Feeds

BT Cellnet PUKs up phone security

A mobile unblocking free-for-all

  • alert
  • submit to reddit

Top 5 reasons to deploy VMware with Tegile

Updated A new BT Cellnet automated phone service has left security observers and mobile operators despairing. The company has brought out a touch-tone service that will give you the PUK for any BT Cellnet phone - all you need is the mobile's phone number.

PUK stands for Personal Unblocking Key, and is the eight-digit number you get on your SIM card certificate when you buy your phone. If you've got the PUK, then you have the ability to insert a new PIN number.

Which is useful if you've locked your PIN by getting it wrong three times, or if - just say - you didn't know the number in the first place.

So if someone had your phone and knew its calling number, they could easily override PIN security and then insert their own PIN. By making the PUK numbers for any phone instantly available to anyone and everyone, BT Cellnet has put a big question mark over phone security.

As an indication of the sensitivity of the PUK number, we have been unable to find any other mobile operator in Europe which will admit to providing it without significant evidence that the caller is the owner of the phone. In the UK, Vodafone assured us that someone will have to pass a full ID check, including various passwords, to be given their PUK number.

Orange and One2One have so far failed to get back to us, but the advice on their respective Web sites asks for the same form of identification.

BT Cellnet has yet to respond to our queries. We'll keep you informed.

Update

Contrary to what Vodafone told us above, it does have an automated service that will give you the PUK number if you tap in the mobile number. But only if it’s a Pay-as-you-talk phone, so the potential for running up fraudulent bills is greatly reduced. ®

Related Stories

IMEI numbers no antidote to mobile fraud
Jack Straw shoots back in the Net
How to get back your nicked mobile

Beginner's guide to SSL certificates

More from The Register

next story
It's Big, it's Blue... it's simply FABLESS! IBM's chip-free future
Or why the reversal of globalisation ain't gonna 'appen
IBM storage revenues sink: 'We are disappointed,' says CEO
Time to put the storage biz up for sale?
'Hmm, why CAN'T I run a water pipe through that rack of media servers?'
Leaving Las Vegas for Armenia kludging and Dubai dune bashing
Microsoft and Dell’s cloud in a box: Instant Azure for the data centre
A less painful way to run Microsoft’s private cloud
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Windows 10: Forget Cloudobile, put Security and Privacy First
But - dammit - It would be insane to say 'don't collect, because NSA'
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.