1.) How is unlocking a phone "malware"? Isn't the lock malware, and the unlocking serves the owner of the device? Calling it malware reeks of regurgitating AT&T propaganda.
2.) How did this "deprive AT&T of the stream of payments it was owned under the customers’ service contracts and installment plans."? A phone getting unlocked doesn't void a contract, so those customers are still on the hook.
> Fahd allegedly recruited AT&T “insiders” to install malware programs that gathered confidential information and submitted unlock requests using employee credentials via a remote server.
These were probably 3rd party call centers or section of the company that ran their customer service lines which gave agents the ability to unlock devices.
The amount of spin this article is using to associate locking devices to keeping customers in long-term contracts is quite strong though.
I cannot see how would his be profitable. Usually when a customer receives a new cellphone at a lower price, that comes with a 12-24 month extension of a proportionally expensive contract. After said contract expires, AT&T has already made its profit. Even if someone would want to take the device and use another company's SIM card, they would still have to honour the contract with AT&T.
The only "free money" scenario I can think of, is stealing AT&T devices, and reselling them in the black market/ebay/etc and thus pocketing all the $$$ without having the customers signing contracts.
Ps: this is why a large company needs a large Internal Audit department.
Edit: removed an off-topic NSA-AT&T comment, added the Ps
A large number end up in collections or written off. AT&T doesn't want to issue unlock codes in those cases, because it severely reduces the chances of them getting paid.
AT&T also asks for your ID, so since they're using a stolen credit card I presume they're also committing identity fraud. Is this really wide spread issue though? Since they must be on the CCTV how many times can a scammer use the same human agent?
I used to work at a att store. You would be very surprised how often people open consumer or business accounts with new 4 new iPhones and just never make a payment on it. Just find someone willing to destroy their credit for 1000$ cash and sell the phones for 2000$
1. It's malware from the perspective of the entity whose computers it was installed on. To respond to your meta-point, phone locks are merely a technical control to help ensure consumers abide by their contractual obligations. At least, this is the case since companies have been obligated to offer unlocks for phones whose contracts are paid off.
2. Presumably, it's a combination of a number of mechanisms, like judgment-proof consumers or identity thieves unlocking and reselling devices.
Are they really obligated to offer unlocks now? I stopped getting subsidized phones 5 or so years ago (and it seems carriers mostly don't offer them anymore anyway), but I fought tooth and nail with multiple carriers to get my paid-for device unlocked, and usually the answer was "piss off".
Recently my parents switched carriers for whatever reason, so I had to get a new phone. Honestly I would have kept my Note4 for another year, but whatever. Being a phone from, what 2014? it was well paid off at this point.
1. I went to the AT&T Store, asked them to unlock my phone. Was told, no sorry, we don't do that here. "Call the support line."
2. Called the support line, waited 20 minutes, was transferred to the correct department, waited another 20 minutes. Was told, we don't do that over the phone anymore. Go to this website here.
3. Went to the website. It asks for the number that is printed behind the battery (y'know back in my day, you could remove batteries from the devices you owned and replace them) Next, it asks for some device ID Number that you need to ask the phone for. So you turn it back on, follow the directions, etc. Then you submit the form. Then they tell you it can take up to 48 hours to get the unlock code.
4. Wait.
5. Receive absolutely no confirmation or acknowledgement that your request was received or actioned on at all.
6. Buy a new phone because it isn't worth the hassle.
It sounds like he had to install malware in the call center / AT&T remote location so he could get the unlock codes remotely. "Malware" is probably not the correct term.
Once the phone is ported to another network, the original provider is basically SOL, contract or no.
>Fahd allegedly recruited AT&T “insiders” to install malware programs that gathered confidential information and submitted unlock requests using employee credentials via a remote server.
Sounds like the malware was stealing creds to be used to unlock the phones.
Many of these devices are unlocked in bulk and sold overseas. This deprives them of the payments that they expected for fronting the cost of the device.
I still don't understand how. Regardless of who ends up using the phone, surely the original purchaser/signer is still on the hook for the monthly payments?
ie. If I buy a contract iPhone from AT&T then unlock and sell on the phone, that doesn't nullify the fact that I still owe AT&T $100 a month for 24 months, regardless of where the phone is?
Yes the original purchaser is still on the hook for the payments. However in America today there are absolutely tons of people who are on the hook for payments that they simply do not make. In the tech world people are generally financially well off that they don't realize this. There are people that will just shrug at the fact they owe money to a company.
