AT&T Says Malware Secretly Unlocked Hundreds of Thousands of Phones 123
alphadogg writes: AT&T said three of its employees secretly installed software on its network so a cellphone unlocking service could surreptitiously funnel hundreds of thousands of requests to its servers to remove software locks on phones. The locks prevent phones from being used on competing networks and have been an important tool used by cellular carriers to prevent customers from jumping ship.
Doesn't sound like malware to me. (Score:5, Insightful)
Just sayin.
Or at least, stretches the definition of "malware" to the breaking point.
Re: (Score:2)
Re: Doesn't sound like malware to me. (Score:2)
tl;dr: nobody really cares if you suck at syllogisms, but you look ridiculous when you try to claim that it's because you're j
Re:Doesn't sound like malware to me. (Score:4, Insightful)
Re:Doesn't sound like malware to me. (Score:5, Informative)
I guess I tie the idea of "malware" to two concepts:
1) Mal, as in harmful to the user.
2) Ware, as in software.
To me, "malware" as a concept is basically about end users. It is software that is installed by endusers that does something contrary to what they expect, possibly without their knowledge, that is harmful to them. Malware is inherently deceptive, and the method of its deception is posing as something else. It is directed from bad actors toward strangers that these actors wish to exploit. It is a numbers game, a volume game.
This was not installed by end users, it did not pose as something else, and the harm was directed at an organization by individuals within the organization. It was not distributed widely, but was a single instance. I'd call this a "hack" or a "sabotage" or an "embezzlement" of some kind before I'd call it malware. Maybe a new term is needed.
But it seems a big jump from the widespread distribution of a Windows wizard to millions of hapless end users all the way to the willful and direct modification of company equipment by employees for gain.
Re: (Score:3)
I guess I tie the idea of "malware" to two concepts:
1) Mal, as in harmful to the user.
2) Ware, as in software.
You're using the wrong interpretation. "Mal" is a short form of the German "Einmal", sometimes. "Ware" is goods or commodities or a product. So AT&T's service is "sometimes product", i.e. you pay for their phone service and sometimes the product is delivered.
Re: (Score:3)
Depends on which side of the desk you are on. There are some "software" developers that would consider antivirus malware.
lets see if it looks like malware
extorts me to buy the next better version, - so adware at the least
eats ram
eats proccesor
hides itself in installers for other programs,
hard to remove and removing can break the host system when doing so
looks like malware to me.
Re: Doesn't sound like malware to me. (Score:1)
If you mean all the spying AT&T software that came preinstalled, along with the gigabyte+ of "critical system software" (like uber) that AT&T forced on my phone before I rooted it, then yes there is malware on their network.
Re: (Score:2)
hides itself in installers for other programs,
???
referring to anti-virus software in the parent post
Re: (Score:1)
Re: (Score:2)
Sounds more like what might be termed "beneware" rather than "malware".
Re: (Score:2)
My first thought as well. I guess malware is in the eye of the beholder.
Re: (Score:3)
It's malware that was installed on the company's servers. It's for a "good" purpose, but it's malware just like the malware installed in Office Space to funnel fractions of pennies off of transactions.
Good guy teleco emplyees... (Score:5, Insightful)
Re: (Score:3, Informative)
In the US, carriers are now required by the FCC to unlock a phone on request, if the phone is not still on a subsidy contract.
It's been like this for about 2 years now.
Re:Good guy teleco emplyees... (Score:5, Insightful)
In the US, carriers are now required by the FCC to unlock a phone on request, if the phone is not still on a subsidy contract.
It's been like this for about 2 years now.
Yeah, have fun going through that "request" with AT&T. It is damn near impossible to get them to unlock a phone.
Re: (Score:2)
Re: (Score:3, Informative)
What? I've done this with AT&T several times. You go to their website, enter your phone information (and it includes details on how to get it), and it sends you an email with exactly what to type on your phone to unlock it. The whole process only takes a few minutes.
Re:Good guy teleco emplyees... (Score:5, Informative)
This, pretty much. I went round and round with AT&T trying to get an off-contract iPhone 4 unlocked for over a year before I ended up trading it in for double-credit on a iPhone 6 for my wife for far more than it would have sold for on eBay or the like even unlocked. They just kept declining it with no explanation, and the customer service reps were no help.
