Cellular Phone Thieves Are Getting A Quick Line In
Sydney Morning Herald
Monday November 25, 1991
CELLULAR phones are now in active use in most civilised countries of the world. Unknown to many outside of the manufacturing field, however, is that they are not the most secure of devices when it comes to billing.
Take a landline phone by comparison. Unless a potential thief can break into your telephone line between your home or office and the phone exchange, it's almost impossible to make phone calls using conventional means and"charge" them to your bill - your phone meter is linked physically to your phone line.
Now take the example of a mobile phone - the identifier of the phone comes from the cellular phone itself. The identifier in most phones, regardless of whether they conform to the American Mobile Phone System (AMPS) or Total Access Communications System (TACS) systems, is the main chip inside the phone containing the Electronic Serial Number, or ESN for short.
Since the TACS system seen outside the US is the enhanced version of the AMPS standard found in the US and Canada, the chassis construction of cellular phones is pretty much the same. It has to be - economies of scale have allowed the price of even the most portable of mobile phones to fall well under the$US1,000 mark.
Because of the international nature, cellular phones have a fairly basic design - the ESN chip is "blown" into a device known as an Erasable Programmable Read Only Memory (EPROM) chip.
In theory, the ESN chip is unique to a cellular phone - all cellular phone manufacturers around the world have agreed to that. The ESN is made up of 11 digits. The first two numbers represent the manufacturer, with the second two digits indicating the model number of the phone. The fifth and sixth digits identify the country the phone has been built for. The remaining six digits signify the number of phones of that model that have been built.
The country code aspect of the ESN is useful for network operators since it allows variable pricing of phones according to demand in a given country. While phones are 10 a penny in Britain and US, for example, they are almost three times the price in Australia.
In theory, it's possible to use a British-sourced cellular phone in Australia, but in practice, Telecom will not allow non-Australian ESN-equipped phones to be used on its network.
Well aware that an ESN is the key element in a cellular phone, manufacturers have built systems into most cellular phones so that if an attempt to tamper with the chip is made, the chip self-destructs.
Unfortunately for the cellular phone community, it's very easy to slip on a chip reader and "read" the data on a chip into a computer, byte by byte. Then, using an EPROM blower costing about $50, a blank EPROM can be "blown" with an exact copy of the data.
This is useful to a thief who has hired a cellular phone for a few days. By unscrewing the case and "reading" the ESN chip data into a computer, multiple copies of the ESN chip can be created, and plugged into another cellular phone which has had its original ESN chip removed.
The advantage here is that the "cloned" ESN cellular phone is then free to make calls which are charged to the owner of the original phone.
Surprisingly, the cellular networks are fairly blase about the problems of cloned phones. They claim that the latest mobile phones have sufficient protection systems installed to deter all but the most determined thief, so the problem can be contained.
The problem in the US and Britain, however, is far from being contained. In Britain, there are almost 2 million cellular phones in use, many of which date back to 1985 when the service was first launched in that country. Protection technology then was a lot more basic than that available today, meaning that if the cellular thieves want easy pickings, then they should tackle an older generation cellular phone.
The cellular phone rental companies are wise to this problem and often supply only the latest hand portables. Transportable cellular phones are still a few years behind, meaning that this is the type of phone that the cellular phone thieves will home in on if they want access to free calls.
The cellular network providers are fighting the problem on two fronts - as well as building a degree of physical protection into a phone, they usually install artificial intelligence (AI) software on the network computers that look for unusual activity.
If, for example, a phone places a call at noon in New York, and then the same phone places another call 10 minutes later in Los Angeles, the network computer will know something is wrong and alert a human being to the fact.
If this occurs over a weekend, chances are that nothing will happen until Monday morning. By then, the hapless owner of the original phone could have been charged for hundreds of dollars' worth of phone calls that he did not make.
At this stage it is unlikely that the network operator will let the calls go for free, especially if the calls were international.
The situation in Australia is that there is a match between the ESN number and the 018 number so that a new telephone with a stolen ESN number gets rejected when it tries to make a call. It is still, however, theoretically possible with hire cellular telephones. Telecom gives client request itemised billing so this helps to spot and track down any naughty users. Telecom is now developing with the hire companies a further level of security which will alert illegal use almost immediately.
© 1991 Sydney Morning Herald