At least if the phone is locked the carrier can just cut off service as an attempt to hopefully get payment as the phone is rendered useless without payment. However with unlocked phones theres no way for them to get the money they are owed. It's insanely expensive for them to go after each and every subcriber legally that doesnt pay.
Remember, they are loaning these devices to subscribers who cannot pay the entire cost upfront with the hope they will pay them back over the course of the contract. Unlocking the phone gets rid of the one collateral they have. Thats the reason your account must be in good standing to unlock early with every major carrier and why some do credit checks.
If you buy an AT&T locked phone from a third party retailer, (ex Best Buy), you're expected to sign up for AT&T, but not under contract to do so; these phones are usually marketed for prepaid plans.
AT&T will usually unlock them if you request it prior to using it on their network, but would likely not unlock them in bulk for exporters.
I've purchased and used some of these when the price and timing was right and the frequencies aligned with my chosen network. It's more hassle than an unlocked phone, but sometimes the phone isn't available unlocked or locked to my chosen carrier. (More often, these phones are missing key frequencies, so not very useful on other networks)
It's "collateral" for the contract. Locking the phone is their way of putting a "lien" on it. Taking people to court over relatively small unsecured debts will eat through a good chunk of the margin that telecom companies are making off of those contracts in the first place. A locked phone is a couple hundred dollars worth of extra leverage to get a debtor to not default on the contract.
Selling the phone doesn't magically terminate the contract - they are still on the hook for all outstanding payments whether the phone is there or not.
If fraudsters are doing this in bulk (and using false/stolen identities to sign up for the contracts in the first place) then the main problem here is inadequate identity checks & fraud protections during the initial purchase and not phone unlocking.
The article makes it sound like this particular guy was just charging consumers to unlock their personal phones so they could use them on different networks.
I’ve been involved in these kinds of events in the past. The carriers go after anyone facilitating device unlocks extremely aggressively because there is a huge supply chain problem.
Consequently, just because the article says things, I’m pretty wary of trusting them to be correct.
I'm not sure what you're saying here. It sounds like you agree with the article that carriers go hard after anyone who helps unlock phones, but disagree on...what?
I recently had to contact support and through chat support the person said they were adding notes to my account. Of course when I call support another day they have no record of this. They then proceed to forward my call to 2 other departments each of which has no idea why I'm calling. I talked to each of these people for several minutes.
Same with Comcast, if not worse. For some reason their systems appear to take forever to load a customer account. One could probably find and pull a physical file of a user account faster in the pre-computer days out of a huge room full of wall to wall filing cabinets. I am not sure if it's ineptness or they pretend to take long to make support calls as frustrating as possible.
The trick I've found with Comcast is to go to their offices. The in-person support people have always been able to deal with whatever I was there for quickly and satisfactorily.
This is the only way I could get them to fix a problem I had.
I went on vacation once, never having missed a payment to Comcast nor have we been late in the 7+ years of our account.
I get back from being gone after the week, and no internet. I call Comcast, who says there is no outage, and can send someone out to investigate in a week.
Meanwhile, I look outside, and my cable is disconnected from the utility pole, meaning someone needed a bucket truck to do this.
Going into the Comcast office, they were able to send someone out in 3 days instead of 4.
Also, Comcast has no record of them disconnecting nor can tell me why I was disconnected.
I would LOVE to ditch Comcast, but I have 0 other options in my area for speeds over 25Mb, which is a joke. I will never understand how Comcast is not a monopoly.
I guess this turned more into me hating Comcast...
I don't want to, as a consumer I'd like to get decent customer service in a manner that isn't directly inconveniencing to either me or, even, the company. I don't demand that reps show up at my door, but it is seriously annoying how far Comcast will go out of their way refusing to help you.
I've had pretty excellent support from Comcast via chat on the 3 occasions I've needed to use them in the last 5 years or so. It doesn't seem like it's going to be as fast as a phone call, but it seems like I can easily express what I want/need and the chat agent seems to respond intelligently and effectively.
If you would like to learn a little bit more about the economics and operations of CSR call centers I can refer you to August 5 interview with Emily Guendelsberger on Sam Seder's show entitled "On the Clock: How Low-Wage Work Drives America Insane"[0] This link is timestamped to the relevant segment, but I can't isolate one phrase to demonstrate some of these operations. She employed herself in these locations to learn about how they operate, and the conditions. The TL;DR is that the outsourced companies bill on a per-minute basis, not on any actually useful metrics, in her experience.
