PALM PILOT FUN PART II--
Reach Out and Fleece Someone
by Chris Oakes
12:00 p.m. 11.Dec.98.PST
Wanna make a long-distance call and not pay for it? Got a PalmPilot? Go for it.
Software posted Thursday to a Canadian hacking Web site will turn the PalmPilot personal organizer into an unlimited calling card. The code arrives only days after the revelation that handheld computers can be used to unlock car doors. Handy gadgets.
This latest open-sesame trick isn't doing anything that wasn't possible before. But it should add fuel to what has become a public relations tangle for PalmPilot manufacturer 3Com.
"3Com has not introduced any new risk in this regard," the company said in a statement Thursday about the unit's ability to emulate certain types of electronic car-key codes. "This capability has been around for years in the form of universal remote controls and infrared-equipped laptop computers."
The extensive network of PalmPilot hackers agrees that 3Com cannot be blamed for the locksmith trick, which received widespread media attention this week.
Instead, the developers say the company has created a remarkably versatile electronic organizer that can be adapted to tasks well beyond those for which it was intended.
"If a criminal uses a paper clip to pick a lock, should the manufacturer of the paper clip be blamed?" asked the editor of Hacker News Network who goes by the alias Space Rogue.
The latest hack, known as RedPalm, is really just a new twist on an old trick, exploiting a weakness in older pay phones that phone hackers, known as phreakers, have used for years. The new RedPalm software plays tones through the PalmPilot's speaker that can fool some phones into believing that callers have deposited quarters.
Before the PalmPilot software, the same result could be achieved using easily obtained parts from Radio Shack, or even a recordable Hallmark greeting card. These kinds of devices are known by phreakers as red boxes.
1 of 2 Next Page >>
Reach Out and Fleece Someone Page 2
12:00 p.m. 11.Dec.98.PST
continued
By playing a series of tones at a precise frequency, which are muted in the handset speaker, "boxers" could fool phone company computers into believing that the caller was depositing coins, allowing for illicit -- and very illegal -- long-distance dialing.
But phreakers have been stymied in recent years as phone companies have wised up to the scam.
"We don't have a red-boxing problem in our Bell Canada operating territory," said Bell Canada spokeswoman Karen Hyponen. "We use a pay phone called the Millennium pay phone. It doesn't need to recognize coin [tones to work]."
Hyponen said that Millennium phones are installed in about 85 percent of Bell Canada's territory, which covers the provinces of Ontario and Quebec.
Possession of a red box is a felony in the United States, but the same cannot be said for the world's most popular handheld computer.
"The PalmPilot is an excellent tool for hackers of all types," said Space Rogue, who posted news of the new phreaking software. "Its small size, powerful processor, low cost, and variety of software make it a perfect choice for experiments and tinkerers."
RedPalm's author, who goes by the name Cyb0rg/asm, agrees. He said that none of the PalmPilot hacks are unique to the device; it just happens to be a computer that's very well-suited to the job.
Other shady PalmPilot applications have been devised by hackers, or are in the works. One hack allows the user to decrypt passwords controlling access to network routers, which regulate the flow of data traffic on the Internet.
Members of the LOpht, a Boston hacker collective, are working on a highly portable PalmPilot "wardialer." The wardialer calls one number after another within a single telephone exchange, searching for modems that could offer a backdoor into an otherwise secure network.
If the PalmPilot can be adapted for wardialing, it could theoretically be connected to phone lines in any location and dial phone numbers for days on end.
But as with most software and hardware trickery, the goal is not an actual break-in or theft, the L0pht said. It's the thrill of the hunt that matters.
"It's just to prove that it can be done," said one L0pht member calling himself Kingpin.
Statistics seem to bear him out, at least in the United States. Stephanie Saari of the Western Insurance Information Service said the country's major insurers have not seen a rising tide of car thefts performed by PalmPilot thieves.
"In fact, they're hard pressed to find a single case of it here in the US," Saari said. Instead, it's more of a reminder that technology in the wrong hands can lead to a bad end.
"[The PalmPilot] is a really versatile tool, basically," said Kingpin. "There's a huge developer community similar to Apple IIe days. People got together and made programs for it and it just exploded." |
