Received: by bu-cs.BU.EDU (5.58/4.7) id AA29382; Thu, 2 Feb 89 02:51:03 EST Message-Id: <8902020751.AA29382@bu-cs.BU.EDU> Date: Thu, 2 Feb 89 2:26:27 EST From: The Moderator Reply-To: TELECOM@bu-cs.BU.EDU Subject: TELECOM Digest V9 #41 To: TELECOM@bu-cs.bu.edu TELECOM Digest Thu, 2 Feb 89 2:26:27 EST Volume 9 : Issue 41 Today's Topics: Re: Cellular Fraud Re: Cellular Setup Re: Cellular Setup Re: Cellular Setup Re: Cellular Setup [Moderator's Note: This issue of the Digest is devoted entirely to the mail I've received on cellular phones and some of the problems involved with them. Part two of the Digest for 2-9, to be issued in a few minutes will continue discussing the problems encountered when attempting to use AT&T long distance service from hotels and payphones, etc. P. Townson] ---------------------------------------------------------------------- To: mcsd!killer!comp-dcom-telecom From: tim@Athena.UUCP (Tim Dawson) Subject: Re: Cellular Fraud Date: 1 Feb 89 19:21:42 GMT In article smb@research.att.com writes: >X-TELECOM-Digest: volume 9, issue 34, message 3 > > > It is not impossible to change ESN in a phone, but is > extremely difficult since it is manufactured physically into > the unit, and is not generally documented by the manufacturer > is public domain documnets for security reasons. > >Well -- maybe it's harder today, but a couple of years ago the N.Y. Times >reported a fairly wide-spread business doctoring the id chips in phones. >They said that the oddest thing was not that it was happening, but that >it was decentralized -- lots of small-scale stuff, by lots of different >folks who knew how to operate PROM burners. They didn't find what they >expected: a few centralized shops with sophisticated crooks. > > --Steve Bellovin Steve: I made this statement based on having primary exposure to Motorola cellular phone equipment where: 1) The prom with the ESN is potted into the radio cabinet. Therefore you cannot tell what kind of prom is in use. 2) The leads coming off the prom come out on a ribbon cable in random order to plug into the motherboard, so you can't necessarily determine how to access/read the prom. 3) The format by which the data is blown into the prom is also undocumented. This prom (at least on Motorola phones) is NOT the same chip as the NAM which is readily available/documented to the world. Are you sure that the above comment did not refer to changing the Mobiles phone number, which is stored in the NAM, not with the ESN?? Also, on newer phones the ESN is burned into a prom area in the Logic Module in the phone, which is a custom LSI which handles all the functionality of the phone, making it virtually impossible to change since these devices are not alterable or available to the general public. Heck, even if somebody DID get a hold of one, they would be stuck with the ESN blown into it at manufactuing, since they are built with an ESN in them. Once again let me state that I do not know how other vendors of cellular equipment handle this, since my only knowledge base is having worked for Motorola in the Cellular product area. Also, as an additional side note, cellular systems (Motorola again) are typically set up to reject or flag multiple calls from the same ESN or Mobile number, since this an impossible situation with the concept of the unique ESN. Hence, the system operators get informed of this type of fraud in a pretty big hurry if the questionable unit is used much. Once again, I have no idea about what other vendors of Cellular Equipment do or do not do, so I could be all wet as for as they go. -- ================================================================================ Tim Dawson (...!killer!mcsd!Athena!tim) Motorola Computer Systems, Dallas, TX. "The opinions expressed above do not relect those of my employer - often even I cannot figure out what I am talking about." ------------------------------ To: comp-dcom-telecom@uunet.UU.NET From: boottrax@csd4.milw.wisc.edu (Perry Victor Lea) Subject: Re: Cellular Setup Date: 1 Feb 89 16:03:29 GMT In article ron@ron.rutgers.edu (Ron Natalie) writes: >X-TELECOM-Digest: volume 9, issue 40, message 4 > >Because the EPCA is a crock, that's why. Just because they pass a law >doesn't mean people will stop doing it. Actually, in all likely hood >if you are probing the police bands what you probably detected is the >cheapo cordless phone frequencies in the 46 and 49 MHz range. Real >Cellular calls are in the 800 MHz range. Very few scanners actually >cover this. A few have had this range specifically blanked out (like >the Radio Shack, but it's just a matter of pulling a diode out to >get them back). > Actually, when I picked up phone conversations over the police scanner before the call was initiated I heard a series of tones, beeps, and rings. The call was made and I heard the conversations. I know it was from mobile phones, nothing can convince me other wise. I know all this since particular conversations said theat they were in their car, or wherever. if this is all true? then there is a possible dangers that these tones could be recorded and broadcasted over the same band width with a little electronic experience