Results 1 to 18 of 18
  1.    #1  
    Greetings everyone, Itís been a strange week for me. I support my companyís corporate cell/Smartphone users. We have 135 700WX from Verizon. Tuesday I receive a call from the VZW Fraud Department asking me to confirm if one of my users was in the Dominican Republic. (Santa Domingo to be exact). I called the users assistant who stated that he was in his office! I called vzw back and they confirmed that they have been seeing some cloning issues out of that area and that I needed to install the 1.22_ or 1.22 R1 firmware upgraded. They stated that VZW and Palm recently discovered a 'hole' in the security setting on the previous versions of the firmware and that the 1.22 R1 updated corrected the issue and prevented the cloning.

    I will be honest, I really donít understand how this is happening and VZW and Palm are being extremely tight lipped about the cause of this issue.

    Since Tuesday, I have had 4 Treo's reported as cloned by Verizon Wireless.

    I will also point out that the 1.22 R1 or 1.22_ was issued in Sept 2007. I have received a new 700 WX that did not have the updated (1.22R1) firmware on the device. The last devices I received was this past Monday 7/21. It appears that for some reason devices are still being shipped with out the most recent firmware.

    Needless to say, I am not too happy with Verizon Wireless right now.

    Is anyone out there having the same issue with their device(s)?
  2. #2  
    I hope this doesn't affect the 1.15 Sprint revision...
    Grant Smith
    A+, Net+, MCPx2, BSIT/VC, MIS

    eNVENT Technologies
    Use your imagination.
    Sprint HTC Evo 4G

    DISCLAIMER: The views, conclusions, findings and opinions of this author are those of this author and do not necessarily reflect the views of eNVENT Technologies.
  3. GeekCop's Avatar
    111 Posts
    Global Posts
    187 Global Posts
    First I've heard of this.
    "There is no hunting like the hunting of man, and those who have hunted armed men long enough and liked it, never care for anything else thereafter."
    -Ernest Hemingway

  4. #4  
    I thought USA networks uses the AKEY. If the Treo was cloned to 'another phone', that cannot be avoided with an Treo update.
    6b 6f 63 6f 6d 61 6e 20 6f 66 20 63 64 6d 61 2d 64 65 76 2d 74 65 61 6d
  5. #5  
    Quote Originally Posted by kocoman View Post
    I thought USA networks uses the AKEY.
    USA networks (or at least Sprint) does not use the AKEY.

    The only way I know to clone a phone is to steal the NV. My guess is that someone was trying random ESN's on their phone, and got lucky (or unlucky, depending on your perspective).

    There's no way to "steal" an ESN (which is all that they really care about as far as the phone goes).
  6. #6  
    You can steal accounts if you know the following

    ESN attached to account
    MSID attached to account
    Phone # attached to account

    All 3 MUST match exactly as per victim account, then it will work
    6b 6f 63 6f 6d 61 6e 20 6f 66 20 63 64 6d 61 2d 64 65 76 2d 74 65 61 6d
  7. #7  
    Quote Originally Posted by kocoman View Post
    You can steal accounts if you know the following

    ESN attached to account
    MSID attached to account
    Phone # attached to account

    All 3 MUST match exactly as per victim account, then it will work
    Actually for Sprint you just need the ESN and phone #.

    That's all I needed when I rebuilt my NV from scratch.

    I dunno about Verizon, but I'd imagine it'd be similar.
  8.    #8  
    I just received an update from my contact at Palm regarding this issue. Nothing yet from Verizon although my account team has been a big help in updating the 135 devices that needed the patch.

    The following info is for Verizon Customers only.

    According to my palm rep, he stated that if the device was manufactured prior to April 4, 2007 and does not have " TREO700WX_-1.22-VZW " software version (the underscore is critical). the device is at risk for cloning. If the device was manufactured after 4/4/07 and has software version TREO700WX-1.22-VZW, the device is not at risk and does not require any action.

    My thought is better safe than sorry, so I continue to install the _-1.22 software on ALL devices regardless of manufacture date.

    As of this posting, I have had 5 devices 'hotlined' by the VZW Fraud Dept. because of this issue.
  9. #9  

    I still fail to see how a device could be more at risk or less at risk regardless of the ROM. There's no way an ESN is even useful without the matching phone number.

    Something smells fishy to me here.

    How many devices do you have in the field?
  10. docstang's Avatar
    9 Posts
    Global Posts
    12 Global Posts
    Got a text today from VZW pointing to link with the following message:
    I guess there are some "billing" issues.

    July 2008

    Dear Customer,

    Palm has posted a critical software patch for customers with a Palm Treo 700p, Palm Treo 700w and Palm Treo 700wx handset. This patch is important to ensure proper billing.

    Please visit the Palm website ( from your PC to ensure that you have the latest firmware and software installed on your smartphone. Follow the instructions posted to check for a software upgrade.

    If your device is already running the latest software, the website information will inform you and no further action will be needed on your part.

    If your device needs to be updated, the Palm upgrade tool will upgrade your device's software and apply any patches as needed.

    Thank you for your business,
    Verizon Wireless
  11. #11  
    Makes me wonder if there was something in the 1.22 patch to try and close some of the phone as modem loopholes.