EDIT:I forgot to metion that she does discuss how poorly integrated the CSR software is, and the absurdly cumbersome user interfaces which they are forced to operate.
It is curious, because the time you spend talking to staff is directly costing them money, so you would imagine they have a serious incentive to arrange their backend systems to be fast and efficient to resolve your query quicker and save them money.
I suspect the support department of most companies isn't empowered to change processes, have better computer systems, etc.
> “Now he will be held accountable for the fraud and the lives he has derailed.”
Whoa there. What? Yes, he's committed a crime and should be held accountable for that. But..
Who's lives has he derailed? If I was to accept a bribe to commit a crime, nobody is derailing my life but me - to say anything else suggests a level of intelligence bordering on inability to understand and take responsibility for my actions. Can I use this defence for non bribery related crimes? How about assassin for hire?
Prosecute him for the crimes he committed and prosecute those who accepted bribes for their crimes. Theres just no reason to exaggerate like this.
Edit: And, to add, I dislike the discount / rental / lock in model the carriers use, but it does sound like crimes were committed.
I guess you could consider all of the employees that got fired/will get fired/left before they got fired. Their lives got derailed but that's on them. No one held a gun to their head, this guy was on the other side of the world and convinced some AT&T techs to do this for money. If they were willing to install malware for money, AT&T is just lucky the guy was only after unlocked phones. I'm sure the employee handbook doesn't explicitly say "don't install malware for strange Pakistani men for money" but I'm sure they had enough training to put all of the pieces together...
If you profit off of a violent crime by making that crime more profitable, I believe you are morally culpable in that crime.
This person made muggings more profitable, and profited from it. If there was even one concussion from a mugging that otherwise wouldn't have happened, I would say that's a life derailed. Not provable, but likely.
The statement quoted makes it sound like people accepting bribes is entirely the fault of the person proposing the bribe. The blame is shared, nobody had their lives derailed by anyone but themselves as far as I can tell.
Looks like they completely buried the lead. That is, US carriers use proprietary hardware/software devices to establish and maintain a profitable strangle-hold on the consumer.
No doubt the law the broken. There's no justification for that. However, the lead is the lead is the lead, and it's burried.
Is it really a stranglehold if it's a condition of a contract that consumers agree to in exchange for subsidized hardware?
Personally I would never buy a carrier-locked phone, but I have the resources available to make that choice. Though the difference is maybe not huge, how many people do you think are online directly because of a carrier subsidy?
Yes and no. The point is, you don't have a choice. And it's not as easy to BYOD and switch carriers as it could be. The fact that these guys can make that much money doing this proves how the market feels about it.
Stop trying to force this abomination on people. It's never been "lede" except with people who like to feel like they're cool. It's a neologism that needs to be quashed.
I bought an ATT locked iPhone SE from Ebay just 2 months ago. The unlocking process was essentially just going to ATT website and typing in the IMEI and they unlock it within 15 minutes for free. I assume all the "pay $10 to unlock your phone" services are just counting on the average person being too lazy to discover your can just do the legwork yourself.
The mobile operator provided unlock only works on devices of a certain age. You can't typically, for example, purchase a new flagship device and unlock it on day one. The illegitimate methods bypass this restriction.
Theres a method of unlocking new/any iOS device using the GSX api that Apple maintains for the remaining list of Authorized Stores. Apple will not approve anyone new for the list, and they have changed up the requirements to connect to the API lately from just a username/password (which were often hacked or bribed), to client side certificates and blessed static ips (at a time when even the OS X networking libraries didn't support this), to a new version just now that I won't give the details but you can find if you do some github searching.
This only works if the person who bought the phone from AT&T paid all their bills. If they had an outstanding bill from with the initial contract, the unlock would not have been completed.
His methods were illegal but can we please recognize this guy for being an ABSOLUTE HERO for unlocking all those phones and giving the people what they wanted.
A contract was violated when these phones were unlocked. In return for a locked phone the buyer received a subsidy from AT&T on the cost of the hardware. I don't want people to violate contracts with me, why should I recognize someone as a hero just because I don't like the contract?
To be absolutely clear, I don't like locked phones, either, so I always buy non-carrier-locked devices and it means I pay the full, unsubsidized hardware price.
