AT&T says rogue employees secretly unlocked hundreds of thousands of phones

19 Sep 2015 | Author: | No comments yet »

AT&T says rogue employees secretly unlocked hundreds of thousands of phones.

AT&T’s customers aren’t the only ones who hated the carrier’s draconian phone unlocking policies. AT&T said three of its employees secretly installed software on its network so a cellphone unlocking service could surreptitiously funnel hundreds of thousands of requests to its servers to remove software locks on phones.Back in 2013, a company called Swift Unlocks would have been one of your best bets if you wanted to unlock your AT&T-branded phone through the sales of unlock codes.

The locks prevent phones from being used on competing networks and have been an important tool used by cellular carriers to prevent customers from jumping ship. The company would sell unlock codes for anything from an iPhone to a Fire Phone, letting AT&T customers wriggle out of their contracts long before the subsidy was paid off.

The company’s lawsuit against the employees, first reported on by Geekwire, has eight defendants, including Swift Unlocks, the California company accused of masterminding the entire plan. California-based Swift Unlocks, which allegedly orchestrated the scheme and in turn sold the illicit unlocking services to AT&T customers, is also being sued. Consumers are legally allowed to request that their carrier unlock their phones — once they’ve been paid off in full — so that the phone can then be connected to a competing carrier’s network.

They can be electronically removed, usually after fulfilling a contract obligation, but many websites offer the same service for a small fee with no questions asked. According to the lawsuit, former AT&T employees Marc Sapatin, Nguyen Lam, and Kyra Evans, who worked at an AT&T call center in Washington back in 2013, were approached by Swift Unlocks. The unlocking of smartphones has been a hotly debated issue as the Federal Communications Commission has introduced new rules over the past few years. Sapatin and Evans would be paid at least $10,000 by the company between April and October of 2013, according to Prashant Vira, who operates Swift Unlocks, so long as they agreed to install a remote access tool, which would allow Swift Unlocks to instantaneously have access to any unlock code. But carriers are not obligated to unlock them except in certain circumstances, such as when customers have paid off their contracts or device financing plans.

Most carriers, including AT&T, often sell phones at discounted rates because they know they can recoup that money by selling their own wireless services for the devices. District Court for the Western District of Washington in which it accuses two companies, four people and an unknown software developer or developers, of participating in the audacious scheme.

To make sure customers stay long enough to pay back the phone subsidy, carriers install locking software that won’t allow phones to work on other carriers’ networks. AT&T was able to trace these requests to the three aforementioned former employees due to each making these unlock requests under their employee codes. Smartphones are “locked” into carriers, forcing customers who buy a phone for one provider stick with that company if they don’t want to buy another phone.

Once you’ve paid off your wireless contract, the FCC now requires carriers to give customers an unlock code that will allow them to take their device to another wireless provider — if they so choose. The carrier first discovered something was amiss in September 2013 when a surge in the number of unlock requests alerted the company to the possible abuse of “Torch,” the software used to unlock cellphones, it said in the complaint. The lock lasts at least until the customers’ initial contract is up and, even then, a lift on the lock must be specifically requested by the customer.

The carrier, the nation’s second largest, says the defendants created a software program that allowed an external server to issue unlock permissions to AT&T phones. On the computers of Evans and Sapatin, investigators found unauthorized software intended to route unlocking requests from an external source through AT&T’s computer system, it said. Unfortunately for the accused, those requests were still being made under their own employee codes, so the company quickly traced the new requests back to them. “It’s important to note that this did not involve any improper access of customer information, or any adverse effect on our customers,” an AT&T spokesman told The Verge.

Things didn’t stop there, however, as Sapatin allegedly tried to bring other AT&T employees into the fold, with Sapatin telling one employee “that she would make $2,000 every two weeks through her participation in the Unlock Scheme,” wrote AT&T. AT&T says its investigators uncovered numerous iterations of the software, which grew in complexity until it was eventually able to submit the automatic requests. During the same period, AT&T was hacked by a criminal organization looking to unlock stolen phones before selling them, a breach that also resulted in a $25 million fine from the FCC. On the company’s website, it describes why someone would want to unlock a phone, saying it can make switching SIM cards for international travel easier, allows you to fetch a higher price when reselling your phone and makes it possible to switch carriers to take advantage of promotions.

The malware allowed commands to be issued from a remote, unauthorized server and used “valid customer service personnel identification numbers” to process automated unlock requests without proper authorization, AT&T wrote. Vira, and about 50 others who haven’t been identified yet, are then accused of running programs designed to use the employees’ credentials to access the unlock codes. Sapatin is accused of trying to recruit another AT&T employee to join the scheme, telling the worker all she needed to do was click a link provided by someone else to download the malware.

Early versions of the malware “gathered confidential and proprietary information regarding AT&T’s internal applications and computer systems and transmitted that information to John Doe Defendants 1-50 through the remote server,” AT&T said. “The John Doe Defendants used that information to adjust the malware to specifically facilitate the hacking of [AT&T’s customer service] application and then sent revised malware files to Evans for installation.” These John Doe defendants also re-sold fraudulently unlocked phones, AT&T alleged. The alleged scheme is similar to others “in which illegal operators buy or steal large quantities of phones (prepaid or with term contracts), unlock them, and resell them in foreign markets that do not subsidize the devices,” AT&T wrote. AT&T is seeking financial damages in an amount to be determined at trial, and injunctions preventing the defendants from continuing the alleged activity. UPDATE: After this published, AT&T sent Ars a statement, saying, “We’re seeking damages and injunctive relief from several people who engaged in a scheme a couple of years ago to illegally unlock wireless telephones used on our network.

Here you can write a commentary on the recording "AT&T says rogue employees secretly unlocked hundreds of thousands of phones".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site