Site hosted by Angelfire.com: Build your free website today!

Search this site!

powered by FreeFind




Home

Commercial Search

Residential Search

Freephone Search

Free Fax

Software

Security

UK Tracker

Site Policy

Links


Security and Privacy


Disclaimer


This page is intended for informational purposes only. I can accept NO responsibility for anybody misusing the information below. It is only intended to highlight the security implications of using telephones and communications equipment in the UK. If you use it for any other purpose that is up to you. Although everything below is true the names have been changed to protect the innocent (and stupid).

I have a new toy, well not strictly a toy but it does involve lots of fun. Being into all things telephone and having no social life to speak of I spend a lot of my time scouring the net for phone related stuff. One day I was reading an article in one of the PLA's (Phone Losers of America, www.phonelosers.org) archives. One of the subjects raised was radio scanners and involved Red Box Chilli Pepper and another phoneloser listening in on other people's cordless and mobile telephone conversations. I couldn't believe it, ordinary, intelligent people (and estate agents) were using their cordless/mobile phones to order goods on their credit cards, complain to helplines about their computers, call up their friends and everything else you would do on a normal telephone. All were totally unaware that everything they said was being broadcast into the ether where anyone with a small black box costing about £150 could listen to everything they had to say.

Intrigued I read on as the phonelosers retrieved telephone numbers, credit card details, catalogue order details, names, addresses and other personal information from the unsuspecting public and then rang them back with joke/fake calls (The one where they ring back an old guy who has ordered a jacket from his catalogue and tell him it will arrive late, in the wrong colour and will cost him $75 extra on his Discovery card is hilarious).

At the time I was seriously considering buying a mobile phone and had even saved up enough money to buy a decent one but reading the PLA's article put me off and I still don't have a mobile phone to this day. A few weeks later I saw a used scanner (a Realistic Pro 39) in a second hand shop near where I live and, still fascinated by the PLA article, bought it for £85. It took me a couple of hours to learn how to work the scanner because there were no instructions but after a while I got the hang of it. I found that I could listen to the Ambulance service, the Fire service, taxi firms (lots of them), my local hospital's pager system, ham radio enthusiasts, parcel couriers and lots of other interesting radio transnmissions, but best of all my scanner picks up mobile phone calls.

The very first day I had my scanner I heard a woman from Doncaster registering her newly bought One 2 One mobile phone. I found out her name, address, mobile phone number, voicemail passcode and even where she had bought the phone that morning (the Index shop). Now I am an average sort of a guy and fairly honest, but I could see some of the possibilities if someone chose to use this information for questionable purposes. For instance, with the information given above it is a simple task to listen to the woman's messages without her knowing and even change the passcode so she can't get her own messages.

A few days later Des was at my house after a particularly heavy drinking session the night before. It was Sunday and Des wanted to get home in time for Robot Wars (something about Philippa Forester in a tight black top he said). Des rang his usual taxi firm and ordered a cab to arrive in about 30 minutes. We turned the scanner on and tuned in to the taxi firm's radio frequency. We heard everything from the initial request to send a taxi to my house, right up until it arrived outside 25 minutes later. Transmitted over the airwaves were, Des's name, my address, Des's destination, the time it would take from my house to Des's, and how long before the taxi reached my house, we knew to within a couple of minutes what time the taxi would arrive. Because I know that Des uses the same taxi firm all the time and nearly always uses the same name when booking a taxi I sometimes hear where he goes from and to. The other day when I saw him for the first time in a couple of weeks I said "I heard you were at the club last night, and did you enjoy your kebab from Sizzlers at about 11:30pm". He said, "Yeah I was, did you scan me? and no the kebab was crap!"

Another time we overheard a guy reporting to the Vodafone operator that he was receiving malicious calls on hs mobile. He wanted to change his number and what was the best way of doing it? The operator was very sympathetic and explained that he would have to ring the police and report the malicious calls as a crime and obtain a "crime number" from the police. Then he could ring back Vodafone and they would change his number for free. If he didn't obtain a valid "crime number" Vodafone would have to charge him to change his mobile number. Anyway the operator took his details including his name, address, mobile number and passcode. The guy said that he didn't really want to have to call the police and asked if Vodafone would change his number for free anyway. The operator said no, no crime number, no free number change. The guy started getting agitated and said he would switch telephone companies. The operator, who stayed calm throughout said that it was his perogative to do so, but Vodafone sincerely hoped they would not lose such a valuable customer. The guy asked again if he could have a free number change. The operator stated Vodafone's position again. By this time the guy had really got himself wound up and called Vodafone and the operator a few nasty names before hanging up.

Des and me decided that this wasn't really on, I mean one phone call to the police is all it would have taken to get a free number change and there was no need to be rude to the operator, it wasn't her fault. Fortunately we had written down the guy's details (we just record scans now, but we didn't have a tape recorder at the time) so we planned to teach rude guy a lesson. We went to a phone box down the road and Des called the guy pretending to be the malicious caller the guy had rung Vodafone to complain about. The conversation went like this:

HIM - "Hello"
DES - "Hello is that (says the guys name)"
HIM - "Yes"
DES - "If you change from Vodafone to another company I'll make your life a misery"
HIM - "What?"
DES - "If you change from Vodafone, or change your mobile number you're in for a rough ride"
HIM - "How do you know about that? Who is this?"
DES - "Never mind who I am just don't change from Vodafone"
HIM - "!%ck off"
DES - "That's not very nice, considering I know where you live"
HIM - "Bullsh%!"
DES - "You live at (recites address)"
HIM - "Who is this?" (He is getting worried now)
DES - "Don't change from Vodafone, and check your voicemail"
HIM - "Why, look what's going on?"
*CLICK*

We left a message on his voicemail and stated his name and address and home telephone number (which we found via www.192.com). We said that if we ever found out about him changing from Vodafone to another company, or if he was rude to an operator again we would make his life hell, and by the way he should change his voicemail passcode from 1155 to something else because we had deleted all today's messages, (we hadn't, but he will never know that).

My scanner has "gaps" in it, that is it doesn't allow all frequencies to be monitored, some scanners do, but not mine. This means that certain frequencies such as police and military frequencies are off limits, which is a shame because I like to know how my hard earned taxes are being spent. I did however overhear a mobile phone conversation where a woman in my area called the police because there was a car on fire just over the road from her house. This gave me a fascinating insight into police procedure when accepting mobile phone calls.

It started when the woman rang 999 from her mobile. Initially she was connected to the One 2 One operator who asked her why she had dialled 999, the woman explained about the car on fire. The operator put her on hold and rang the police, when the police answered the operator said:

"Connecting mobile number 08## #######" (999 calls are routinely recorded) The police operator took over from there and the woman explained about the car on fire, said where it was, gave her details and hung up. Being curious I switched to the Fire Service frequency who were just despatching a fire engine to the scene, I listened in for about half an hour. Apparently the car was stolen and the thief had dumped it and set fire to it.

Anyway, I have had my scanner for a few months now and I still can't believe how much personal and useful information is unwittingly broadcast over the airwaves by those who don't understand the security implications of using mobile phones. Perhaps it is just as well that people are unaware of the risks involved when using mobiles because it keeps me and the thousands of other clandestine listeners entertained every weekend.

DON'T GIVE OUT PERSONAL/PRIVATE INFO WHEN USING A MOBILE PHONE YOU NEVER KNOW WHO IS LISTENING

UK Scanner Frequency List


A list showng all UK frequencies for use with radio scanners is available for download by clicking here

Answering Machines


Are you the only one listening to your answering machine messages?
The reason I ask is that if you are one of the thousands of people in the UK with an answering machine your messages may be vulnerable to unauthorised retrieval by someone else and even deletion and alteration. Got your attention? - read on:

Lets get this clear from the start, this only affects answering machines that offer a "remote access" feature, you know, the ones where you can ring from the office and check messages left at home by entering a security code at the prompt. The trouble is, lots of people with answering machines find this feature useful and remote access machines account for around 50% of UK sales. So where's the problem? The problem lies in the aforementioned "security code".

Now for example, I have a BT Response 5 answering machine (I am not picking on BT, many manufacturers machines are vulnerable, it's just that I actually do have a BT Response 5 machine). I use it every day, I can turn it on remotely from the office if I forget to switch it on at home, I can retrieve my messages from any touchtone phone anywhere in the world, I can even delete old messages and leave a new greeting message if I want/need to.

All I have to do to access all these features is ring my home phone number and enter my answering machine's security code at the prompt. The trouble is, anyone who knows my home phone number and the security code can access all these features too. OK, my home phone number can be quite easily found, look in the phone book, there it is. But how would anyone get the security code if I don't tell them?

Here is the good part, the BT Response 5's security code is a SINGLE DIGIT! Did I say SECURITY?

Now I'm no genius but seeing that there are only 10 digits (not including the # and * keys) on a standard phone so my guess is it would take about 1 minute to find the correct code. Even better the BT Response 5's code is hard wired into the machine and can not be changed by the user!

Not all machines are limited to a single digit code, some have 2, 3 and 4 digit codes. Obviously the security increases as the number of digits in the security code increases, but unfortunately 3 and 4 digit codes are usually reserved for higher priced machines, leaving those of you who have bought less expensive machines with 1 and 2 digit codes at greater risk.

Apart from the privacy issues and inconvenience caused by someone retrieving/deleting your personal messages there is an overriding issue here for businesses who may use answering machines after office hours. Consider this, I work for Smiths Bookshop and I want to gain more business, there is only one other bookshop in town - Jones's Books, and they are getting more customers than me. I ring up Jones's Books after hours, hmm, no-one there, I've got their answering machine, GOOD!. Remember the feature to change the greeting message?, here's what I do. Once I've found the access code (which doesn't take too long if it's a one or two digit code) I change the greeting message and say something like:


"Hello, you have reached Jones's Books. Unfortunately Jones's Books has gone into receivership and we are no longer able to trade. All our business has been transferred to Smiths Bookshop who can be contacted on 0171 85 ####. We apologise for any inconvenience"


Now I have lots of extra customers and because most people don't change the greeting message very often it could be some time before my greeting is discovered. Pretty sneaky eh?

Sneaky, yes, and happening RIGHT NOW.


There are two simple things you can do to avoid this situation, either: Buy an answering machine without a remote access facility, or if you MUST have a machine with remote access facilities get one with at least a four digit access code. More expensive, but more secure too. The choice is yours.


What I can't understand is why manufacturers don't install a 4 digit code as standard, I mean how much extra would it cost to add the required circuit at the production stage?


This page is here to alert you to the risks, not to show you how to do it, so if you are worried enough to need more information I suggest you look around. There are plenty of texts out there in Internet Land describing exactly how to "hack" answering machines and some even have full instructions for particular machines. I cannot condone anyone using the methods described above for "dubious" purposes but I know that some people can and do use these methods for their own ends.

DON'T SAY I DIDN'T WARN YOU.







UK Telephone Resources - Content Over Style

Antispam Link