Group 42-Sells Out! - The Information Archive

home *** CD-ROM | disk | FTP | other *** search

/ Group 42-Sells Out! - The Information Archive / Group 42 Sells Out (Group 42) (1996).iso / commun / cell / cell-phr.txt next >

Wrap

Text File | 1996-01-28 | 16KB | 272 lines

CELLULAR PHREAKS & CODE DUDES ============================= By John Markoff Wired, 1.1 (Premiere Issue), 1993 --------------------------------------- Hacking Chips On Cellular Phones Is The Latest Thing In The Digital Underground --------------------------------------- In Silicon Valley, each new technology gives rise to a new generation of hackers. Consider the cellular telephone. The land-based tele- phone system was originally the playground for a small group of hardy adventurers who believed mastery of telephone technology was an end in itself. Free phone calls weren't the goal of the first phone phreaks. The challenge was to understand the system. The philosophy of these phone hackers: Push the machines as far as they would go. Little has changed. Meet V.T. and N.M., the nation's most clever cellular phone phreaks. (Names here are obscured because, as with many hackers, V.T. and N.M.'s deeds inhabit a legal gray area.) The original phone phreaks thought of themselves as "telecommunications hobbyists" who explored the nooks and crannies of the nation's tele- phone network -- not for profit, but for intellectual challenge. For a new generation, the cellular revolution offers rich new veins to mine. V.T. is a young scientist at a prestigious government laboratory. He has long hair and his choice in garb frequently tends toward Pata- gonia. He is generally regarded as a computer hacker with few equals. N.M. is a self-taught hacker who lives and works in Silicon Valley. He has mastered the intricacies of Unix and DOS. Unusually persistent, he spent almost an entire year picking apart his cellular phone just to see how it works. What V.T. and N.M. discovered last year is that cellular phones are really just computers -- networked terminals -- linked together by a gigantic cellular network. They also realized that just like other computer, cellular phones are programmable. Programmable! In a hacker's mind that means there is no reason to limit a cellular phone to the paltry choice of functions offered by its manufacturer. That means that cellular phones can be hacked! They can be dissected and disassembled and put back together in re- markable new ways. Optimized! Cellular phones aren't the first consumer appliances to be cracked open and augmented in ways their designers never conceived. Cars, for example, are no longer the sole province of mechanics. This is the information age: Modern automobiles have dozens of tiny micro- processors. Each one is a computer; each one can be reprogrammed. Hot rodding cars today doesn't mean throwing in a new carburetor; it means rewriting the software governing the car's fuel injection system. This is the reality science fiction writers William Gibson and Bruce Sterling had in mind when they created cyberpunk: Any technology, no matter how advanced, almost immediately falls to the level of the street. Here in Silicon Valley, there are hundreds of others like V.T. and N.M. who squeeze into the crannies of any new technology, bending it to new and more exotic uses. On a recent afternoon, V.T. sits at a conference room in a San Francisco highrise. In his hand is an OKI 900 cellular phone. It nestles comfortably in his palm as his fingers dance across the key- board. Suddenly, the tiny back-lit screen flashes a message: "Good Timing!" Good Timing? This is a whimsical message left hidden in the phone's software by the manufacturer's programmers. V.T. has entered the phone's software sub-basement -- a command area normally reserved for technicians. This is where the phone can be reprogrammed; a control point from which the phone can be directed to do new and cooler things. It is hidden by a simple undocumented password. How did V.T. get the password, or even know one was required? It didn't take sophisticated social engineering -- the phone phreak's term for gaining secret engineering data by fooling unwitting employees into thinking they are talking to an official phone company technician. Rather, all he did was order the technical manual, which told him he needed special codes to enter the software basement. V.T. then called the cellular phone maker's technical support hotline. "They said 'sorry about that,' and asked for a fax number. A couple of minutes later we had the codes," he recalls with a faint grin. V.T.'s fingers continue darting across the keys -- he is issuing com- mands built into the phone by the original programmers. These com- mands are not found in the programmer's user manual. Suddenly, voices emerge from the phone's ear piece. The first is that of a salesman getting his messages from a voice mail system. V.T. shifts frequencies. Another voice. A woman giving her boss directions to his next appointment. What's going on here? V.T. and N.M. have discovered that every cell- ular phone possesses a secret mode that turns it into a powerful cellular scanner. That's just the beginning. Using a special program called a "dis- assembler," V.T. has read-out the OKI'S software, revealing more than 90 secret commands for controlling the phone. That's how the two hackers found the undocumented features that turn the phone into a scanner. Best of all, the manufacturer has included a simple interface that makes it possible to control the phone with a standard personal computer. A personal computer! The most programmable of a hacker's tools! That means that what appears to be a simple telephone can be easily trans- formed into a powerful machine that can do things its designers never dreamed of! V.T. and N.M. have also discovered that the OKI'S 64-Kbyte ROM -- a standard off-the-shelf chip that stores the phone's software -- has more than 20 Kbytes of free space. Plenty of room to add special features, just like hot rodding the electronics of a late-model car. Not only do the hackers use the software that is already there, but they can add some of their own as well. And for a good programmer, 20 Kbytes is a lot of room to work with. It is worth noting that V.T. and N.M. are not interested in getting free phone calls. There are dozens of other ways to accomplish that, as an anonymous young pirate recently demonstrated by stealing the electronic serial number from a San Diego roadside emergency box and then racking up thousands of phone calls before the scam was discov- ered. (Such a serial number allowed the clever hacker to create a phone that the phone network