Mobile Game Trojan Calls the South Pole

UgLyPuNk writes with an excerpt from Gamepron.com: "Freeware games can actually cost you more money than their pay-to-play cousins, as mobile gamers in the UK have learned. A 'booby-trapped' version of a popular Windows Mobile game has been sneakily spending their money while they sleep – by dialing phone numbers in the Antarctic behind their backs."

Re:LOL

[eugene2k]

>Why on earth are mobile phone apps even allowed to make calls in the first place, without some sort of specificaly made user authorization?
For the record, when a Symbian app tries to make a call or connect to the internet the user is presented with a dialog asking whether to allow the app to connect/make a call. No idea why Microsoft decided this is not needed.

Re:One really has to wonder...

[DarthBart]

+672 is not just for Antarctica, though. It is shared with Norfolk Island (a sort-of part of the commonwealth of Australia).

Re:no phone numbers in antartic

[pookemon]

I originally modded you up - and then I did a search of my own.

http://countrycode.org/antarctica [countrycode.org]

Seems Wikipedia is not right about everything - go figure.

Re:LOL

[profplump]

And decent phones do. On a BlackBerry, for example, you have to specifically authorize each application to access to the voice radio, IP connections (as a whole or per-domain), GPS, address book, etc. It's easy to use and provides great protection, not to mention the instant insight into what a program is actually doing (i.e. "Why does this free calculator want to connect to warez.ru"). Why WindowsCE doesn't do such things is a complete mystery.

Re:What to the hackers gain?

[LingNoi]

but neither article tells me how it is to the advantage of the hackers to give random people big telephone bills.

Maybe they get lonely down there.

Re:no phone numbers in antartic

[AK Marc]

That country code is for Australia (they have one code for Australia proper, and one for external territories, which includes the Antarctic station). Most countries use their own country code for their Antarctic territories, but Australia is the exception. The only people you'll get with that country code are Australians, and none of the other research stations, so I'm not sure I'd say that Antarctica has its own country code.

Re:LOL

[zullnero]

It's how .NET CF's telephony API works. You call a function, send it a number as a parameter, and it dials it. As long as I can remember, that's pretty much been how you call that particular .NET CF function. At least, that's how it worked in 2005 with .NET CF 1.0. So basically, that particular hole has been there for probably about 5 years. Since most mobile phones run a slightly older than latest version of .NET CF, I'd imagine that quite a few phones would be vulnerable to that. That said, the main reason it doesn't prompt for verification is because a lot of big companies, carriers, major third party dev houses, etc. most likely demanded that they be able to "phone home" seamlessly and quietly for various reasons or they wouldn't support their platform.

I know, you're probably thinking "what reasons"? Well, from some of the vendors I've worked with, it ranges from location based information to cell phone recovery tracking to remote programming. None of it is absolutely necessary given current available technology and that you can do all that stuff over the data network, but when Windows CE was originally designed, data networks weren't quite as useful.

Profiting is the easy part

[chrb]

What I don't exactly see is how they're profiting off the number.

There are plenty of providers of international premium rate numbers that will ask no questions about the callers and deposit a percentage of the call termination fees into a bank account at the end of the month - the article mentions they used Somalia ($0.14/min) [getpremiumnumbers.com], Dominica (€0.45/min) [getpremiumnumbers.com], Antarctica (€0.46/min) [getpremiumnumbers.com]. The provider I linked to was the top of Google's search - you can probably find others offering higher rates.

It should be a simple matter to follow the money back to the source of the problem

Not really. These crimes cross multiple legal jurisdictions, and there is no evidence to tie the trojan writer to the person profiting from the calls. Authorities in, say, Switzerland, will not break the banking secrecy of an individual just because they profited from running a premium rate phone number.

I remember hearing a story back in the early 90s about a French guy who had over 30 land lines installed in his house, and had set up an automated blueboxing dialler to call international premium rate numbers 24/7. Allegedly, he was earning $1.50/min from each call, and he quickly became a millionaire.

Re:One really has to wonder...

[Anonymous Coward]

+88234 is allocated to our company Global Networks Switzerland AG who operates a GSM network in Antarctica. The +88234 allocation is published by the ITU in the E.164 standard somewhere around 2003. As Antarctica is not considered a country according to the united nation but international territories, the +88234 allocation is out of the shared country codes block which is where you also find the satellite networks such as GlobalStar, Thuraya etc and also networks operating on Cruise Ships and similar. This is the main reason why operators charge a fortune. They don't differentiate +88234 in pricing from other networks in +882xx or +881xx which means you get charged sattelite connections even though our connection is much cheaper (and they make a hell of a lot of money off you). The connectivity to Antarctica goes over satellite to the edge of Antarctica to a research station (you can't reach the center over satellite). There is a second allocation +672 for antarctica for the australian Scott's base which is basically some kind of areacode of Australia. We have nothing to do with that network.

About the abuse of the number for so called auto-dialers, malware in games etc, please be aware that we are not involved in this. People somewhere in the middle do break out those calls and terminate it illegally on their equipment charging termination fees and making money of it. Those calls do not end up on our switch where they would supposed to go. The numbers used in the dialers are not in use in our network so calling them would result in a "unallocated number" error and you would not have been charged.

If you get charged for calls to +88234-8.... complain to the operator as it clearly points to shortstopping by a 3rd party.
Our legitimate users use mainly +88234-7xxx xx xx with a few allocations in +88234-4... and +88234-5...

Regards

Andreas Fink
CEO
Global Networks Switzerland AG
afink at gsm.aq

Diego Garcia

[ei4anb]

The island of Diego Garcia used to be a favourite for such phone scams. Phone companies have international agreements to tranfer money, a portion of what they bill for international calls. In the case of the scam calls to Diego Garcia the money could be siphoned off by middlemen because Diego Garcia did not have agreements with all phone companies (bad credit rating?) and the money was routed indrectly. Something similar is happening here. The Irish Communications Regulator blocked direct dial calls to a list of countries to cut down on such fraud http://news.cnet.com/Ireland-launches-phone-fraud-crackdown/2100-1036_3-5377387.html [cnet.com]

Re:LOL

[Anonymous Coward]

WinMo probably does have a similar setting. The problem is that many programs you install on Blackberries prompt you to change their security settings, much like many Linux things you install prompt you for root access. When it becomes commonplace people just click OK or enter their password without thinking - it's only the security-conscious who pay attention to those things.

Re:LOL

[TheSunborn]

You are aware that Apple don't review code before it is added to the shop right?

And the rest of the world have already solved this problem for mobile phones. An application don't have access to do anything that can interfere with other applications/the operation system without explicit user accept.

And this access is handled by the operation system not the application. The application ask the operation system, and the operation system ask the user, so the application don't have any way to trick the user into doing something by lying to the user.

Re:One really has to wonder...

[Anonymous Coward]

There is a second allocation +672 for antarctica for the australian Scott's base which is basically some kind of areacode of Australia.

Scott Base is actually a New Zealand station. I believe the NZ phone system in Antarctica uses the +64 dialing code with an extension.