Saturday, March 29, 2014

MSISDN to User agent - or how I had abilities to know which useragent any client of Orange has ,only by using his phone number

By Amitay Dan


I didn't hack into Voyager which is Car Phone CP200.
 I've managed to find the merging between phone numbers and models of the clients who has it in the cars over Israel.

The company who had the problem is Orange.
Yet,I believe that's people have to be protected,and this story can show you why.
Hacking cars  by the phone is nothing new, and many people are speaking about it.

Personally,I have managed to do more projects related to cars system hacking, in here you can see the intelligence gathering before attack.

 I believe that's Voyager is a great phone, I believe that's Orange Israel are innovative company.
Yet,you can't forget security what you jump into the future, and that's what this Car Phone did.

If you like to be part of the general innovation activity in Orange Lab you might contact them here


This story based on the truth

This story started from learning, I was studying about MSISDN and another basic GSM and telecom words.

Since I like Google, I was thinking, lets see what's happened if I'll do use some magic words based on my country, which is  Israel.( linguistic Google dorks)

I was playing a bit and very fast I got the bingo,  msisdn ,like a magic I got  the treasure in my screen 'portalXml Web Service - Orange' appears in my eyes.

 From there. it was just about typing number and seeing what kind of model he has.
Some people have the Idea that's model type is really nothing, well not so much.

There are many ways to use it, let's mention couple of them:

1.Jews Kosher phone and Kosher Numbers
Jews Orthodox in some groups are not allowed to use smart phones, using Orange system attacker had abilities to know what kind of phone the target have.
This can lead into breaking the wedding, according to new Rabbi white paper.
In other situation people can loose their jobs 
and they forced to buy Kosher phones ways, well 1984 ...

Personally, I do understand what's is the problem, they can't handle naked women or other Internet problem. But whom who choose to have smart phones need to be protected since its privacy issue., to make it fun I choose to show how this system gave the abilities to hunt new Car Phones, with the model CP200.
This phone has been manufactured by TCT and being sell by Orange (Partner )
with the Voyager ,this phone has been designed by Accel Telecom as shown in MWC and here

The phone is really what you want, if you like to feel what future is-related to connected cars, yet, this phone can lead into cyber-attack since it's connection to car computer by RS-232/RS-485/ OBDII.

Back to the story, after a while I got someone who have Voyager in his brother's car.
A short test was all I had to do, and then I saw the text CP200 Orange build appears in my eyes. Bingo!

I did wrote two articles about the issue of who easy is to target numbers,which are in Arithmetic Series,and why this can lead into cyber attack against cars.
In here you can see the proof,any client of Orange who has this phone was compromised.

3.All the clients- It was easy to start by saying that's all the client of Orange are compromised,since attacker who know thier's phone model can hack into the phone by simple text message,wap push message or another kind  cyber magics.

Any client of Orange Israel is easy target as long as someone used this data 

This story has been published in the following places: