Recent Cyberattack Calls Device Unlocking Policies into Question | Cannon Group | Your trusted experts in telecom management.
Stipends and Reimbursements for Mobile Services: Are They Taxable?
June 9, 2014
Sprint Seeks to Acquire T-Mobile in $32 Billion Merger
June 20, 2014

Recent Cyberattack Calls Device Unlocking Policies into Question

Recent Cyberattack Calls Device Unlocking Policies into Question

Hackers Involved in Security Breach Were Trying to Unlock Devices, AT&T Says

June 17, 2014

At least 500 AT&T customers have become the victims of a security breach, exposing sensitive personal information like victims’ Social Security numbers and birth dates.

However, this wasn’t a traditional instance of hacking to commit financial fraud (like, for example, recent cyberattacks). AT&T says that the intent of the attack, which occurred between April 9th and April 21st, was to request codes from AT&T that are used to “unlock” AT&T mobile phones in the secondary mobile market.*

In short, hackers (reportedly employees from an outside service vendor) pretended to be AT&T customers in order to unlock old, used devices.

Debate surrounding the “unlocking” policy has made news in the past (Major US Wireless Carriers Will Allow Device Unlocking) – Last year, FCC Chairman Tom Wheeler promoted an agreement between carriers and The Wireless Association (CTIA) adopting a voluntary set of unlocking policies.


About Unlocking

Unlocking lets users move seamlessly between networks or use their devices while traveling overseas – a capability that especially benefits mobile business workers.

The problem is that, because the process requires altering a locked device’s firmware, unlocking is considered a violation of the Digital Millennium Copyright Act (DCMA) when performed without carrier permission.

Currently, AT&T and other carriers allow device unlocking, but with restrictions: Users can only request unlocking at the beginning or end of their two-year contracts, and requests can only be made through their carriers.


The Debate among Carriers and Critics

Recent Cyberattack Calls Device Unlocking Policies into QuestionOpponents argue that carriers’ unlocking policies are too strict, unnecessarily tying consumers to their carrier while simultaneously making it difficult to reuse old devices. This is important, especially considering today’s huge market for refurbished phones (despite the fact that the smart device industry continues to grow).

On the other hand, carriers claim that if devices aren’t initially set up to access their networks, users won’t be able to access embedded services anyway. In addition, CTIA is concerned that the bulk unlocking of devices will increase the potential for stolen mobile devices.†


Next Steps for Unlocking

If nothing else, however, this recent breach clearly demonstrates the fact that users would compromise our most sensitive information just to recycle used devices.

In light of AT&T’s breach, experts wonder whether more progressive unlocking policies would prevent future attacks; meanwhile, wireless industry officials argue that these policies help regulate a “gray market” for stolen phones that could carry malware to steal personal information.*

Yet for now, and especially for those affected by the cyberattack, it seems that these strict regulations are forcing the market in that direction.

Whatever the case, the policy still has a long way to go. For now, AT&T will reportedly provide victims with one year of free credit monitoring.†


* Fung, Brian. Carriers’ tight grip on cellphone unlocking seems to have resulted in a cyberattack, The Switch, The Washington Post.
† Meyer, Dan. AT&T warns of potential account hack tied to device unlocking request, RCR Wireless.

Subscribe to our blog

Sign up to receive a monthly rundown of our blog posts!