GSM Phone Hijacking?

by Paul Laudanski, AKA Zhen-Xjell
April 20, 2004

I've been a faithful GSM cellphone subscriber for years. Never had any issues. In fact, I was on the CDMA network for a couple years on a business cellphone and received SPAM SMS pages on occasion, but never on my GSM provided cellphone. Until now, and my Motorola Cellphone was hijacked!

Last Friday I received an SMS update text message that appeared to come from my provider. As anyone else might do, I read its incoherant message and quickly deleted it.

Tonight however, I noticed when trying to call someone that the very first entry in the phonebook said 411 AND MORE.

What?

Ok, I view the item and the number it contains is '411'. Its Speed number was set to #503. Now anyone with a GSM card knows that numbers upwards of 501 take time to enter and save since the default is '1'. One must backspace and enter a new number. Then it finds the next available number. Otherwise, if the number is on a used spot, the phone asks you if you desire to replace it.

It just so happens that my #503 was already prefilled for a couple years. This '411 AND MORE' simply replaced it!

Talk about a major privacy issue with this GSM cellphone provider. So I talked with a representative tonight for about 20 minutes, got his name and employee number. I asked to share his data and was politely told no. Ok, I'm being professional about this.

This person, lets collectively call him 'Shelby' (fictitious and used just for the purpose of giving him a fake name), told me he heard from another customer they received SPAM SMS messages containing '411 AND MORE' previously, but that my instance of speed dial hijacking was a first. This wasn't even in their database system.

Long wait times... so I'll follow up with my provider tomorrow.

However, I'm not very pleased with this at all. If my speed dials can be remotely hijacked, then how secure is my phone book?

Cellphone users beware. Will we need anti-hijack software on our 'simple' mobile cellphones?

Now you may ask yourself, did I make a boo-boo? With 100% confidence I can tell you that when surfing my cellphone I pay strict attention. That entry did not get added by any manual means via physical phone access.

Bewildered and concerned.
Paul

@Copyright ComputerCops 2004