thought was somewhere on a pole by the side of the freeway.) It's also possible to wander to street corners in any borough in New York City and find a code dude -- street slang for someone who il- legally pirates telephone codes -- who will give you 15 minutes of phone time to any corner of the world for $10. These "dudes" find illegally gathered charge card numbers and then resell them on the street until telephone security catches on. The tip-off: often an unusually large number of calls to Ecuador or France emanating from one particular street corner. Then again, it's possible for you to join the code hackers who write telephone software that automatically finds codes to be stolen. Or you can buy a hot ROM -- one that contains magic security information identifying you as a paying customer. Either way, your actions would be untraceable by the phone company's interwoven security databases. But free phone calls are not what V.T. and N.M. are about. "It's so boring," says V.T. "If you're going to do something illegal, you might as well do something interesting." So what's tempting? N.M. has hooked his portable PC and his cellular phone together. He watches the laptop's screen, which is drawing a map of each cellular phone call currently being placed in our cell -- a term for the area covered by one broadcast unit in the cellular phone network. The network can easily query each cellular phone as to its current location. When phones travel from one cell to the next -- as they tend to do in a car -- information is passed on in the form of hidden code married to the phone transmission. Since N.M. knows where each local cell is, he can display the approximate geo- graphic locations of each phone that is currently active. But for that tracking scheme to work, the user must be on the phone. It would take only a few days of hacking to extend the software on N.M.'s PC to do an even more intriguing monitoring task: Why not pi- rate the data from the cellular network's paging channel (a special frequency that cellular networks use to communicate administrative information to cellular phones) and use it to follow car phones through the networks? Each time there is a hand-off from one cell to the next, that fact could be recorded on the screen of the PC -- making it possible to track users regardless of whether or not they are on the phone. Of course this is highly illegal, but N.M. muses that the capability is something that might be extremely valuable to law enforcement agencies -- and all at a cost far below the exotic systems they now use. Hooking a cellular phone to a personal computer offers other surveil- lance possibilities as well. V.T. and N.M. have considered writing software to monitor particular phone numbers. They could easily des- ign a program that turns the OKI 900 on when calls are originated from a specific number, or when specific numbers are called. A simple voice-activated recorder could then tape the call. And, of course, a reprogrammed phone could automatically decode touch-tone passwords -- making it easy to steal credit card numbers and voice- mail codes. Then there's the vampire phone. Why not, suggests V.T., take advan- tage of a cellular phone's radio frequency leakage -- inevitable low- power radio emissions -- to build a phone that, with the press of a few buttons, could scan the RF spectrum for the victim's electronic serial number. You'd have to be pretty close to the target phone to pick up the RF, but once you have the identity codes, a reprogrammed phone becomes digitally indistinguishable from the original. This is they type of phone fraud that keeps federal investigators up at night. Or how about the ultimate hacker's spoof? V.T. has carefully studied phone company billing procedures and found many examples of inaccu- rate bills. Why not monitor somebody's calls and then anonymously send the person a corrected version of their bill: "According to our records...." Of course, such software hacks are probably highly illegal, and auth- orities seem to be catching on. The Electronic Communications Priva- cy Act of 1986 makes it a federal crime to eavesdrop on cellular phone calls. More recently, Congress passed another law forbidding the manufacture of cellular scanners. While they may not be manu- facturers, both N.M. and V.T. realize that their beautifully crafted phones are probably illegal. For now, their goals are more modest. V.T., for example, would like to be able to have several phones with the same phone number. Not a problem, as it turns out. Although federal law requires that elec- tronic serial numbers be hidden in specially protected memory loca- tions, V.T. and N.M. have figured out how to pry the OKI'S ESN out and and write software so that they can replace it with their own number. V.T. and N.M.'s explorations into the soul of the OKI 900 have left them with a great deal of admiration for OKI'S programmers. "I don't know what they were thinking, but they had a good time," V.T. said, "This phone was clearly built by hackers." The one thing V.T. and N.M. haven't decided is whether or not they should tell OKI about the bugs -- and the possibilities -- they've found in the phone's software. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: W h y W i r e d: Because the Digital Revolution is whipping through our lives like a Bengali typhoon -- while the mainstream media is still groping for the snooze button. And because the computer "press" is too busy churning out the latest PCINFOCOMPUTINGCORPORATEWORLD iteration of its ad sales formula cum parts catalog to discuss the meaning or context of SOCIAL CHANGES SO PROFOUND their only parallel is probably the discovery of fire. There are a lot of magazines about technology. Wired is not one of them. Wired is about the most powerful people on the planet today -- THE DIGITAL GENERATION. These are the people who only only foresaw how the merger of computers, telecommunications and the media is transforming life at the cusp of the new millenium, they are making it happen. OUR FIRST INSTRUCTION TO OUR WRITERS: AMAZE US. Our second: We know a lot about digital technology, and we are bored with it. Tell us something we've never heard before, in a way we've never seen before. If it challenges our assumptions, so much the better. So why now? Why Wired? Because in the age of information overload, THE ULTIMATE LUXURY IS MEANING AND CONTEXT. Or put another way, if you're looking for the soul of our new society in wild metamorphosis, our advice is simple. Get Wired. - LR You can reach me at 415/904 0664, or LR@WIRED.COM. -------------------------------------------------------------------------