Menu
AT&T says malware secretly unlocked hundreds of thousands of phones

AT&T says malware secretly unlocked hundreds of thousands of phones

The audacious scheme was carried out with help from AT&T employees, it alleged in court documents.

AT&T said three of its employees secretly installed software on its network so a cellphone unlocking service could surreptitiously funnel hundreds of thousands of requests to its servers to remove software locks on phones.

The locks prevent phones from being used on competing networks and have been an important tool used by cellular carriers to prevent customers from jumping ship. They can be electronically removed, usually after fulfilling a contract obligation, but many websites offer the same service for a small fee with no questions asked.

AT&T's allegations are made in a filing with U.S. District Court for the Western District of Washington in which it accuses two companies, four people and an unknown software developer or developers, of participating in the audacious scheme. AT&T filed its lawsuit on Sept. 11 but it was first reported by Geekwire on Friday.

The carrier first discovered something was amiss in September 2013 when a surge in the number of unlock requests alerted the company to the possible abuse of "Torch," the software used to unlock cellphones, it said in the complaint.

Upon investigation, the company discovered that the logins and passwords of two employees at a center in Washington were responsible for a large number of the requests and those requests happened within milliseconds of each other.

Both employees, Kyra Evans and Marc Sapatin, are named in the lawsuit.

On the computers of Evans and Sapatin, investigators found unauthorized software intended to route unlocking requests from an external source through AT&T's computer system, it said. AT&T says its investigators uncovered numerous iterations of the software, which grew in complexity until it was eventually able to submit the automatic requests.

Investigators later found the software on a computer of a third employee, Nguyen Lam, according to AT&T. All three are no longer working at AT&T.

AT&T says a California-based company called Swift Unlocks and its proprietor, Prashant Vira, were involved in the scheme and paid Evans and Sapatin at least US$20,000 and $10,500 respectively to install the software. But, AT&T concedes that it doesn't know the full extent of Swift Unlocks' involvement.

Swift Unlocks operates a website where people can pay to have the software lock removed from their phones. Charges vary by phone but AT&T users will generally pay $20 or less for the unlocking service.

In all, AT&T says "hundreds of thousands" of phones were unlocked as a result of the scheme. Its charges include computer fraud, breach of loyalty and civil conspiracy and the carrier has asked the court to hear the case in front of a jury.

The defendants could not immediately be reached for comment and are yet to file a reply to the allegations with the court.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Slideshows

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise

Ingram Micro completed its nationwide roadshow in Auckland last month, kicking off its Innovation Hour series with Hewlett Packard Enterprise. Uncovering the latest in storage, networking and servers, the event outlined key market trends for resellers in 2016 and beyond.

IN PICTURES: Ingram Micro Innovation hits Auckland with Hewlett Packard Enterprise
IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference

FireEye welcomed 143 channel partners and distributors to FireEye's 2016 annual Partner Conference, FireEye A/NZ Momentum - held at Establishment in Sydney. Delegates heard from senior trans-Tasman channel leaders, marketing and the product divisions in the morning, with FireEye customers, incident responders and threat intelligence analysts sharing knowledge during the afternoon.

IN PICTURES: FireEye celebrates channel at 2016 Partner Conference
​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​

With New Zealand businesses now open to innovation, the industry sits on the cusp of significant disruption in the data centre. Driven by software-defined networking, the future of the data centre is fast becoming reality, as the channel seeks to keep up, keep innovating and keep growing. APC by Schneider Electric, Lenovo and key partners outlined how the channel can capitalise at The Grill restaurant in Auckland.

​IN PICTURES: Disruption in the data centre - Can the Kiwi channel capitalise?​
Show Comments