Re: (Score:2, Interesting)
Honestly bet those customer service reps have the instructions available to help with unlocking a phone but instead claim ignorance when asked because it usually takes time to explain over the phone to someone not already somewhat technically adept.
They do this to avoid higher average handling time metrics so they dont get churned out of the call center.
setting the system up like this is a brilliant means around the requirements of the FCC if this is malice rather than just accidental.
Re: (Score:2)
In Australia they used to do something similar. Then we got the Telecommunications Industry Ombudsman, and that organisation had teeth. Not only do they ensure that companies comply with the law in ways the FCC simply lacks the balls to do, but they also bill the telecom companies per complaint for their services regardless if they have merit.
Pretty soon the companies found out it was cheaper to unlock a customer's phone rather than get a bill for a TIO investigation into a complaint, not even taking into c
Re: (Score:1)
Some people do pay more than one company - especially if you travel a bit and have a dual-band/sim phone. I know when I visit relatives in Canada, I have a SIM I got just for the provider in their area (prepaid), while the other slot holds the SIM I use here at home (contract).
I imagine it's much the same going from the US to Europe or Asia and vice versa.
Re: (Score:2)
Yes but that is by necessity. You wouldn't do the same thing in the same area. And even if you did what difference does it make to the company which contracted you the phone? I don't magically get to stop paying the first company just because another company's SIM card is in the phone.
Re:Good guy teleco emplyees... (Score:5, Informative)
I had at&t unlock my iphone a few months ago and it couldn't have been simpler. I did it from their web site with a very simple form and it was unlocked within 2 days.
Maybe I was just lucky, I don't know, I'm just a sample of one. I have no love for AT&T, but at least that worked well for me.
Re: (Score:1)
i think the website process works, calling their "help" to get it done old fashioned way, you know with customer support!! is a nightmare.
i wonder if they make it such a miserable process because they know older people will be doing it the call-in method and if frustrated enough will just stick around till dead anyway.
Re: (Score:2)
I got Cricket (owned by AT&T) to unlock a freebie phone after the required 4 months (I think they now raised it to 6). Just went to their chat support, made the request, no problems.
This may be just another example of prepaid being better than postpaid.
Re: (Score:1)
With tmobile, the same exact phone and data amounts cost substantially less with prepaid than with billed payment.
The salesperson tried to upsell me so I asked her what it would cost... about $30 more. I showed her and she gave a rueful smile and dropped the subject.
I'm retired and going to a Tmobile prepaid phone from Sprint has given me a free hotspot, a gig of data a month (which I never use even tho I play a lot of boom beach in odd places), and saved me $73 per month vs Sprint. I have unlimited music
Re: (Score:2)
Re: (Score:3)
That's a horrible rip-off. I pay half that much for two and a half times as much data with T-Mobile.
Re: (Score:1)
And a quarter of the coverage....
Re:Good guy teleco emplyees... (Score:5, Informative)
I think it's pretty well known that T-Mobile is not the carrier of choice if you're looking for extensive rural coverage. If you need that, my impression is that Verizon is the way to go. But if you're in an urban area 99% of the time, T-Mobile is amazing given their prices and their perks, i.e. free unlimited data and text when traveling overseas. (I think most people don't realize just how unprecedented it is to have unlimited data when roaming abroad, and to date I know of no other carrier in the WORLD who offers that.)
Re: (Score:2)
T-Mobile is amazing given their prices and their perks, i.e. free unlimited data and text when traveling overseas
Except for those who don't get free text and data when traveling overseas. If I wanted to pay T-Mobile twice as much as I'm currently paying (for the same service) I could maybe get free text and data during the 5% of the time of the year I'm overseas. I say "maybe" because whatever T-Mobile says I don't believe until I've seen it happen.
Like a couple of months ago when I called customer service specifically to talk about text and data while I was overseas and was told I would get free texts and data whi
Re:Good guy teleco emplyees... (Score:5, Insightful)
Yes T-Mobile coverage is worse, but even at 1/4 the coverage, that only translates to about 2 times a year on average where I don't have service when someone with ATT or Verizon does.
I am willing to save hundreds of dollars a year if the only downside is being minimally inconvenienced. The yearly savings for me is more than the cost of a new phone (~$720).
Re:Good guy teleco emplyees... (Score:5, Interesting)
I am willing to save hundreds of dollars a year if the only downside is being minimally inconvenienced. The yearly savings for me is more than the cost of a new phone (~$720).
