Cellular PhreakingThe cellular/mobile phone system is one that is perfectly set up to beexploited by phreaks with the proper knowledge and equipment. Thanks toderegulation, the regional BOC’s (Bell Operating Companies) are scattered and donot communicate much with each other. Phreaks can take advantage of this bypretending to be mobile phone customers whose “home base” is a city served by adifferent BOC, known as a “roamer”. Since it is impractical for each BOC tokeep track of the customers of all the other BOC’s, they will usually allow thecustomer to make the calls he wishes, often with a surcharge of some sort.
The bill is then forwarded to the roamer’s home BOC for collection. However,it is fairly simple (with the correct tools) to create a bogus ID number foryour mobile phone, and pretend to be a roamer from some other city and state,that’s “just visiting”. When your BOC tries to collect for the calls from youralleged “home BOC”, they will discover you are not a real customer; but by then,you can create an entirely new electronic identity, and use that instead.
How does the cellular system know who is calling, and where they are? When amobile phone enters a cell’s area of transmission, it transmits its phone numberand its 8 digit ID number to that cell, who will keep track of it until it getsfar enough away that the sound quality is sufficiently diminished, and then thephone is “handed off” to the cell that the customer has walked or driven into.
This process continues as long as the phone has power and is turned on. If thephone is turned off (or the car is), someone attempting to call the mobile phonewill receive a recording along the lines of “The mobile phone customer you havedialed has left the vehicle or driven out of the service area.”When a call ismade to a mobile phone, the switching equipment will check to see if the mobilephone being called is “logged in”, so to speak, or present in one of the cells.
If it is, the call will then act (to the speaking parties) just like a normalcall – the caller may hear a busy tone, the phone may just ring, or the call maybe answered.
How does the switching equipment know whether or not a particular phone isauthorized to use the network? Many times, it doesn’t. When a dealer installsa mobile phone, he gives the phone’s ID number (an 8 digit hexadecimal number)to the local BOC, as well as the phone number the BOC assigned to the customer.
Thereafter, whenever a phone is present in one of the cells, the two numbers arechecked – they should be registered to the same person. If they don’t match,the telco knows that an attempted fraud is taking place (or at best, sometransmission error) and will not allow calls to be placed or received at thatphone. However, it is impractical (especially given the present state ofderegulation) for the telco to have records of every cellular customer of everyBOC. Therefore, if you’re going to create a fake ID/phone number combination,it will need to be “based” in an area that has a cellular system (obviously),has a different BOC than your local area does, and has some sort of a “roamer”agreement with your local BOC.
How can one “phreak” a cellular phone? There are three general areas whenphreaking cellular phones; using one you found in an unlocked car (or anunattended walk-about model), modifying your own chip set to look like adifferent phone, or recording the phone number/ID number combinations sent byother local cellular phones, and using those as your own. Most cellular phonesinclude a crude “password” system to keep unauthorized users from using thephone – however, dealers often set the password (usually a 3 to 5 digit code)to the last four digits of the customer’s mobile phone number. If you can findthat somewhere on the phone, you’re in luck. If not, it shouldn’t be TOO hardto hack, since most people aren’t smart enough to use something besides “1111”,”1234″, or whatever. If you want to modify the chip set in a cellular phone youbought (or stole), there are two chips (of course, this depends on the model andmanufacturer, yours may be different) that will need to be changed – oneinstalled at the manufacturer (often epoxied in) with the phone’s ID number, andone installed by the dealer with the phone number, and possible the securitycode. To do this, you’ll obviously need an EPROM burner as well as the samesort of chips used in the phone (or a friendly and unscrupulous dealer!). As torecording the numbers of other mobile phone customers and using them; as far asI know, this is just theory… but it seems quite possible, if you’ve got theequipment to record and decode it. The cellular system would probably freak outif two phones (with valid ID/phone number combinations) were both present in thenetwork at once, but it remains to be seen what will happen. Law
Cite this Cellular Phreaking
Cellular Phreaking. (2019, Mar 13). Retrieved from https://graduateway.com/cellular-phreaking/