VoIP SIP Trojan?

Something very weird happened today. My friend James got this Treo 600 for his T-Mobile network a few weeks ago and he wanted to also use it as a VoIP handset in addition to its cell capabilities. He tried the US-based iSkoot which is a Skype proxy and I suggested to him to try the popular UK-based SIP Articulation and later the Canadian-based VoYP also SIP software. On Wed Sep 20 around 17:40 PM PST we tried all these applications to see if they work with his GPRS handset (no EDGE). Only iSkoot worked, even if we tried about 10 times. We thought that simply GPRS was too slow to use, even when using the GSM codec.

Fast forward one month. James got his cellphone bill and he had 8 calls to… Sweden at this number: 4685250XXXX (full number available by request). The calls were logged by T-Mobile exactly at the time we were testing these apps via GPRS. During the time he did not initiate any cellular calls and he did not receive any cellular calls, we only used GPRS. To make sure, he checked out his GPRS settings and these only include T-Mobile’s APN and no other WAP providers.

Our suspicion is that either Articulation of VoYP have used secretly Treo’s cellular capabilities to call out. We don’t believe that iSkoot is the culprit (we only used it once as it was successful out of the box, not 8 times). The culprit might either be Articulation (which I don’t believe so to be personally, because it’s a very popular app lately) or VoYP (which doesn’t have as strong credentials). OR, T-Mobile really hates VoIP so much that it bills innocent users when it detects VoIP’s ports being used (port 5060).

Anyone has heard anything about this? Is it possible that one of these apps are connecting to its developer’s server after the user connects the app to GPRS and then the developer’s own server software sends special commands to the SIP client to make REAL cellular calls outbound without the Treo device alerting the user? Via a security loophole or “feature” of PalmOS maybe? And then transmit data from the developers’ server through GPRS to the user’s Treo and then via GSM to the destination? Most modern devices can use GPRS and GSM at the same time you see.

We have no such evidence so far, as we haven’t re-tried with these SIP apps again. I will have to persuade James to retry (I don’t have a Treo) so we can catch whoever does this and then go public with this information. For now, this is all speculation. But one thing that’s not speculation is that James got billed $10 for calls to Sweden that he never do. Someone has to pay for that.

Comments are closed as this blog post is now archived.

Lines, paragraphs break automatically. HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

The URI to TrackBack this blog entry is this. And here is the RSS 2.0 for comments on this post.