TUCoPS :: Phreaking Cellular - Misc. :: telus_~1.txt

Serious privacy problem with Telus Mobility customer self service 





	;;[[ TELUS MOBILITY; Customer Privacy No More ]];;


>>
By: The Clone
Date: Tuesday January 4, 2000
<<

._.

"The 'Telus Mobility account information' telephone number is more 
than just a convenient and easy-to-use service. It's also a vulnerable 
system open for anyone wanting to snoop on private customer data."
._.


Telus believes that *most* of its customers are able to manage
their cellular/pager account information with the help of a 
"friendly" easy-to-use automated self-serve system. 

So because of this they implemented the... 
'Telus Mobility Cellular/Pager Automated Service' telephone number.   
   
[quote taken from www.telusmobility.com]

   "In the future, TELUS Mobility will introduce many technological
advances to improve upon the services we offer today. When it comes to
   wireless communications, the future belongs to... TELUS Mobility."

-- There's no doubt in my mind that Telus offers great service.
   Well of course the only other phone company I've had was ED-TEL
   from before 1995 and they weren't a terribly technologically advanced 
   phone company. 
 
  But because of the many services that Telus (Mobility) does offer,
they unfortunately tend to ignore the privacy aspect. This is where 
I come in. When some hoodlum from within the realm of the 'Mah-Bell' 
Gestapo armed with a telephone, determination, and 198ppm of caffeine 
can bring important privacy issues to the attention of the phone company 
and its customers... there's no doubt that there is need for change.

Lets say by some rare chance that *does* in fact improve beyond tomorrow, 
there is no way in hell I'll stop doing what I do.
Unless of course if I was bribed by CEO of Telus (George Petty) with a
large sum of money and my very own brand new Telus telco-van [heh heh].

._.

D I A L :  7 8 0 - 3 1 0 - 2 2 3 3 . . .

RING...
RING...

(crappy 5 second song)

"Good morning/afternoon/evening and thanks for calling 
 Telus Mobility."

"To help serve you better, please enter your 
area code and seven digit cellular or pager number."

[enter the vitals]

"Please hold while we access your account information..."
_________________________________________________________

OPTIONS:

[a] - "For account balance and payment information press 1."
[b] - "For any other paging or service inquiry press 2."


--

[a]: After accessing this menu, you will be given the following
     options:

"You have five selections!"

Balance Information                       (press 1) 
Credit Card Payment                       (press 2)
Notify Payment or make other arrangements (press 3)
Change Billing Information                (press 4)
Information on how to Read your Bill      (press 5)

[Tips]
To Repeat Messages                        (press #) 
To Return to the Previous Menu            (press *) 
To Access the Main Menu                   (press 9) 
To speak to a customer service            (press 0)
 
-
All we want to access is the Balance Information because the
other options require a credit card and/or Telus phone bill
not to mention options 2, 3, and 4 all connect to a live operator.

So you've pressed 1 and you're now in the Balance Information menu.

			[_What Now?_]

! You're prompted for your "personal identification number."

Because Telus loves to help its customers and unknowingly
help intruders, it tells us that by default our PIN is a 
temporary three digit number.

The temporary three digit number is the three numbers in 
our postal-code.

For example: 

Pager #: (780)-480-0839

The pager belongs to Joe Shmoe who registered his pager 
to his home address. Joe Shmoe's postal code happens to 
be T5B-1R7. 

Joe Shmoe's temporary three digit PIN is '517'.

--

See, the average "Joe" isn't aware that they can change that 
vulnerable three digit PIN that can be accessed by anyone with 
their phone number and postal code.

Hell, most people probably didn't even know this system even
existed until now. 

If a malicious person(s) accesses your account information,
they'll know what you're billing statement is, what numbers
you've called, etc... without you ever knowing it. 

Not only that, but there's also a way to change that default 
PIN number so that only THEY would have access to YOUR account info.
** Up to 17 digits in length ** 
 
(I'd like to see you bruteforce hack that! *smirk*)

-- 

[b]: This menu is not useful because it connects to a live operator. 
     The last thing we want is help. Though mental help might be what
     we malicious kittens may need. *purr*

._.

Conclusion;

It was only six months ago (30.6.99) when I wrote the document 
'TELUS; 811 Self-Serve stratagem'. In this document I discussed how 
anyone with only a phone bill could wreck havoc on unsuspecting
victims. Add/delete features... disconnect phone service. Ouch!

Now this document. Where I spoke about how one could again wreck
havoc. This time on cellular and pager customers. The only requirement
is that you have a valid Telus Mobility cellular/pager number and the
owners postal code. 

How can we trust Telus with something as simple as our account information? 

Having such a vulnerable system that only the three numbers in your postal 
code make the difference between privacy and possible exploitation is not 
something to be taken lightly.

Either Telus tightens its security in its "automated service systems" 
or a lot of unhappy customers will switch to another cellular/pager  
service. 

Remember kids: Telus Mobility no longer has a monopoly on the local
               cellular and pager market. =)
._.

{Contact;}

E-mail: webmaster@nettwerk.hypermart.net
Site: http://nettwerk.hypermart.net
Group: http://www.hackcanada.com


				A
			N E T T W E R K E D
			   P R O D U C T

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH