[Cryptography] Bizarre behavior of a non-smart mobile phone

[mok-kong shen]

Am 18.05.2017 um 13:42 schrieb Philipp Gühring:
> Hi,
>
> I have been investigating mobile phone security, down to the hardware
> level. What you describe does not sound like hacking to me, since randomly
> calling people from the addess book does not make any sense from any
> attacker point of view that I can imagine at the moment.
> One thing that it reminds me of is the bad or missing keyboard-lock
> mechanism on some phones. Some phones had such a bad keyboard-lock that it
> often happened that it got unlocked when you had it in your pocket, and
> then it started calling random people. But that scenario sounds unlikely
> at home in the night during sleep, when your mobile phone most likely lies
> somewhere on a table, without any external pressure like it would be
> inside a pocket.
Since even you as expert couldn't, I presume, prove stuffs in the math 
sense on that
theme, I must say that there are apparently differences in our thoughts 
and that It's
unfortunately futile IMHO in practice to detail our different views on 
the potentially
possible motivations of  the hypothetical hacker, who I think could 
range from persons
doing things just for fun (quite a number of hackers of the very first 
generation were
such, if I don't err) to ones on the payroles of nation-states.
> Did it called the last person that was previously called, or a random
> person from the address book that wasn't called previously?
It seems (I conjecture) that the scheme was simply arbitrarily (randomly)
selecting an entry for doing the call. I unfortunately don't have 
sufficient data
to help clarifying this issue, because I quickly thought of and applied 
a remedy
to that trouble: I deleted all occurrences of telephone numbers of my 
friends
in the device.
> Does it have Bluetooth? Are you using bluetooth?
> Do you have a headset or microphone plugged into the audio socket of the
> phone?
>
> With Bluetooth or with the microphone, most phones can get the signal of
> the call button. With some EMI noise, and when you have plugged in headset
> or microphone with a cable, it's possible to remotely simulate those
> signals, and get the phone to call. In that case, I would expect it to
> call the number that was previously dialled.
It's (in my layman's terminogy) a non-smart mobile phone, i.e. of design 
of an earlier
generation, not capable of Internet access at all, if I don't gravely 
err. It has a hole
for headset but I have never employed it. (BTW, you might be surprised 
that Bluetooth
is "almost" a foreign word for me.)
> Which vendor is it from?
> Which model is it?
> Is the phone original, genuine?
> Did you install any Apps on it?
Its from SWISS+ONE,  SC330. The phone (also the 2nd one) was in original 
package.
There is no possibility for me to install any Apps on it. (It's 
different from a smartphone.)
> When you exchanged the phone with a different phone of the same model, did
> you do it with the same SIM card, and perhaps with the same memory card?
> Have you tried, whether it also happens with a different SIM-card?
> Leave the memory card out over night, just to rule that out as a possible
> reason as well.
>
> Regarding the security of the firmware: For most phones, I think that it
> is possible to update the phone over the wireless network, if you know how
> to do that. (Which is generally only known to the vendors that produced
> the phone)
> Now what you could do is to read out the firmware from your phone, and to
> try to get a firmware update from the vendor with the version that you
> currently have, and then you could compare those two, and see whether
> anything has been changed or modified or hacked.
>
> How much of your time are you willing to invest and how much money are you
> willing to invest into finding out the reason?
>
> By the way, the paper you found about 5G network security is about the
> security of the network itself, not about the security of the end-devices
> like your mobile phone. That's a slightly different topic, but also
> slightly related.
>
> Another thing you could do is to get some diagnostics equipment, to
> diagnose what exactly happens before those calls, what initiates them, ...
>
I don't know what you meant with "memory card" (I inserted a SIM card 
into it for it
to work, there isn't any other card I can see.) I use the same SIM card 
for the second
(exchanged) device as on the first device. Concerning updates over the 
wireless network,
my layman's conjecture (please tell me if I am wrong) is that's 
"definitely possible". For
I have a pre-paid tariff and  hence I believe the service provider must 
have a standing
possibility of connection with the device at least for accounting 
purposes. That's why
I conjecture that there could be a point of vulerability on that path 
for a hypothetical
hacker to exploit.

I regret that on the one hand I am (because of curiosity etc. etc.) 
interested to know
what/how actually happens in connection with the phenomenon but on the other
hand I am not ready to invest non-trivial time and money of mine into an 
investigation.
Allow me to explain a bit on this. I had previously an old device of 
another brand
that the person at a repair shop thought its SIM card was possibly 
defective though
he didn't know the exact cause (It's not worthwhile for him to further 
investigate)
and said it's advisable to simply buy a new device. To save money, I 
decided to buy
an old-fashioned one and not a smartphone. I paid less than 30 Euro for my
current device. It should be clear how much I would like to invest for a 
scientific
investigation of the issue. Since now that it is impossible for the 
device to call my
friends automatically, there being no such numbers for it to call, the 
device actually
works well for me, though rather inconveniently, as I have often to look 
up before
calling the telephone numbers of my friends in a list on a piece of 
paper in my purse.

M. K. Shen