Contracts are violated all the time - it's called efficient breach. Most of the time, there are no penalties either. If AT&T overcharges you, and you don't notice - they just take your money without consequence.
If you can get away with efficient breach of contract, do it. As a former lawyer who write contracts all day, I will give you a virtual high five.
Sure it may be legal but is it whats morally good? If someone / your employer entered into a contract with you to pay you for your legal services for a year and then efficiently breached the terms would you give them a high five and be fine with it? In your example, would you give AT&T a high five for efficiently breaching their contract and taking money from a subscriber?
Also I'm not sure if you're using the right terminology. From Wex, Efficient breach: A breach of contract in which the breaching party finds it cheaper to pay damages than to perform under the contract. [1]
You're not paying them when you unlock your phone out of contract so it wouldn't be efficient breach. It's just breach of contract. Also as you know it's not really breach of contract or not until a judge says so, so you can't just call contract violations that happen all the time an efficient breach.
I have a bit of legal education from years ago and I understand that there are many things that are legally "right" but there are other things to consider too.
> A contract was violated when these phones were unlocked.
That doesn't make it wrong. Fun fact, contracts are violated all the time, and not just between individuals and huge telecom companies, but also between large companies. If you have an issue with it you sue for breach of contract.
Sure. But the same generality applies to contracts, especially contracts of adhesion - their results aren't necessarily beneficial to society, or morally good.
Phone unlocking itself is definitely beneficial to society and morally good. An incumbent network provider being able to leverage a small market inefficiency into indefinite bondage is not a good thing, regardless of how its justified. Never mind the e-waste and surveillance issues.
What’s morally bad about unlocking a phone? Literally suggesting that it is morally bad to modify a device you own. If att doesn’t want people to mess with these phones than they shouldn’t sell it.
What contract? Most of these contracts have terms for canceling early. Like a fee to cover the remaining cost of the phone. After that point, it's their phone and I don't see a problem with someone using their property on another network.
> When your contract is up they will unlock the phone for you.
Not necessarily automatically.
Maybe you are referring to the FCC ruling on Verizon's request?
(I have not been following this too closely but here is what I've read)
My understanding is Verizon will (in the future) fight this ruling as well.
> "After the expiration of the 60-day period, Verizon must automatically unlock the handsets at issue here regardless of whether: (1) the customer asks for the handset to be unlocked, or (2) the handset is fully paid off. Thus, at the end of the initial 60 days, the unlocking rule will operate just as it does now, and Verizon’s customers will be able to use their unlocked handsets on other technologically compatible networks. The only exception to the rule will be that Verizon will not have to automatically unlock handsets that it determines within the 60-day period to have been purchased through fraud."
I don't remember the exact wording, but the last time I had a subsidized phone (with T-Mobile) it was made clear to me that the phone could be unlocked after a period of time. The period was shorter than the contract period. T-Mobile even unlocked the phone for me before that time was expired when I explained that I was traveling to Europe and wanted to swap the SIM when abroad.
>T-Mobile even unlocked the phone for me before that time was expired when I explained that I was traveling to Europe and wanted to swap the SIM when abroad.
Thanks for posting that, as I had no idea it was possible. I personally don't buy locked anymore, but last year that definitely would have saved me some trouble.
>it was made clear to me that the phone could be unlocked after a period of time. The period was shorter than the contract period.
I am with T-Mobile as well, and IIRC there are two main options for unlocking:
Unlocking the phone doesn't break the contract though. AT&T is still going to charge you even if you stuff a different SIM in the phone. If you cancel your service then they'll tack on the ETF that covers the cost of the device. They wouldn't be losing money unless the guy was unlocking unactivated phones, which is an interesting legal area because technically he may never have entered into a contract with AT&T in the first place.
First, a subsidy can exist in many ways. It's not explicitly "when someone gives you money". It's often the case that phones are discounted through deals such as buy one get one (BOGO), for example. When you purchase those two phones they are tied to a contract that states you'll carry new lines of service through the carrier that subsidized the phones for a period of time. That's one example of a common US carrier subsidy.
Second is when costs of a phone are spread out over a contract period it is credit, not a subsidy. The carrier gives the phone to the buyer on credit since they haven't paid for it up front. This is often done now so people can buy phones they may not have the capital for up front. In this way the carrier lessens churn by locking buyers into a continuous upgrade cycle. If they want out of their contract they have to pay the balance of the phone and any early termination fees (ETFs). To imply these are "hidden installments" is disingenuous as the terms are laid out in the contract.