What convinced me the other carriers are crooks is how they advertise the prices for their plans and then tack on another $20 to actually use a phone with those plans. Huh? $60/month for 12Gb, but actually using a phone to get to that data adds $20/month? That's, I think, Verizon's current advertising for their "one plan" that actually four different plans with different amounts of data.
I almost signed up with AT&T at what I thought would be a good rate, and then was told "and add $40 if you want to use a phone on that plan". I told the guy I already had a phone, I didn't need a new one, and he told me it wasn't to GET a phone, it was to USE my own phone.
That's like selling a car for $100, but add on another $20,000 if you want it to actually be able to move.
Re: (Score:2)
That's like selling a car for $100, but add on another $20,000 if you want it to actually be able to move.
$100 for the car, biometric access control on locks and ignition with $1000 a month license fee for each driver to be enrolled
Re: (Score:2)
I pay $35 for pretty much the same deal as the Verizon loyalty plan on Cricket, and I get AT&T coverage rather than T-Mobile. I find it's quite a lot better, worth the extra $5 a month to me.
Of course, the $500 subsidy on the gp's phone phone is worth $20/month, so if you want that phone the Verizon deal is pretty good, especially considering that their coverage is even better than AT&T. I'm not willing to call 3 different people to get that though.
Re: (Score:3)
Went from verizon to straight talk for 2 phones. The cost difference paid for both phones in 5 months.
I don't mind dropping $150 a phone for decent handsets when I'll end up saving $1140 over a 2 year verizon family plan.
Re: (Score:1)
If only the idea of a carrier-locked phone could be made illegal... It would put more pressure on the companies to actually come up with decent pricing and plans to secure their customers!
Having all phones unlocked would have no effect on plan pricing in the US. There are already reasonably priced plans out there from MVNOs. You just have to pay full price for your phone and sacrifice some on customer service. It might have some effect on the price of the phones themselves but the only sure result is that you would have to pay full price for your phone up front all the time, and only those with the very best credit would be able to use installment plans to pay for phones.
I wish my phone had been hit! (Score:3, Interesting)
I was out of contract over a year ago, but I'm still fighting to get mine unlocked.
Re: (Score:1)
you can solve this by only buying nexus phones, which are always unlocked.
Re: (Score:3)
Re: (Score:3)
http://www.verizonwireless.com... [verizonwireless.com]
http://www.att.com/cellphones/... [att.com]
http://shop.sprint.com/mysprin... [sprint.com]
Re: (Score:2)
Re: (Score:1)
Not true. I paid for my Nexus 6 in full from AT&T, and mine was locked. I had to use one of these services to unlock it to switch to google Fi because "we have no record that you paid for that phone in full".
Re: (Score:2)
Re: (Score:1)
Personally, I would demand the phone be unlocked upon final payment.... And I have done that a couple of times.. Keeping the receipt is nice, but having the phone already unlocked is better...
Re: (Score:1)
If AT&T wouldn't refuse... (Score:1)
To unlock out of contract phones then this probably wouldn't have happened.
Re: (Score:2, Informative)
Just go in a physical store and refuse to leave until they agree to do it. I've gotten five iPhones that my family has owned unlocked by doing that. They'll tell you that you have to call 611 to get that done, but keep fighting.
Re: (Score:1)
Nobody every audits logs.
Welcome to the real world.
Heros (Score:1)
Sounds more like this to me "3 employees saved hundreds of thousands of phones from AT&T's network".
Re: (Score:2)
"Sounds more like this to me "3 employees saved hundreds of thousands of phones from AT&T's network"."
Saving is no use to you if you don't notice it.
Re:So, heroes? (Score:5, Funny)
was thinking more like 'Schindler's List'
We need an antonym for malware (Score:3)
Re: (Score:2)
Re: (Score:3)
Depends... (Score:2)
on your definition of "fight". It need notbe violently.
Re: (Score:2)
Yeah, BadHorseWare sounds better.
Re: (Score:2)
The software was running on AT&T systems, making AT&T the user. From the user's perspective, the software was malware. Therefore, the headline is accurate.
If it were running on the phones themselves, making the phone owner the user, then it would not have been malware.
Re: (Score:1)
How about bonware? The mal in malware comes from the Latin word malus, which is an adjective for evil. The Latin adjective for good is bonus. So let's call this bonware.
