Jump to content

Huge data charges from Orange

Guest mortalwombat

By Guest mortalwombat
in Smartphone General Discussion

 Share

Recommended Posts

Guest mortalwombat

Guest mortalwombat

Posted
Posted

Hi Folks,

I use my C500 for business across Europe. I am well aware of the huge charges that are incurred for data when roaming. A recent Orange bill claimed that I had downloaded over 42 MB of data on my phone whilest roaming in Denmark (I am based in the UK).

I know for an absolute fact that I did not download anything close to this, at most i would have downloaded a couple of hundred KB, (Orange charge roughly 7-8 quid per MB when roaming, so they are trying to leach 360 quid out of me for these data charges) :evil: .

My question is this:

Is there any way that my phones GPRS connection could have been "hijacked" via Bluetooth without my knowledge? Is there any other method by which data charges could be incurred on my phone without my knowledge? The timing of the majority of the alleged data charges coincided with when I was in the business lounge at Copenhagen airport (lots of folks with hi tech gadgets sitting around waiting for someone like me perhaps?)

Thanks in advance for any info or ideas you may have!

Regards,

MW

Guest awarner [MVP]

Guest awarner [MVP]

Posted
Posted

Do you leave your bluetooth always active ie set to discoverable?

You would not have been "bluejacked" but rather been a victim of "bluesnarfing"

The big concern about bluesnarfing is that it means attackers can access your entire phone contacta data etc and also your IMEI. This can result in you phone being ilegally cloned.

The other possibility is a "bluebug" attack, this method creates aserial profile, this can then take full control of your phone including all call and data features.

If you were attacked just to use your connection you would have had to remain in one area for a long time as 42MB is a lot a data to be transmitted and downloaded.

If your phone was cloned then that's another matter, but as you mention the data apperas to be in the same area at the same time rather than spread out over the day etc.

People love to rant and rave on how much of a "must have " BT is but the security is so poor in high risk areas the risks are too great.

Guest mcwarre

Guest mcwarre

Posted
Posted

Did you have outlook to check email every so-often? This might add a few k more but not 40mb....

Guest mortalwombat

Guest mortalwombat

Posted
Posted

Hi AWarner

I usually leave Bluetooth in the "on" mode as opposed to "discoverable". I know it was either on "on" or "discoverable" but I cannot be 100% sure which.

The Bluesnarfing thing sounds quite alarming! I would assume someone at Orange Technical Support knows of this phenomena... ;)

Orange have been less than helpful in resolving the issue. They initally asked me to write to a specific department to request a detailed breakdown of the data charges. The increase in detail between that and my normal bill was pretty small... they just added the time at which these downloads occured.

I rang CS again and told them that this was completely unhelpful and they are now referring it to some other department that can (apparently) tell for sure what I have downloaded... the worry is that if someone has cloned my IMEI, then they would not be able to distinguish anything.

The details of the downloads seems really weird: 3 downloads of just over 4MB each, (each of these 3 exactly the same size to the last byte). Seems like someone downloaded the same thing 3 times. the other download was a 30MB dowload which, as you say, would take forever on a GPRS connection, which makes me concerned that my phone has been "cloned".

I really appreciate your feedback... I will look up Bluesnarfing on Google and use that as a possible explanation of these data charges. I have been with Orange for years and my usage history should make it obvious that these data charges are an anomaly.

Will let you know how I get on!

Regards,

MW

Guest mortalwombat

Guest mortalwombat

Posted
Posted
Did you have outlook to check email every so-often? This might add a few k more but not 40mb....

<{POST_SNAPBACK}>

Hi Mcwarre

No, I do not have any scheduled downloads for anything. The only thing I have is TomTom mobile's traffic service, which updates every 15 minutes. These are usually just a few KB (these appeared on my data charges, but were totally eclipsed by the 4 huge downloads mentioned in my other post).

Thanks for the suggestion!

MW

Guest Tech

Guest Tech

Posted
Posted

i had this problem 2 years ago and complained to orange - it didnt help when you just moved and spent hell of a lot of money paying for the new flat contract paperwork, deposit and 1 and a half months rent in advance!

I complained - orange never listened - why would they? glad I recently left orange on 1 of my contracts.