Counterpoint: carriers don't always make it easy to unlock your phone even if they allow you to do so as per the contract. It can involve lots of back and forth with clueless monkeys in their customer service department.
There's also the issue of legitimately buying/acquiring a phone, finding it to be locked and having no idea which carrier it is locked to nor how to go about getting it unlocked. It isn't an easy process even if everything is legitimate and the phone was acquired legally and not stolen nor its IMEI/ESN being banned anywhere.
The truth is, phone unlocking is designed to be a shit-show on purpose and practices like these are just a natural consequence of that. Make unlocking straightforward and user-friendly (or just don't lock phones to begin with) and the market for these illegal things will dry up significantly.
> There's also the issue of legitimately buying/acquiring a phone, finding it to be locked and having no idea which carrier it is locked to nor how to go about getting it unlocked. It isn't an easy process even if everything is legitimate and the phone was acquired legally and not stolen nor its IMEI/ESN being banned anywhere.
It sounds like you're talking about buying a used phone. Sure - there's danger there. Danger which can be completely mitigated by buying at the owner's provider's store, and having an employee look up that info before giving over money.
If you want to avoid all that business, it's really, really easy to just buy from the manufacturer. If you do that, they always come unlocked, not stolen and not banned.
Broadly: locked phones suck. I would never buy one (unless it was used and on a network I'm already with). But I also know several people who cannot save money. At all. Subsidized phone plans are specifically tailored for those people. The subsidized experience will always be worse than strict ownership simply because incentives between the provider and the user are not aligned. But for those people who can't save money, I think this is the best option they have.
Yes, there is danger, however it's artificially manufactured danger. There's no reason why the process should be so awful. If phone locking does need to exist (it doesn't but that's besides the point), why is there still no webpages on manufacturers' or carriers' websites allowing me to quickly check whether a phone is locked based on its IMEI and whether it can be unlocked (so whether the previous account is in good standing and the device isn't stolen)?
I remember knowingly buying a locked iPad. Even figuring out the carrier it was locked to was difficult (why isn't that displayed on the system information screen or on the error when you use a different SIM?) and Apple were of no help either. I bought it because I knew this bullshit and decided to go through it anyway but it isn't a pleasant experience and shouldn't be considered normal.
There's also the issue of recycling and e-waste. You're telling me to buy new, which is fair but what about the countless locked devices that are perfectly functional and yet stuck in limbo because nobody can figure out how to unlock them (even if they are otherwise not stolen and the previous account was in good standing)? Should we just accept that these devices are essentially bricked and can go for scrap because it's not worth the trouble to unlock them?
This is a tertiary issue, but for carriers using locked bootloaders unlock them when you unlock your phone to go to another carrier? If not, then the device that's bought and paid for is still not wholly owned by the customer.
I've never owned a phone with a bootloader I couldn't unlock myself (unofficially or otherwise), so I don't know if this is the case or not.
I would argue that that your latter assertion is not the case, at least not here in the US. When I got my first cellphone in the mid-00s, you bought your phone on an installment plan from the carrier as part of the service contract, the purchase installments were rolled up with your and service fees, and that's the way the world worked, regardless of which carrier you chose. Bringing your own device was not a thing.
It wasn't until later that I learned that cellphones could exist independent of their carrier networks and be unlocked therefrom; that one (in theory) could purchase a phone somewhere else, and then bring it to the the carrier of one's choice to be configured to interface with that network. And I only learned of that fact because I am nerd who likes to learn as much as he can about anything he becomes involved in.
Most people aren't nerds or have nerd-like tendencies. Most people simply want a magic rectangle so they can have Snapchat and Twitter in their pocket. The carriers do little to advertise the fact purchasing phones independently is even an option. So I'd say, no, most people don't know what they're getting into when they sign up.
And lest you say that said terms are right there in the contract, while true, be honest, when was the last time you carefully read and understood all 40-pages of the EULA when you have a more pressing problem to solve? I suspect even you commonly simply click the "I Agree" to get that damn boilerplate out of the way so you can Buy The Thing already.
The people can get what they want by buying an unlocked phone. It's not like it's hard. I haven't bought a provider-locked phone in over a decade, because I move and travel a lot. This guy is a criminal, plain and simple.
