticated social engineering - the phone phreak s term for gaining secret engineering data by fooling unwitting employees into thinking they are talking to an official phone company technician. Rather, all he did was order the technical manual, which told him he needed special codes to enter the software basement. V.T. then called the cellular phone maker's technical support hotline. "They said 'sorry about that,' and asked for a fax number. A couple of minutes later we had the codes," he recalls with a faint grin. V.T. fingers continue darting across the keys he is issuing commands built into the phone by the original programmers. These commands are not found in the phone's user manual. Suddenly, voices emerge from the phone's ear piece. The first is that of a salesman getting his messages from a voice mail system. V.T. shifts frequencies. Another voice. A woman giving her boss directions to his next appointment. What's going on here? V.T. and N.M. have discovered that every cellular phone possesses a secret mode that turns it into a powerful cellular scanner. That's just the beginning. Using a special program called a "disassembler," V.T. has read-out the OKl's software, revealing mole than 90 secret commands for controlling the phone. That's how the two hackers found the undocumented features that turn the phone into a scanner. Best of all, the manufacturer has included a simple interface that makes it possible to control the phone with a standard personal computer. A personal computer! The most programmable of a hacker's tools! That means that what appears to be a simple telephone can be easily transformed into a powerful machine that can do things its designers never dreamed of! V.T. and N.M. have also discovered that the OKl s 64-Kbyte ROM - a standard off the shelf chip that stores the phone's software - has more than 20 Kbytes of free space. Plenty of room to add special features, just like hot rodding the electronics of a late-model car. Not only do the hackers use the software that is already there, but they can add some of their own as well. And for a good programmer, 20 Kbytes is a lot of room to work with. It is worth noting that V.T. and N.M. are not interested in getting free phone calls. There are dozens of other ways to accomplish that, as an anonymous young pirate recently demonstrated by stealing the electronic serial number from a San Diego roadside emergency box and then racking up thousands of phone calls before the scam was discovered. (Such a serial number allowed the clever hacker to create a phone that the phone network thought was somewhere on a pole by the side of the freeway .) It's also possible to wander to street corners in any borough in New York City and find a code dude - street slang for someone who illegally pirates telephone codes - who will give you 15 minutes of phone time to any corner of the world for $10. These 'dudes' find illegally gathered charge card numbers and then resell them on the street until telephone security catches on. The tip-off: often an unusually large number of calls to Ecuador or France emanating from one particular street corner. Then again, it's possible for you to join the code hackers who write telephone software that automatically finds codes to be stolen. Or you can buy a hot ROM - one that contains magic security information identifying you as a paying customer. Either way, your actions would be untraceable by the phone company's interwoven security databases. But free phone calls are not what V.T. and N.M. are about. "It's so boring," says V.T. "If you're going to do something illegal, you might as well do something interesting." So what's tempting? N.M. has hooked his portable PC and his cellular phone together. He watches the laptop's screen, which is drawing a map of each cellular phone call currently being placed in our cell - a term for the area covered by one broadcast unit in the cellular phone network. The network can easily query each cellular phone as to its current location. When phones travel from one cell to the next - as they tend to do in a car information is passed on in the form of hidden code married to the phone transmission. Since N.M. knows where each local cell is, he can display the approximate geographic locations of each phone that is currently active. But for that tracking scheme to work, the user must be on the phone. It would take only a few days of hacking to extend the software on N.M.'s PC to do an even more intriguing monitoring task: Why not pirate the data from the cellular network's paging channel (a special frequency that cellular networks use to communicate administrative information to cellular phones) and use it to follow car phones through the networks? Each time there is a hand-off from one cell to the next, that fact could be recorded on the screen of the PC - making it possible to track users regardless of whether or not they are on the phone. Of course this is highly illegal, but N.M. muses that the capability is something that might be extremely valuable to law enforcement agencies - and all at a cost far below the exotic systems they now use. Hooking a cellular phone to a personal computer offers other surveillance possibilities as well. V.T. and N.M. have considered writing software to monitor particular phone numbers. They could easily design a program that turns the OKI 900 on when calls are originated on a specific number or when specific numbers are called. A simple voice-activated recorder could then tape the call. And, of course a reprogrammed phone could automatically decode touch-tone passwords - making it easy to steal credit card numbers or voice mail codes. Then there's the vampire phone. Why not, suggests V.T. take advantage of a cellular phone's radio frequency leakage - inevitable low-power radio emissions - to build a phone that with the press of a few buttons, could scan the RF spectrum for the victim's electronic serial number. You'd have to be pretty close to the target phone to pick up the RF, but once you have the identity codes reprogrammed the phone becomes digitally indistinguishable from the original. This is the type of phone fraud that keeps federal investigators up at night. Or how about the ultimate hackers spoof? V.T. has carefully studied phone company billing procedures and toured many examples of inaccurate bills. Why not monitor somebody's calls and then anonymously send the person a correct version of their bill "According to our records" . Of course, such surveillance is probably highly illegal, and although it may seem to be catching on, The Electronic Communications Privacy Act of 1986 makes it a federal crime to eavesdrop on cellular phone' calls. More recently, Congress passed another law forbidding the manufacture of cellular scanners. While they may not be manufacturers, both N.M. and V.T. realize that their beautifully crafted phones are probably illegal. For now, their goals are less bold. V.T., for example, wants to be able to have several phones with the same phone number. "Not a problem as I see it." Although federal law requires that electronic serial numbers be hidden in special protected memory V.T. and N.M. have figured out how to pull that ESN out and write software so that they can replace it with their own. V.T. and N.M's explorations into the secrets of the OKI 900 have them with a great deal of admiration for OKl's programmers. "I don't know what they were thinking, but they had a good time," V.T. said, "This phone was clearly built by hackers." The one thing V.T. and N.M. haven't decided is whether or not they should tell OKI about the bugs - and the possibilities they've found in the phone's software.