and high quality recording equipment. That can't be right that would be too simple. ------------------------------ To: comp-dcom-telecom@rutgers.edu From: ron@ron.rutgers.edu (Ron Natalie) Subject: Re: Cellular Setup Date: 1 Feb 89 19:09:12 GMT > [Moderator's Note: An old UHF TV with those channels won't work as well as > one of the radios which play television audio only. In this country you > can buy them for the VHF channels, but I beleive they are illegal per FCC > rules where UHF is concerned. This comment tacked on to my posting is wrong. Those radios usually have the same piece of crap receiver for the audio that most TV's have. Receivers covering that band are not illegal. The main reason is that it is expensive to add the expanded UHF feature to these cheap radios. However, many manufacturers shy away from putting the cellular bands in their radios now either fearing law suits or that they are manufacturers of cellular equipment. Calling the EPCA an FCC rule is a bit inaccurate. It's congressional tomfoolery. POSTERS NOTE: It would be much nicer if Pat had something that it would be enclosed as a seperate "message" in the digest rather than tacking on comments to other people's messages. [Moderator's Note: Your suggestion is well taken. It is not the 'piece of crap audio' that mattes so much as it is that the circuitry in televisions is different that the circuitry in radios. Yes, EPCA is one thing, and FCC rules are another. The telcos have repeatedly complained to the FCC about people listening to cellular phone calls. PT] ------------------------------ To: comp-dcom-telecom@rutgers.edu From: davef@brspyr1.brs.com (Dave Fiske) Subject: Re: Cellular Setup Date: 1 Feb 89 19:23:15 GMT In article , boottrax@csd4.milw.wisc.edu (Perry Victor Lea) writes: > > You mentioned that there are set guidlines to the frequenciest that > cellular phone services are allowed to use, however; when I had been > futzing with my police scanner I had been able to hear cellular phone Chances are you were hearing conversations being made with a CORDLESS phone, as opposed to cellular. The cordless phones use frequencies in the 40-50 MHz range, which most scanners cover. > conversations. I am familiar with the laws that allow anyone to be able > to listen to radio waves via radio sets. But why would they allow > phone conversations to be set in these bands where anyone with a police > scanner can eavesdrop? There was a court case which decided the issue of privacy of cordless phone conversations. These guys were arrested, having been overheard by police arranging a drug deal using a cordless phone. Their attorney argued that this constituted eavesdropping by the police, but the judge ruled that they should have known they could be overheard. Cordless phone conversations are not considered confidential. Since this case, there has been a bit more publicity and manufacturers' warnings about the lack of privacy when using cordless phones. When I lived in an apartment complex, I was setting up the frequencies for my scanner, and found someone talking on the phone once. (I don't recall the precise frequencies right now, but all you have to do is look in the descriptions of the cordless phones in the Radio Shack catalog.) Once in a while I would check to see if anybody was talking on the phone, but most of the time it was just teenagers chatting, until, inevitably one of them would say they were coming right over to the other's apartment. If they had done that first, they could have saved a phone call! In reality, most people's phone calls are pretty boring, so the novelty of listening in wears off quickly, and this is probably as effective as any regulation would be in keeping eavesdropping to a minimum. :^) Also, keep in mind that it hasn't been all that long since people had party lines, where eavesdropping is as simple as lifting the receiver. -- "FLYING ELEPHANTS DROP COW Dave Fiske (davef@brspyr1.BRS.COM) PIES ON HORRIFIED CROWD!" Home: David_A_Fiske@cup.portal.com Headline from Weekly World News CIS: 75415,163 GEnie: davef ------------------------------ Date: Wed, 1 Feb 89 13:59:23 PST From: Jeff Woolsey Subject: Re: Cellular Setup In article ron@ron.rutgers.edu (Ron Natalie) writes: >You don't even need a scanner, just tune an old UHF TV set up to >Channel 81-83. >[Moderator's Note: An old UHF TV with those channels won't work as >well as one of the radios which play television audio only. In this >country you can buy them for the VHF channels, but I believe they are >illegal per FCC rules where UHF is concerned. A company in Toronto >makes the kind which cover the UHF band, and specifically covering >channels 80-83 or thereabouts. I have an old Pioneer TVX-9500 TV Sound Tuner that gets those channels. At first I didn't know what I was listening to up there, but it was interesting. This same tuner also gets NOAA weather stations when channels 7, 8, 9, and 10 are all selected at the same time. -- -- When it comes to humility, I'm the greatest. -- Bullwinkle J. Moose Jeff Woolsey woolsey@nsc.NSC.COM -or- woolsey@umn-cs.cs.umn.EDU ------------------------------ End of TELECOM Digest *********************