Re: (Score:2)
In this case, perhaps "liberationware".
Re: (Score:1)
Naw, we just need a law that carriers must AUTOMATICALLY unlock a phone that was paid for. So when your contract is up, your phone gets unlocked w/o you having to ask for it.
Re: (Score:2)
de-ransomware = liamneesonware
Re: (Score:2)
Malware : Benware
Re: (Score:2)
The reality is the whole mess makes no sense at all. They have you on a contract where you agree to pay a set amount each and every month whether you use their phone (theirs until you finish the contract) whether you use it on their network or someone elses (they save money if you use it on someone elses). Stop making payments on that contract and after some warning they can report the phone as stolen. In many countries that means they can block the phone from connecting to any network. So it makes no sens
Re: (Score:2)
This reminds me of the Nachi worm. It infected computers using the same attack vector as Blaster and then proceeded to patch against Blaster and move on without a destructive payload.
Kind of like Windows 10 forced updates but in worm form and from a company less shady than MS :-)
Says they (Score:2)
Re:Freedom of choice (Score:5, Insightful)
It's sad that i have more freedom of choice in countries far less "democratic" and "liberal" than USA, than i do in USA, in terms of technology and telecommunications.
So true. I travel to Cambodia & Vietnam once or twice a year. In Cambodia or Vietnam you can literally walk into any phone store, buy literally any phone, then walk outside to a SIM-chip kiosk (they're every where, staffed by lovely young ladies) and buy a SIM card. Stick it in your phone and *bam*, you're on the air. None of this shit about carriers or contracts or networks or compatibility or any of that stuff- any phone with any SIM works everywhere in the entire country.
The result is that carriers compete to offer the lowest prices with the most features. And it works- $10 to $20 a month gets you service with all the stuff the highest-cost plans here in the US have.
White hat malware? (Score:2)
What do we call this now? Is it white hat malware?
Works for me (Score:2)
Now this is some malware I can get behind.
Someone should start a Kickstarter to fund some malware like this.
Cue the world's smallest violin (Score:2)
playing the AT&T theme song
I don't believe it .. (Score:2)
Jaaaaaail break.... (Score:2)
This is clearly not malware (Score:2)
Phone locking it's stupid (Score:2)
Money (Score:2)
If i have a contract, i can't cancel it before the contract allows me to without a penalty, so, why do you lock my phone?, i'd still be under the obligation of paying for the service?. Phone network locking shouldn't be a thing, it's beyond stupid.
Money.
First, they don't want you to switch services. If they make it harder, or make it more likely you'll wait till a certain time and then forget, they make more money.
Second, they won't collect that penalty. They will collect it from some people and then collect a percentage of it by selling it to a debt collector.
Ironic! (Score:1)
Now I'm conflicted (Score:2)
Does the world really have room for multiple superheros? I'd hate to forget about Mr. Snowden, but these guys certainly did something a bit more practical, which is always a bit plus in my book.
In any case, I think a Nobel prize is in order. If there's any debate about which Nobel prize, I say we just award them prizes in multiple categories.
Unlocked phones (Score:1)
Jumping ship? (Score:2)
an important tool used by cellular carriers to prevent customers from jumping ship.
Handset locks don't stop anything, it is contract law which ensures people pay for the remainder of their contract terms... Handset locks just decrease the usefulness and resale value of the handset, while creating an artificial grey market in unlocking methods.
I intentionally avoid any operator who supplies locked handsets.
Re: (Score:1)
an important tool used by cellular carriers to prevent customers from jumping ship.
Handset locks don't stop anything, it is contract law which ensures people pay for the remainder of their contract terms... Handset locks just decrease the usefulness and resale value of the handset, while creating an artificial grey market in unlocking methods.
I intentionally avoid any operator who supplies locked handsets.
The purpose of locked phones isn't to keep people from switching carriers. Having similar plan pricing, focusing on "best coverage" in specific areas, employer discount programs, retention offers, different network technology and most importantly individuals own reluctance to change does that.
Lots of people want to believe that the big companies lock phones to trap them but the real reason is fraud. Cell phone fraud is a lot bigger than most people think.
It works like this: Company A sells phones and se
Oh boohoo! (Score:2)
boo freaking hoo, spying, lying no good AT&T.