Phone Phreaks
By Marc Weingarten, Mon Feb 25 00:00:00 GMT 2002

Phone hacking's been a staple of computer geeks for decades - but concern is growing.


For computer hackers with a sense of history, the name John T. Draper evokes a rosy glow of nostalgic good feelings. In 1972, Draper discovered that, by blowing the whistle toy from his Cap'n Crunch cereal box into his phone he could make free long-distance calls.

The whistle emitted a 2,600-hertz tone that tapped Draper into an internal authorization system at the phone company. Draper, who eventually took on the nom de hack Cap'n Crunch, then (along with Apple Computer co-founders Steve Jobs and Steve Wozniak) created Blue Boxes that re-created the tone, so others could get in on his delicious scam. As the founding father of phone hacking, Draper's trail-blazing work launched numerous like-minded subversive schemes over the next three decades.

Long before the Melissa computer virus, or the "Morris worm" of 1998, which brought down one-tenth of the Internet, and way back before "I Love You," "Kournikova" and "Goner," there were phone phreaks. These hacking pioneers used homemade resources and canny ingenuity to pull off a number of clever hoaxes involving analog landline phones. Phone phreaking was a kind of benign hobby among those who practiced it, an intellectual exercise in which the objective was not theft, but simply outwitting the powers that be.

By the mid-80's, phreaking techniques fell into the hands of would-be vandals. Suddenly, the phrase "reach out and touch someone" took on a darker cast. Phone phreaking was now all about either stealing phone card numbers or throwing monkey wrenches into the phone system in order to disable it.

Phone cloning - stealing the serial codes of cell phones in order to charge calls to the violated phone - was prevalent in the 80's, when cell phone carriers were still dependent on the analog system. When wireless networks were implemented in the early 90's, and phone calls were converted into the ones and zeroes of digi-speak, it was assumed that phone cloning would go the way of stonewashed jeans.

An opportunity emerges


It hasn't. Using sophisticated scanning equipment, a new breed of phone phreaks is exploiting the wireless networks' weaknesses in order to steal phone numbers. The problem isn't so much in the wireless network itself, but the networks' woeful lack of capacity.

If cellular base stations receive more calls than they can handle, a number of calls can be re-routed through older networking equipment used with analog systems. This process takes seconds, yet it has provided enough of an opening for phone hackers to give headaches to thousands of customers.

Using illegal "black boxes," which are scanners used to modify serial numbers on cell phones, hackers nab the identifying footprint of cell phones for their own use.

Other hacks serve no other purpose than to disable and immobilize phones. As manufacturers begin to integrate the functionality of desktops onto cell phones, the operating systems become easier to infiltrate. "The new smartphones typically use open operating systems, which means that they are becoming more and more like traditional PCs," says Matias Impivaara, marketing manager in charge of handheld security for computer security company F-Secure.

Matias adds, "Content download is very easy through instant connectivity. This of course means that the possibility of receiving some harmful content increases." Downloadable content - games, screensavers, and AvantGo-style text - could thus become poison pills, killing a phone on contact.

This past January, an antivirus researcher in Holland named Job de Hass figured out a way to disable Nokia phones by sending a malformed text message, prompting Nokia to quickly remedy the bug in its software that allowed de Hass to perform his little act of vandalism. "We have seen some denial of service attacks through bad SMS messages, malformed WAP pages or reverse over-the-air messages," says Impivaara. "There have been cases where the settings of mobile phones have been changed with smart messages."

Security playing catch-up to functionality


When it comes to wireless security, technical progress is its own worst enemy. As more smartphones and other handheld devices such as Palms are able to accommodate more information and function more like mobile office desktops, the risks of a hacker tapping into a wellspring of vital information increases.

For wireless security experts, the major issue is that, despite encryption, there are still loopholes that can be exploited in wireless communication - end-to-end encryption remains an elusive pipe dream.

And now that wireless devices are tapped into corporate networks, where an untold amount of data is just ripe for the picking, it is crucial that content is properly protected. Once a device has been stolen, it can no longer be garrisoned by the corporate firewall. And the more net-enabled devices, the more access points to the corporate gold mine.

"Unauthorized persons may have tools to read unprotected data directly from the device, and information on removable media like memory cards can be accessed with any compatible device," says F-Secure's Impivaara, who distinguishes between channel security, protecting data in transit, from content security, protecting data on that1s already been stored.

"If protection of one of the areas is neglected, certain security risks always remain, even if the other area has been secured well," he says. "Malicious code can be transmitted even through well protected channels, and without content security applications on the device, there is always a risk of infections spreading from device to device."

Encryption, anti-virus software in development


To that end, F-Secure, a Helsinki-based company that's on the leading edge of security for handheld devices, has created a number of products that ensure absolute protection from malicious code. Its FileCrypto line of products works for all handheld operating systems - WinCE, Symbian and Palm.

Once installed on a handheld device, FileCrypto will automatically encrypt all stored files, which cannot be read without a PIN and a password, and decrypt them when read.

But what about the mother of all digital gorgons - the self-replicating, rapidly spreading virus? Thus far, no virus has successfully disabled any phone network, and according to Natasha Staley, an antivirus consultant for Oxford, England-based Sophos, there most likely won't be one any time soon. "Mobile phones are not yet sophisticated enough to support a virus," she says. "The memory is too small, and the software isn't big enough - the software needs to be able to replicate itself."

In order to make a phone virus work, it has to be directly targeted at a specific user - a hacker can't just wend a phone virus through a mail list. As for PDAs, only one virus has been created - by a researcher in a lab. And even then, according to Staley, "It was not very well written."

Besides, says Staley, "Virus writers are pretty lazy. (For computers,) you can just get virus-writing tool kits off the web, point-and-click, and it's done. Sending a virus through a phone requires too much time and effort for most hackers."

Although companies like Sophos and F-Secure are looking out for incipient phone hacking activity, the most pernicious threat to wireless security remains quaintly old-fashioned. "The worst thing you can do is forget your cell phone on the bus," says Staley.

Marc Weingarten is an LA-based writer whose work appears in Business 2.0, The Los Angeles Times, Smart Business, Entertainment Weekly, The Village Voice, Vibe and San Francisco magazine.