Feeds

BT Cellnet PUKs up phone security

A mobile unblocking free-for-all

  • alert
  • submit to reddit

Beginner's guide to SSL certificates

Updated A new BT Cellnet automated phone service has left security observers and mobile operators despairing. The company has brought out a touch-tone service that will give you the PUK for any BT Cellnet phone - all you need is the mobile's phone number.

PUK stands for Personal Unblocking Key, and is the eight-digit number you get on your SIM card certificate when you buy your phone. If you've got the PUK, then you have the ability to insert a new PIN number.

Which is useful if you've locked your PIN by getting it wrong three times, or if - just say - you didn't know the number in the first place.

So if someone had your phone and knew its calling number, they could easily override PIN security and then insert their own PIN. By making the PUK numbers for any phone instantly available to anyone and everyone, BT Cellnet has put a big question mark over phone security.

As an indication of the sensitivity of the PUK number, we have been unable to find any other mobile operator in Europe which will admit to providing it without significant evidence that the caller is the owner of the phone. In the UK, Vodafone assured us that someone will have to pass a full ID check, including various passwords, to be given their PUK number.

Orange and One2One have so far failed to get back to us, but the advice on their respective Web sites asks for the same form of identification.

BT Cellnet has yet to respond to our queries. We'll keep you informed.

Update

Contrary to what Vodafone told us above, it does have an automated service that will give you the PUK number if you tap in the mobile number. But only if it’s a Pay-as-you-talk phone, so the potential for running up fraudulent bills is greatly reduced. ®

Related Stories

IMEI numbers no antidote to mobile fraud
Jack Straw shoots back in the Net
How to get back your nicked mobile

Choosing a cloud hosting partner with confidence

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
Turnbull should spare us all airline-magazine-grade cloud hype
Box-hugger is not a dirty word, Minister. Box-huggers make the cloud WORK
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
Do you spend ages wasting time because of a bulging rack?
No more cloud-latency tea breaks for you, users! Get a load of THIS
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.