Monday, July 21, 2008

GPRS billing hack

GPRS billing hack
> Presumably one would have to hack into the internal network to get > access to the (private?) i.p addresses that are being assigned to > customers. (Or are they not private - can I ping them from the net?)
It depends. Some operators (including mine) use Network Address Translation (NAT) to provide ip addresses from private network to the clients. This would also efectively stop the "gprs billing hack".
Some operators provide the ip addressses from public ip space which is is efectively the same as connecting any normal computer to the internet. In this case (if there is not any firewall between) you can send packets to the handset. Still, this does not mean that you could somehow steal money from the packet charges.
The overbilling scam they described is basically just pinging a host (handset) in Internet. In the old days when ISP:s charged by the traffic you could do the same "attack" to some poor company by floodpinging their webserver. Was that called "hacking into ISP billing system"? I dont think so :)
There were some valid point brought forward in the article. First, don't think this about wholesale theft form wireless carriers; rather,this is about the erosion of consumer confidence in per-packet billing.
DoCoMo already has a monthly 500yen kickback to consumers that acknowledges the fact that they don't own and can't control the Internet. The reality is that there is enough strange and wonderful stuff going on in the Internet that per-packet billing is tenuous at best.
...and for all those telcos and governments out there who's revenue models depending on per-(whatever besides monthly) billing, that hashuge implications. These folks consider a departure from per-packetbilling to be theft outright.