|
|
|
|
Phones ATF-2
Car telephone for ATF-2 network · NMT-450
Carvox 2451 was the first carphone for the
Dutch ATF-2 network, released in
1985 by the Dutch telecom monopolist PTT on a subscription base. The device
was supplied by Philips,
but was in reality a 3533-2 made by AP Radiotelefon
A/S in Denmark for the Nordic NMT-450 network.
|
ATF-2 was the successor to the ATF-1
– which had a limited capacity
and used in-band signalling – and offered a cellular structure with fully
automatic hand-over at the cell borders.
Carvox 2451 was the first telephone that became available for the ATF-2
network. PTT customers could not buy it, but had to rent it from them on a
subscription base, to which the high costs of the calls were added.
The device consisted of a handset – with built-in controls and LCD display –
and a 450 MHz transceiver that was so large that it had to be
fitted in the trunk of the car.
|
|
|
Due to the fact that the ATF-2 network used digital signalling by means of
internal 1200 baud modems, it was less susceptible to phone phreaking
than the old ATF-1 network. Soon after its introduction however, hackers
discovered that there were still vulnerabilities in the system, that allowed
them to use number spoofing, albeit not as easy and flexible as
on the ATF-1 phones.
Furthermore, PTT had learned from the problems with the
widely hacked ATF-1 network, and had blocked all inactive numbers.
For this reason, hackers could only use valid telephone numbers
of existing subscribers.
Rather than giving the user of a hacked phone
full control of the subscriber number, they
programmed them with 10 fixed numbers, selectable with a one-digit
thumbwheel.
The image above shows a hacked Carvox 2451 that was used by criminals to
make 'free' phone calls. It is housed in a professional flightcase and has
a built-in battery for semi-portable use.
|
ATF-2 was the second automatic analogue car telephone network
in the Netherlands, introduced in 1985 by the state-owned telecom
monopolist PTT
(now: KPN). It operated in the 450 MHz band and was based on
the Nordic Telecom NMT-450 standard, albeit with a different channel spacing.
The network was not protected against eavesdropping and used modem-based
digital signalling.
|
NMT-450 was one of the first cellular telephone networks, in which the country
was divided into a series of areas (cells), much like a honeycomb, as shown in
the map on the right. Initially, 50 cells were planned for a maximum number of
25,000 subscribers. This was later expanded to 120 cells for a total of
32,000 subscribers. Move over the map to see how smaller cells were used to
increase the capacity of the ATF-2 network.
Unlike ATF-1,
it was an analogue network with signalling through digital
modems, that provided an automatic hand-over when crossing a cell border.
As a result, it was no longer necessary to dial a specific area-code (prefix)
for each region.
As the conversation was still transmitted in FM (analogue) however,
eavesdropping remained possible by means of a simple computer scanner
like the Handic 0016. This was done
by criminals — for blackmailing people based on intercepted compromising
conversations — as well as by the police — for intercepting criminal
conversations.
|
|
|
Initially, a network expansion to 150 base stations (for 50,000
subscribers) was planned, but the plans were dropped when it became
clear that with the rapidly increasing number of subscribers, this limit
would have been reached by 1989.
As the new pan-European GSM network (planned for 1990) was
delayed by at least one year, it was decided to add an intermediate
network: ATF-3.
➤ More about ATF-2
|
ATF-2 was the first analogue mobile network in the Netherlands that used
digital signalling by means of internal 1200 baud modems. This made the
network more resilient to phone phreaking, but not immune. Shortly
after the introduction of the network, hackers unravelled the
protocol and discovered that there was no form of authentication,
just like on the earlier ATF-1 network.
|
This lack of security allowed them to make free phone calls by using
number spoofing, but this was far less easy than on the ATF-1
network. It was no longer possible to pick a random phone number and program
it into the telephone set.
Instead, the hackers had to find valid numbers
by trying them one-by-one. In practice, they would program 10 valid telephone
numbers into the hacked telephone, that could be selected by the user by
means of a single digit thumbwheel.
The image on the right shows the thumbwheel
of the hacked Carvox 2451 featured on this page.
|
|
|
In practice this meant that the malicious user could make 'free' phone calls
for which a genuine subscriber was billed. As soon as the fraude was discovered,
PTT would block the number, after which the malicious user selected another
one from the available 10 spoofed numbers. Once the 10 numbers were exhausted
(i.e. when PTT had blocked all of them), the user had to return his telephone
set to the hacker, who would then reprogram it with 10 new numbers.
Reportedly, some hackers ran a life-time warrantly program for this
reprogramming service.
After PTT had introduced authentication on the ATF-2 network
– around 1988 – number spoofing was no longer possible, and most of the
clandestine use of the network disappeared.
➤ More about clandestine use of ATF-2
|
ATF
|
|
Autotelefoon
Name for the Dutch automatically-switched analogue carphone networks,
of which three generations have existed (nown as ATF-1,
ATF-2
and ATF-3.
Succeeded in 1994 by GSM.
|
GSM
|
|
Global System for Mobile Communication
Digital mobile telephone network, with built-in encryption and authentication.
Introduced in 1991 and rolled-out in most European countries in 1992.
In the Netherlands, GSM was introduced in 1994.
➤ More
|
KPN
|
|
Koninklijke PTT Nederland
Royal PTT of The Netherlands. This was the name of the former Dutch
state-owned telecom monopolist PTT after its privatisation in 1989.
|
PTT
|
|
Staatsbedrijf der Posterijen, Telegrafie en Telefonie
Dutch state-owned telecommunications monopolist from 1881 until its
privatisation in 1989.
Responsible for the development and operation of the post, telegraph
and telephone networks in the Netherlands. Also responsible for monitoring
the radio spectrum and for enforcing the telecom laws.
|
|
|
Any links shown in red are currently unavailable.
If you like the information on this website, why not make a donation?
© Crypto Museum. Created: Wednesday 12 June 2019. Last changed: Tuesday, 22 August 2023 - 19:14 CET.
|
|
|
|
|