Eschew Obfuscation

Below is the text of an email that I sent to someone to post on a forum that I didn’t feel like signing up for that already had a thread going on cloned Treo phones.

Enjoy!

I will apologize up front here as I’m tired and this is mostly just a
way to get past being pissed off at VZW for not watching out for the
customer.

I have a Treo 700p and it was cloned Friday night, just in time for the
weekend. If you’re wondering how to tell if your phone has been cloned,
it’s really easy. Call yourself from another phone. If you get no
indication whatsoever of that call happening, including voicemail
notification, you’re in trouble. If you periodically get through, it’s
likely due to the other phone having been turned off and your phone is
termporarily winning.

I just went through the process of getting my phone back from being
cloned. The most awesome part of this is the complete lack of support
that VZW gives to prevent the inconvenience of having your phone cloned.

The sequence of events:

1. Drive to Vegas for a weekend conference on a Thursday
2. Friday evening, no calls or text messages are getting through to my phone
3. Sunday, while driving back, I have eleven (11) voice mails with no evidence of a missed call or that I might have a voicemail.
4. Sunday night, contact VZW help (611) and find out that:

A) support will try to help you and tell you they believe that
your phone has been cloned. Once they believe that your phone
has been cloned, they will tell you that something is wrong
with the device and you should hard reset it.

This will do you no good, whatsoever. However, I’m pretty sure
that they have a pool running on the other end of the phone to
see how many customers they can stroke out by zapping all of
the data on their phones “on accident.”

B) The cloning and fraud department at VZW only works M-F,
0500-1800 PST. Obviously, this is because your phone can only
get cloned during banker hours. *SIGH*

C) Nobody at VZW can actually look at your account and tell you if
there are weird charges on the bill. In my case, there was no
indication of misuse during the episode and the one phone call
that I did get from the DR was from a local area code.

5. Monday morning, call VZW cloning/fraud department. I had to speak to two separate people to complete my phone transaction.

The first person was very kind and genuinely wanted to help me but
was an idiot. “Yes, Mr. HalfDime, I’m going to send you a text
message with the URL you can use to update your phone firmware
with.”

“But my phone has been cloned.”

“Right. Did you get the text message?”

The second person was pissed off to be alive. They cut me off
every time I started to say something and then seemed to think
that it was obvious that doing a complete restore from backup to
the device would not overwrite the settings just downloaded from
Palm.

Anyway, the information that you will need to get your phone uncloned,
or that you should use to keep from having it get cloned in the first
place:

1. Go here
2. Follow the directions on updating your phone firmware.
3. After the 35 minutes it takes the software to install, call cloning/fraud at the number below:

Cloning/Fraud Dept.
888 483-7200
Hours: M-F, 0500 - 1800 PST only

4. They will “verify” your phone via the following process:

• Dial #2539 - Authorization from verizon host, they send programming to phone.
• Turn phone radio off
• Tell support person when it’s off
• Turn phone radio on
• Tell support person when it’s on

NOTE: It’s very likely that over the air programming ( *228, option 1 )
will not work at this time since your phone has been flagged in
the system as being cloned. It may take a day or more for this to
clear. However, updating roaming ( *228, option 2 ) works.

After updating your phone, the firmware version displayed for the phone
firmware is Treo700p_-1.10-VZW.

According to a treocentral article on the interweb [0] and the Verizon
tech, this flaw is due to there being no AKEY shipped with the phone
firmware and has been known for quite some time. It’s just now coming
up in numbers as it’s been discovered at large. Most of the phone
numbers are being cloned to the Dominican Republic.

The importance of the A-Key is described well by this quote:

“Security of the A-Key is critical in a CDMA system. Over-the-Air
provisioning uses Diffie-Hellman algorithm, making it the best choice
for A-Key programming from the alternatives mentioned above.
Diffie-Hellman algorithm is used for secure key exchange between two
entities so that a third party cannot deduce the value in the process
of exchange.” [1]

What this basically boils down to is that all the information required
to clone a phone is being broadcast unencrypted over the air for anyone
to partake of with very little effort.

Thank you so much, Verizon.

Adding insult to injury, not only did I lose use of my phone for an
entire weekend because my phone got nabbed on a Friday night and VZW
fraud/cloning works banker hours, but I had to perform a 90 minute hokey
pokey to get the new software installed, call back to VZW and then do
the hokey pokey, turn the phone off and on with VZW on the phone.

–HalfDime

[0] http://discussion.treocentral.com/showthread.php?p=1477412

[1] Over-The-Air Provisioning in CDMA, Rohini P.P., Gemplus Technologies, October 2004
http://www.cdg.org/resources/white_papers/files/Gemplus%20Over-The-Air%20Provisoning%20in%20CDMA%20Oct%2004.pdf

written by halfdime

If this takes on the appearance of a rant, I apologize. I have some strong feelings about this topic.

I was talking to someone the other day who commented that I seem to be in a good mood much more often than bad. I told them that I don’t have a reason to be unhappy when I have so much good in my life.

This seems to be a difficult thing for many geeks to do. I’m not really sure if it’s the belief that it’s cool to be grumpy or if it’s just a lack of perspective brought on by being blessed with so much for so long. Regardless, we tend to dwell on the negative and often thrive on contention.

What’s perhaps even more disturbing is that instead of making an attempt to fix the problems we see, more often than not, we grouse about them and then do nothing beyond adding fuel to the discontent of those around us. The true irony of this situation is that we as geeks have an innate ability and drive to fix things. We thrive on fixing things that are truly challenging. Why then do we so often retreat from societal problems?

To be fair, I don’t see this as just geeks. As a society we are moving aggressively away from being a part of the community that we live in. Each person goes from their home to their car to work and back making as few social interactions as possible. We spend too much time tending our devices and not enough time taking care of what matters most. How do we expect any of the societal ills that we perceive to be remedied if we’re only willing to make sure that we’re not contributing to them? When will we decide that it *is* worth our time to help others?

So here’s my hope. If you’ve read this far, maybe you’re willing to do something besides flame me in the comments.

Sign up for something to improve the life of someone around you. The only stipulation that I would make is that you do something you’ve never done before and that you get no recognition of any kind.

If you feel brave, leave me a comment about what you’re doing/have done/will be doing.

p.s. No. I’m not going to blow my own horn. Just suffice to say that I feel pretty comfortable about what I’m doing and have done in the past to call on folks to be more active in the community.

written by halfdime

So I’ve started this insidious little creature known as a blog. I think about it all the time.

I start a thought and then immediately diverge to, “Hey! That would be a good thing to blog about.”

Then I start to compose the blog post in my head and realize it’s, at best, a sound bite worth of information and really isn’t getting anything accomplished in line with my goal for this blog.

So I discard the idea and move on to something else.

After a few seconds, the person sitting across from me who said something that set off the whole chain of events in my little mental detour starts to get a concerned look on their face. You know the look. That, “Hey STUPID! I’m over here.” Pretty soon, it changes to the, “Is he having a seizure” look and if left too long, it becomes the wake up slap.

I’m fully aware of my problem with shiny objects and my coworkers (and my wife to a certain extent) are familiar with the problem and exploit it often.

This new blog thought-hijacking that is going on is just disturbing.

I think I need to find a qualified blunt-trauma specialist to knock some sense back into my dome.

Nah. I think I’ll just take a cue from my daughter and talk until someone hurts me. If I use a tape recorder, I should get at least a month’s worth of blog entries out of it before I lose consciousness.

written by halfdime

It is by will alone I set myself a-jitter
It is by the chemical caffeine that thoughts acquire speed,
the hands acquire jitters.
The lips lose all tact.
It is by will alone I set myself a-jitter.

Caffeine among geeks is very highly regarded. Even those that do not or
cannot consume it understand the benefits and hazards. Being a frequent
flier of the caffeinated skies, I have a pretty good tolerance for the
stuff.

Tonight however is a tale of caffeinated hazards.

I have been having some difficulty getting good quality sleep and
thought that I would try to help myself out by going without caffeine
for awhile.

Can’t hurt, right?

Wrong.

My family went out to dinner tonight and I had 3, yes Alice, THREE Dr.
Peppers with my meal. Why? Because it was yummy. I’d been without for
awhile and was having a smashing romp with my family. At dinner, we
decided to run to Fry’s to pick up some Three Stooges videos to watch
with the kids later.

Fry’s is remarkably busy near close on Fridays. I’m talking 50 people
in line five minutes after the doors close busy.

Getting to the caffeine, I know of at least two things that evaded the
tact filter due to the caffeine:

“Hannah, that man doesn’t want you crawling in his butt.”
“Sure. I’ll do the bump with you.”

Both were said with zeal in my not so petite voice.

In response to the first, a large emo guy carrying an HP printer almost
ran his buddy over trying to get away. For the second, we were awarded
extra space front and back in line.

I love caffeine. I should remember to keep my consumption within 20mg
day to day or things apparently get dodgy. Although I can enjoy this
side effect, the general public seems unwilling to handle it well.

I mean, if a butterfly’s wings can cause a storm, five people trying to
give extra space to a jittery geek is probably going to cause global
warming to accelerate or the earth’s poles to change.

On the up side, it’s 11PM and I’m up to 4 blinks a minute!!

written by halfdime