[-` Rogers/AT&T Pay-As-You-Go Billing Vulnerability `-] Advisory released: Tuesday August 29, 2000 Severity: Pay-As-You-Go billing vulnerability on the part of Rogers/AT&T allowing anyone (especially YOU!) to exploit it and make local/national/international calls for free. Author: The Clone -- Disclaimer; I don't take responsibility for anything in this file because an Iranian terrorist group known as 'habakkkoktao' has held me at gun point requesting that I write this or they're going to shoot me. Don't blame me, blame them! Introduction; Rogers/AT&T (Canada) offers to its customers, a particular service plan known as the "ROGERS/AT&T Pay-As-You-Go Wireless Plan". This "plan" entitles you to full local, national, and international wireless service within the coverage areas that it offers (see www.rogers.ca for coverage info). In order to make use of the pre-paid wireless service, you must firstly sign up by: 1. Dialing one of the following toll-free numbers from a landline phone; (Between 8:00am-9:00pm weekly, 8:00am-6:00pm Saturdays and holidays) 1-800-663-1415 - British Columbia, Alberta, Saskatchewan, Manitoba 1-800-268-7347 - Ontario 1-800-361-0538 (1-800-ROGERS AT&T) - Quebec, New Brunswick, Nova Scotia, Prince Edward Island, Newfoundland OR 2. Walk into any Rogers/AT&T store or certified dealership and sign up there. Want to order over the phone or need help finding the nearest dealership? Call: 1-888-448-7994 OR 3. Buy 'Pay-As-You-Go' online: http://www.rogers.ca/wireless/english/voice/pay/buy/index.html Pre-Paid Cards; By going to any Rogers/AT&T wireless store location, you can pick yourself up one of many different Pay-As-You-Go cards. What I usually buy are the $25 1-hour cards because they're cheap and I'm not really huge on talking on tumor causing insecure radio transmitter/receivers. Activating your Card; After purchasing your pre-paid card, what you can do is call up one of the INWATS number listed above (from a landline) that services your local area and speak to one of the friendly customer service representative who'll be MORE than happy to help you out. Tell them that you just purchased a pre-paid card and that you'd like them to renew the time to your phone. Re-filling your time; Either buy another Pay-As-You-Go card from a Rogers/AT&T dealership, call them up and pay with your credit card, OR see step 3 [above]. -- The Vulnerability - as a scenario. - Johnny picks up his wireless Rogers/AT&T pre-paid phone and turns it on - Johnny hears a beep, looks at his phone and notices that he has a lot of battery power left - Johnny feels glee and lets out a huge *sigh* - Johnny then proceeds to dial his boyfriend Frank's phone number - Johnny prepares to listen to the beautifully sounding automated female recording (that makes him for a moment in his very homosexual life want to be heterosexual just so he'd know what it was like to actually lust for such an angelic voice) read off the number of minutes he has left for his call (account balance). - Too bad for Johnny; no automated voice at all! "What duth dith mean?" lisps the very gay, confused, and curious Johnny. Well Johnny, what just occurred was simple; The Rogers/AT&T's Pay-As-You-Go billing system didn't recognize your account, therefore you weren't billed for that particular call. Each time the automated voice plays, you're billed for the call - each time it doesn't, you aren't. I've estimated (with my personal experience) that the billing errors occur approximately 40% of the time while 60% of the time the billing goes through absolutely fine. One could easily exploit this vulnerability by; Hanging up the call every time the automated voice appears on the phone, re-dialing the desired number and repeating the process until the automated voice doesn't appear. Simply only pay for one $25 Pay-As-You-Go card and keep exploiting the Rogers/AT&T system, calling any number you wish in the world for absolutely free! No one gets billed, no one is hurt. Leech off the capitalist pigs while you still can! -END-