Companies need to assume that their network is compromised.
Ignoring anything else that means they need to adopt E2E encryption for all user data (except where legally mandated to be insecure, or when the data has a fundamental need to be accessible - e.g. your bank needs to know how much money you have). Anything else, including dumbass politicians demanding magic crypto, makes your user data a valuable and achievable target.
Wait... what? The "malware" just unlocked the phones' carrier locks? Was it the phones' owners who were paying him to unlock them from AT&T? Why is an illegal scheme even necessary for doing that? I'm quite confused.
Why is illegal scheme necessary to create derivative works of Mickey mouse? Because this world, while being peaceful, is overrun with hostile actors at every corner.
No, I mean, you can literally ask AT&T and they'll unlock your phone. Or if this was before that was possible, you could still just root it yourself. I don't see why the network or its employees had to be involved at all.
NO! Rooting your phone will not result in a carrier unlock. I am not aware of the specific technical details, but there are mechanisms in place which RMS would call "Negative in the freedom dimension."
In my case I followed your advice, thinking like a logical human, that rooting my phone could allow myself to unlock my device (which I paid retail price from their walled garden market for pre-locked devicess, no subsidy and also following years of service) but i discovered many many months after the fact that the cellular megacorp can use their OTA update service in some instances to reverse your assertion of control over your device somehow.
I used a dodgy unlock service in a time of desperation, and would later find myself locked out from my fully paid device yet again. The handset cost as much as a crappy but roadworthy car and was paid in full.
These convoluted service lock agreements do nothing at all but ensure paying customers are beholden to the capricious will of these amoral corporate entities. The marketing and lobbying makes us think this is a good deal.
EDIT: I used an opensource rooting method, and later used a dodgy unlock service which i believe this person may have been involved in reselling.
Rooting alone doesn't accomplish anything, but once rooted you can do anything to your phone, including carrier-unlocking, blocking updates, or rewriting the whole operating system. The only thing a carrier could still do in theory is blacklist your device from connecting to their network, which I've never heard of anyone doing.
The SIM lock methods are a little bit diferent from handset to handset, but flashing LineageOS will not unlock your handset. I know there are some handsets which the SIM Lock may be manipulated via block device, but you often have to issue dialer commands to the baseband firmware.
Absolutely no pity for at&t, and please tell me where I can contribute to the defense fund. Phone locking is idiotic and anyone working against that is my hero.
ATT is such a horrible, rent seeking parasite on our economy, I'm rooting for whoever is redistributing that wealth. I'm not too fond of the guy, but the enemies of my enemies can be friends.
I think it's very important to note the long-term crappy treatment of AT&T employees by management - most recently illustrated by the wholesale transfer of thousands of senior IT people to IBM (an even worse employer, doubtlessly for off-the-AT&T books elimination).
A good employer, and most are better than AT&T, has a certain level of loyalty as a defense. This bribe thing doesn't surprise me one tiny bit.
>The indictment doesn’t get into how Fahd was caught. He was arrested in Hong Kong in February 2018 at the request of U.S. authorities. Fahd was extradited from Hong Kong to the U.S. last week to face 14 different charges in federal court
interesting that extradiction to US is ok while to mainland China - isnt. Speaks volumes about whom HK people trusts more, and it doesn't look very promising wrt. peaceful and harmonious full integration of HK.
Wrt. the original post - impressive that AT&T couldnt notice what was happening at that scale for that long. Somebody need to sell them one more audit software package.
> The indictment doesn’t get into how Fahd was caught. He was arrested in Hong Kong in February 2018 at the request of U.S. authorities. Fahd was extradited from Hong Kong to the U.S. last week to face 14 different charges in federal court in Seattle, including wire fraud, violating the Travel Act and intentional damage to a protected computer.
How was Edward Snowden allowed to chill in Hong Kong? Was it because the indictment/extradition request was political and they don't honor those on our behalf? I thought HK just ignored US arrest warrants.
I wonder what the footprint is do the SIM hijacking, e.g. is anyone a sufficiently high enough bribe away from the type of scheme that compromises their account because it only takes 1 employee to effect it.
I've been switching to hardware keys when I'm able but it's not always feasible. I just bought a Titan key combo and you can't use most 3rd party email clients with it so that made it kind of useless to me (since Gmail's mail app isn't that great)
Fraudulent SIM swaps are already being done and it's a lot less sophisticated than this - just show up to a store with a fake ID (or bribe the low-wage employee who isn't paid enough to give a shit so I can't really blame them).
This is one of the problems with the cloud as well. You assume your website is well and safe but a Digital Ocean (or whatever) employee could always hack it.
this is one of the problems with datacenters as well. you assume your router is well and safe but the NSA (or whatever) employee could always intercept it in transit and hack it.
this is the problem with offshore hosts as well. you assume the lack of an information sharing treaty and plain text writing of a law ensures the privacy of your data, but the government can just arbitrarily hand it over to the first FBI agent that asks
this is the problem with hosting it at home on your own server with your own hardware. Your kids will hack it when you're not looking and install a Roblox server and let every idiot into your server to do whatever they want with it. Also, kids are stupidly easy to bribe.
It's possible that some executive wanted to cover it up to avoid the embarrassment of having this happen on their watch. If they press charges, the matter becomes public (both inside and outside the company). If they let the perpetrators walk, nobody finds out (or so they might have thought).
When a phone is “locked”, what does that entail? Is there a list of IMEIs somewhere that carriers check against when phones connect to their network, or is it something on the handset itself? If it’s software on the phone, surely it’s possible to hack it on the phone itself?
simlock. War between hackers and carriers/handset manufacturers has been raging since before the Mitnick days (Motorola firmware hack).
For example mikeselectricstuff (hackaday readers will immediately recognize the name https://www.youtube.com/user/mikeselectricstuff/videos , he is known among other things for Reverse Engineering the iPod Nano 6 screen and hacking FLIR E4 Thermal Imaging Camera to full resolution) has been making a living cracking GSM handset firmware in the nineties.
Wouldn’t it be a nice value-add if manufacturers provided an unlock after say a year or two after initial purchase? My experience with carriers is that even if you’re eligible for an unlock they’re a nightmare to get.
Quite a while ago I was on an AT&T family plan with my aforementioned family. An unexpected death in my family caused a falling out/estrangement situation which jeopardized our cellular service, along the lines of an intestate inheritance, forfeited property, decades of fraud/extortion...and my borderline personality mother becoming enraged at the fact that we would now be reassessing my family's troubled history in the wake of this tragedy. The result of these events were that my (quite old) AT&T smartphone service was unexpecgedly cancelled, leaving me out in the cold. I needed service fast, and got a sim card ASAP but I did not reckon that my (fully paid for) cellular device would be carrier locked.
This is my mistake of course, but the result is that I was, late at night, caught out with no functional device to use with my sim card, and a brand new MVNO service agreement. I took to the internet in order to find a solution, and ended up using my privacy.com account to pay for a rather sketchy Samsung unlock service, which worked like a charm.
Eager to forget this entire affair, I moved on with my life.
One day about a month or two ago, my Samsung handset began demanding a carrier unlock code. Confused, and in need of service, I shelled out for the nearest used smartphone thing I could find.
This was rather alarming as I was cut off, yet again, and until this day I had no idea how my handset had relocked itsself! my MVNO CSR couldn't help, bless his/her soul, insisting I would need to contact the carrier for the unlock code. Instead, I hit that thing with a hammer and called it a night.
After I used the dodgy unlock software which I paid a 20 for, I had monitored my handset for malicious activity via my personal security gateway but could never identify anything unusually malicious.
Now I have a backup plan, and carry a spare flip phone.
If your mother has access to lexisnexis, I might consider a restraining order if your situation sounds familiar.
I concluded that AT&T has rescinded these unlock codes, leaving untold numbers of legitimate users without a way to conduct business.
Carrier locked devices should be outlawed. AT&T appears to my naive eyes as a malevolent shitshow, much like verizon and comcast and other rent seeking walled garden extortionists. The history of these telephone companies precedes them, but gosh i wish that my real life didn't feel like it existed in Eve Online.
I have a feeling that multiple carriers have a similar problem. I traveled to another city and noticed that some incoming spam calls shifted to incoming numbers with the local area code.
This person did nothing wrong. Laws holding people accountable for helping people who are being abused by an unaccountable power are themselves abusive and should be struck down.
2.) How did this "deprive AT&T of the stream of payments it was owned under the customers’ service contracts and installment plans."? A phone getting unlocked doesn't void a contract, so those customers are still on the hook.