More coursework: 1 - A | B | C | D | E | F | G | H | I - J | K - L | M | N - O | P - S | T | U - Y

Cellular phreaking

Cellular Phreaking

The cellular/mobile phone system is one that is perfectly set up to be

exploited by phreaks with the proper knowledge and equipment. Thanks to

deregulation, the regional BOC's (Bell Operating Companies) are scattered

and do not communicate much with each other. Phreaks can take advantage of

this by pretending to be mobile phone customers whose "home base" is a city

served by a different BOC, known as a "roamer". Since it is impractical

for each BOC to keep track of the customers of all the other BOC's, they

will usually allow the customer to make the calls he wishes, often with a

surcharge of some sort.

The bill is then forwarded to the roamer's home BOC for collection.

However, it is fairly simple (with the correct tools) to create a bogus ID

number for your mobile phone, and pretend to be a roamer from some other

city and state, that's "just visiting". When your BOC tries to collect for

the calls from your alleged "home BOC", they will discover you are not a

real customer; but by then, you can create an entirely new electronic

identity, and use that instead.

How does the cellular system know who is calling, and where they are?

When a mobile phone enters a cell's area of transmission, it transmits its

phone number and its 8 digit ID number to that cell, who will keep track of

it until it gets far enough away that the sound quality is sufficiently

diminished, and then the phone is "handed off" to the cell that the customer

has walked or driven into. This process continues as long as the phone has

power and is turned on. If the phone is turned off (or the car is), someone

attempting to call the mobile phone will receive a recording along the

lines of "The mobile phone customer you have dialed has left the vehicle

or driven out of the service area." When a call is made to a mobile phone,

the switching equipment will check to see if the mobile phone being called is

"logged in", so to speak, or present in one of the cells. If it is, the

call will then act (to the speaking parties) just like a normal call - the

caller may hear a busy tone, the phone may just ring, or the call may be

answered.

How does the switching equipment know whether or not a particular

phone is authorized to use the network? Many times, it doesn't. When a

dealer installs a mobile phone, he gives the phone's ID number (an 8 digit

hexadecimal number) to the local BOC, as well as the phone number the BOC

assigned to the customer. Thereafter, whenever a phone is present in one

of the cells, the two numbers are checked - they should be registered to

the same person. If they don't match, the telco knows that an attempted

fraud is taking place (or at best, some transmission error) and will not

allow calls to be placed or received at that phone. However, it is

impractical (especially given the present state of deregulation) for the

telco to have records of every cellular customer of every BOC. Therefore,

if you're going to create a fake ID/phone number combination, it will need

to be "based" in an area that has a cellular system (obviously), has a

different BOC than your local area does, and has some sort of a "roamer"

agreement with your local BOC.

How can one "phreak" a cellular phone? There are three general areas

when phreaking cellular phones; using one you found in an unlocked car

(or an unattended walk-about model), modifying your own chip set to look

like a different phone, or recording the phone number/ID number combinations

sent by other local cellular phones, and using those as your own. Most

cellular phones include a crude "password" system to keep unauthorized

users from using the phone - however, dealers often set the password

(usually a 3 to 5 digit code) to the last four digits of the customer's

mobile phone number. If you can find that somewhere on the phone, you're

in luck. If not, it shouldn't be TOO hard to hack, since most people

aren't smart enough to use something besides "1111", "1234", or whatever.

If you want to modify the chip set in a cellular phone you bought

(or stole), there are two chips (of course, this depends on the model and

manufacturer, yours may be different) that will need to be changed - one

installed at the manufacturer (often epoxied in) with the phone's ID

number, and one installed by the dealer with the phone number, and possible

the security code. To do this, you'll obviously need an EPROM burner

as well as the same sort of chips used in the phone (or a friendly and

unscrupulous dealer!). As to recording the numbers of other mobile phone

customers and using them; as far as I know, this is just theory... but it

seems quite possible, if you've got the equipment to record and decode it.

The cellular system would probably freak out if two phones (with valid

ID/phone number combinations) were both present in the network at once,

but it remains to be seen what will happen.



About this resource

This coursework was submitted to us by a student in order to help you with your studies.


Search our content:


  • Download this page
  • Print this page
  • Search again

  • Word count:

    This page has approximately words.


    Share:


    Cite:

    If you use part of this page in your own work, you need to provide a citation, as follows:

    Essay UK, Cellular Phreaking. Available from: <https://www.essay.uk.com/coursework/cellular-phreaking.php> [05-06-20].


    More information:

    If you are the original author of this content and no longer wish to have it published on our website then please click on the link below to request removal: