Posted by: Jeromie Jackson
fraud prevention, hacking, iOS 4.1, penetration testing, phreaking, Redbox, telecommunication security
I came across a post on Twitter about the ability to place calls and view contact information without logging-into the phone.
“When you iPhone is locked with a passcode tap Emergency Call, then enter a non-emergency number such as ###. Next tap the call button and immediately hit the lock button. It should open up the Phone app where you can see all your contacts, call any number, etc.”
I thought this was interesting. Reading the comments I found something however that definitely caught my eye:
- Dial *3001# and press call. You get a “Vote for your favorite developer” screen.
- Dial *301# and press call. You get a message that says “This is a response from short code 301 from LabCore. Powered by Practicallabs”
- Dial *3002# and you get “test for 3002″
- DIal *3003# and you get “this is a test message”
- Dial *3004# and you get “this is a test for short code 3004″
- Dial *3005# and you get “Thank you, your request is being processed. A message will be sent to your phone”
In the 80′s and 90′s phreaking was a very common practice. Individuals, and small groups, would scour phone ranges using tools such as Toneloc and THC-Scan looking for interesting things. You can find the results of a lot of this early work at www.textfiles.com. All kinds of phone testing devices, loops, sweeps, etc. were found along with modem connections to all sorts of devices.
It will be interesting to see what else can be found in iOS and others.
P.S. The graphic above is a picture of an old-school “Red Box.” These were used to simulate the tones a payphone used to identify how much money was inserted. _VERY_ popular back in the late 80′s & early 90′s.