Do you have the bill? What does it say - in other words how much data was downloaded per session? is there a "per session" or per megabyte billing?

Guest mortalwombat

Guest mortalwombat

Posted
Posted

I think I have an alibi!!!

It seems the 30MB download occured when I was 35000 ft up in the air flying back from Copenhagen! I forgot about the 1 hour time difference! If I can prove I was on that flight (which I was), I should be home and clear. Maybe the 3 previous downloads (all the same size) was the Bluesnarfer testing that his snarfing had been succesful?

If this type of thing is going on, it is quite alarming and something that everyone should be made more aware of.

again... will keep you posted.

MW

Guest mortalwombat

Guest mortalwombat

Posted
Posted

Hi Tech

The bill indicates that there were 4 questionable download sessions. The first 3 are exactly the same size (just over 4MB each), the last one was about 30MB.

MW

Guest Tech

Guest Tech

Posted
Posted

i think its court time lol.

Make sure there isnt a virus on the phone... ive seen wierd things happening with a virus on an SPV - yes I've had it on my e200 out of the blue!

seemed to randomly make international calls - 15 minutes! I tried hanging up, no luck there didnt respond, had to take out the battery.

Luckily there were no charges, i think the virus just made it look as if it were making calls but not doing anything really apart from showing itself off.

so, 30/40MB download - common sense - who would download that much over GPRS? Orange should know that... unless your like an enterprise business customer then it is not questionable.

Guest Swampie

Guest Swampie

Posted
Posted
I rang CS again and told them that this was completely unhelpful and they are now referring it to some other department that can (apparently) tell for sure what I have downloaded... the worry is that if someone has cloned my IMEI, then they would not be able to distinguish anything.

<{POST_SNAPBACK}>

Knowing your IMEI isn't sufficient to clone your phone and get charges on your bill. The IMEI indentifies the handset - which can have different SIMs in it etc. What needs to be cloned is the IMSI which is the identifier for the SIM - which is what your bill relates to.

Whether they can read the IMSI and clone the SIM is another matter.

D

Guest mortalwombat

Guest mortalwombat

Posted
Posted
Do you leave your bluetooth always active ie set to discoverable?

You would not have been "bluejacked" but rather been a victim of "bluesnarfing"

The big concern about bluesnarfing is that it means attackers can access your entire phone contacta data etc and also your IMEI. This can result in you phone being ilegally cloned.

The other possibility is a "bluebug" attack, this method creates aserial profile, this can then take full control of your phone including all call and data features.

If you were attacked just to use your connection you would have had to remain in one area for a long time as 42MB is a lot a data to be transmitted and downloaded.

If your phone was cloned then that's another matter, but as you mention the data apperas to be in the same area at the same time rather than spread out over the day etc.

People love to rant and rave on how much of a "must have " BT is but the security is so poor in high risk areas the risks are too great.

<{POST_SNAPBACK}>

I checked out the site:

http://www.thebunker.net/security/bluetooth.htm

I suggest all Modaco members do the same!

I have called Orange again and notified them of this info (and the fact that I was on a flight for the 30MB download). They are going to forward this info to their investigations department. Will let you all know how I get on.

MW

  • 4 weeks later...
Guest mortalwombat

Guest mortalwombat

Posted
Posted

Had a call off Orange today... they have reimbursed the money for all the data charges in question (389 pounds). I asked them what the results of their investigation was, (Blue snarfing or what). I was told they couldn't release that info but that the charges on my bill were not due to my usage.

I guess everyone should be aware of the potential for this to happen to them!

Beware of keeping your Bluetooth active folks!

Guest Jay3gsm

Guest Jay3gsm

Posted
Posted
I checked out the site:

http://www.thebunker.net/security/bluetooth.htm

I suggest all Modaco members do the same!

I have called Orange again and notified them of this info (and the fact that I was on a flight for the 30MB download). They are going to forward this info to their investigations department. Will let you all know how I get on.

MW

<{POST_SNAPBACK}>

Very interesting article but did you check the handsets that were vulnerable to these attacks? T68, 6310i, hardly modern technology in phone terms there.

My guess is those Orange charges were a billing error, more than anyone getting access to your phone.

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept