Ghost in the machine, or something less mythical?

Ok, so in my Corporate Mercenary rant, I wrote about a handset that makes phantom calls. There’s lots of explanations for it, could be bad programming, could be someone with remote access to the handset or the network (authorised or not), all sorts of things. But what is the explanation for all these examples, over quite a few years?

If you haven’t read it, there’s one particular handset model that in a lot of cases will make calls all by itself. There’s no explanation for it, there will be no investigation on why it happens since the handset is outdated, and I’ve never heard of it happening to a customer inquisitive or technically minded enough to try and work out what’s going on. Recently I’ve heard of another newer model of flip handset from another company doing the same thing - according to the customer, it was sitting in his pocket in the car, closed. They were driving along and suddenly the phone of his son (who was sitting in the passenger seat) started ringing, showing the caller as being his father’s handset.

This raises the question - how? The customer has a flip phone - the only way to make a “pocket call” is to somehow have the phone open and buttons pressed. That’s not going to happen when it’s in your pocket unless you’re a rapper with those pants with the pockets you could hide your pets in. While writing this, I discussed this option with a workmate, and they suggested that the electrical contact that tells the software that the handset could have been faulty, and somehow something hit the keypad to cause the call. This is likely - if you’ve got something in your pocket it could get between the keypad and the screen and hit the send button twice and make a call.

There’s the “bad programming” explanation - which is possible, but how? Race conditions exist in many programming environments. When there are multiple processes modifying the same piece of data, that is supposed to be dependant on other data that somehow gets out of sync, then bad things can happen. I’m not a mobile handset firmware programmer, so I don’t know the full intricacies of what it takes to make a handset initiate a call, but without something seriously wrong with the handset and its firmware I don’t see how it can happen that easily.

A combination of hardware and software faults could explain it. A problem with the “flip detector” and a problem with the keypad - both able to be caused by either dust or corrosion caused by moisture could somehow create a condition where a call could be made. It’s possible, with half a million customers and probably twice as many phones floating around. Details you wouldn’t bet on, but that statisticians would play with for the fun of it.

In the past there’s been something of a weird fault with our voicemail system. For an hour or so, across random voicemail nodes and services, customers will occasionally have their voicemail message reset to the sound of a random conversation. From the few examples I’ve heard, it’s the exact same sample. The tech guys love it - it’s something of a challenge to them to track down what’s happening and try to work out what caused it. There’s no firm explanation to it, and there seems to be no pattern as to who, where or when it happens.

The only explanation that I’ve heard is that there seems to be someone actively doing these things. If there is, I’d honestly love to meet them and shake their hand. It’s not likely because at the closest, they are probably a thousand kilometers away in a different city, as I don’t live anywhere near where our network is. Mobile phone towers are just another computer system, interacted with via a wireless handset. The system’s designed to be sent a request to make a call, it gives the go ahead and then it transmits data. Every system has holes - just ask any network admin on a Microsoft network. It’s completely likely that there’s ways of interacting with a mobile phone network that allow access to the systems that control it.

This begs the question - if it’s possible to subvert the operations of a “normal” computer network such as we’re used to having in our homes - why can’t there be people that can do it to more non-standard computer systems? Phone phreaking was “an art worth your learning” before the phone companies realised people were enjoying the freedom of their unsecured networks. There HAVE to be backdoors, race conditions, buffer overflows, or just completely insecure network commands and components out there.

I suddenly realised something while writing the above paragraph…

I’m typing up an article/rant about bad things that happen at the telco where I work, and I’m using a work PC to do it. And really, I probably shouldn’t be doing it. Oh well.

Going back to the idea of the haunted phones making random calls. If someone were able to control a tower, or modify the actions of a particular system, would it be possible to convince a handset to make a call to another one? From the examples that I’ve heard about, it doesn’t show up in the recent calls list on the affected handset. So that part of the phone’s not realising that it’s happening. The problem with making a particular handset make a call is that not only would you have to know how to handle the vulnerability on the network side, you’re also trying to exploit a vulnerability on the handset side as well. This puts the level of knowledge required up by another several orders of magnitude. This is not a script kiddie. It might be a bored university student, or a bored systems engineer playing with things, but it’s definitely someone with a lot of smarts. Assuming it’s someone doing it at all.

My motivation’s waning, as usual when I get to this point in a brain-spew, and I’ve run out of ideas. It could be any of the things that I outlined. It could be none of them. Who knows? There’s no definitive data that I’ll ever be given in this, the position of phone monkey. Even if I worked in the Network Operations Center, they probably wouldn’t tell us, for fear of Terrible Things Happening.

I’d love to learn how to probe the network, but that takes all together too much research and learning for something that I’d only get bored of after six months of spending money and messing around. I think I’ll leave it for now, and leave you pondering why I can’t stay on a stable point in an article.



#Programming #Work