Monday, July 07, 2008

Vodafone software problems risk public safety

Vodafone changed to a new billing system in 2007 and there appear to be ongoing problems with the system. When I was unable to see any of the 2008 billing details for my Vodafone mobile phone, with their online system, I complained to the Telecommunications Ombudsman.

Vodafone then promptly contacted me and arranged to send paper copies of the missing bills and call details (which they did). Also they refunded some items on the bill which I queried.

However, the Vodafone online system is still not working properly. I can see my latest bill, but If I attempt to look at Account Summary or Call Details I get: "An error has occurred. Sorry for the inconvenience - There has been a communication problem and your request has not been processed. Please try again later.".

This appears to be a systemic problem, not within the Telecommunication Ombudsman's power to address. Vodafone could simply respond to each complaint by sending a paper copy and offering a partial refund, without fixing the system.

If there is a problem with Vodafone's billing system, there is a risk of financial fraud from misuse of the system. If the problems extend to the telecommunications system Vodafone provides, the safety of the public is at risk. As Vodafone's system is interconnected nationally and internationally, it places the entire telecommunications system at risk of fraud, crime and terrorism.

The ACMA needs to check if Vodafone is complying with its license conditions.

A well documented example of how a problem with a poorly maintained Vodafone system has implications for terrorism is detailed in "The Athens Affair" (by Vassilis Prevelakis and Diomidis Spinellis, IEEE Spectrum, July 2007). In this instance more than 100 senior people, who were customers of Vodafone Greece, had their mobile phones bugged due to poor system maintenance. Those bugged included the Prime Minister, the ministers of national defense, foreign affairs and justice, plus senior staff of the ministries of National Defense, Public Order, Merchant Marine, Foreign Affairs, Hellenic Navy general staff and an employee at the United States Embassy.

Hackers attached the Vodafone switches and exploited the system's facility designed for legal phone taps, modifying the system software. The attack was eventually discovered when it interfered with the delivery of text messages. Why the software change was not discovered in routine system maintenance has not been publicly revealed. Investigators were hampered by Vodafone deleting the system logs and by one of the engineers being found dead in an apparent suicide.

1 comment:

Tom Worthington said...

On 7 July 2008 I wrote to the Australian Communications and Media Authority (ACMA) asking them to investigate Vodafone. The reply I got on 17 July 2008 indicated they may decide to make preliminary inquiries and take "further steps".

If anyone else has concerns with the integrity of Vodafone Australia's systems, they should contact ACMA.