    Many companies are trying to cut back on data usage they're not getting (directly) paid for.
  12. #12  
    You can also clone the Treo's esn into a data card (like Novatel U720), the tethered connection is much more stable under high load. ie: no modem freeze, hang-ups..etc,
    6b 6f 63 6f 6d 61 6e 20 6f 66 20 63 64 6d 61 2d 64 65 76 2d 74 65 61 6d
  13. #13  
    I just want to point out that Verizon is the owner for all the telecom/wireless service on the Dominican Republic. something is fishy here.
  14.    #14  
    Quote Originally Posted by Ebag333 View Post

    I still fail to see how a device could be more at risk or less at risk regardless of the ROM. There's no way an ESN is even useful without the matching phone number.

    Something smells fishy to me here.

    How many devices do you have in the field?
    I have 135 devices. All VZW 700 wx.

    I would agree that something is fishy... VZW has refused to issue my company a statement explaining the cause of the issue and what VZW is doing to prevent it from happening in the future.
  15. #15  
    The whole "manufacturing" date is extremely curious to me.

    The manufacturing date shouldn't matter as for the 700, as far as I know they were all essentially identicle except for the 32 megs RAM vs 64 megs.

    Maybe Malatesta or someone else can shed light on possible hardware changes?

    But regardless, I'm not sure why a VZW phone with an older version of the ROM would not be at risk if manufactured after April 4th, 2007. I can understand a security hole in the ROM, but Sprint should have had the same problem if this was true, and I am unaware of any noise from their side.

    I've compared the different ROM's and am unable to find this major security hole that could cause it. Frankly, I call BS on them for this.

    If I were in your shoe's I'd be upgrading to 1.22 anyway. But for different reasons than someone (theoretically) stealing your ESN.
  16. #16  
    OK, this happened to a person I know as well. They said the same thing, "your phone was cloned and someone was making calls to the Dominican Republic".

    Wanted to upgrade to the underscore version. Very strange....
  17. #17  
    Just one more reason to be glad I'm not with Verizon. Their primary color should be brown, not red.
  18. #18  
    That was e-mailed to me from another user who had this problem.

    ------------ Begin --------------

    I will apologize up front here as I'm tired and this is mostly just a
    way to get past being pissed off at VZW for not watching out for the

    I have a Treo 700p and it was cloned Friday night, just in time for the
    weekend. If you're wondering how to tell if your phone has been cloned,
    it's really easy. Call yourself from another phone. If you get no
    indication whatsoever of that call happening, including voicemail
    notification, you're in trouble. If you periodically get through, it's
    likely due to the other phone having been turned off and your phone is
    termporarily winning.

    I just went through the process of getting my phone back from being
    cloned. The most awesome part of this is the complete lack of support
    that VZW gives to prevent the inconvenience of having your phone cloned.

    The sequence of events:

    1. Drive to Vegas for a weekend conference on a Thursday
    2. Friday evening, no calls or text messages are getting through to
    my phone
    3. Sunday, while driving back, I have eleven (11) voice mails with no
    evidence of a missed call or that I might have a voicemail.
    4. Sunday night, contact VZW help (611) and find out that:

    A) support will try to help you and tell you they believe that
    your phone has been cloned. Once they believe that your phone
    has been cloned, they will tell you that something is wrong
    with the device and you should hard reset it.

    This will do you no good, whatsoever. However, I'm pretty sure
    that they have a pool running on the other end of the phone to
    see how many customers they can stroke out by zapping all of
    the data on their phones "on accident."

    B) The cloning and fraud department at VZW only works M-F,
    0500-1800 PST. Obviously, this is because your phone can only
    get cloned during banker hours. *SIGH*

    C) Nobody at VZW can actually look at your account and tell you if
    there are weird charges on the bill. In my case, there was no
    indication of misuse during the episode and the one phone call
    that I did get from the DR was from a local area code.

    5. Monday morning, call VZW cloning/fraud department. I had to speak
    to two separate people to complete my phone transaction.

    The first person was very kind and genuinely wanted to help me but
    was an *****. "Yes, Mr. Smith, I'm going to send you a text
    message with the URL you can use to update your phone firmware

    "But my phone has been cloned."

    "Right. Did you get the text message?"

    The second person was pissed off to be alive. They cut me off
    every time I started to say something and then seemed to think
    that it was obvious that doing a complete restore from backup to
    the device would not overwrite the settings just downloaded from

    Anyway, the information that you will need to get your phone uncloned,
    or that you should use to keep from having it get cloned in the first

    1. Go to

    2. Follow the directions on updating your phone firmware.

    3. After the 35 minutes it takes the software to install, call
    cloning/fraud at the number below:

    Cloning/Fraud Dept.
    888 483-7200
    Hours: M-F, 0500 - 1800 PST only

    4. They will "verify" your phone via the following process:

    o Dial #2539 - Authorization from verizon host, they send
    programming to phone.
    o Turn phone radio off
    - Tell support person when it's off
    o Turn phone radio on
    - Tell support person when it's on

    NOTE: It's very likely that over the air programming ( *228, option 1 )
    will not work at this time since your phone has been flagged in
    the system as being cloned. It may take a day or more for this to
    clear. However, updating roaming ( *228, option 2 ) works.

    After updating your phone, the firmware version displayed for the phone
    firmware is Treo700p_-1.10-VZW.

    According to a treocentral article on the interweb [0] and the Verizon
    tech, this flaw is due to there being no AKEY shipped with the phone
    firmware and has been known for quite some time. It's just now coming
    up in numbers as it's been discovered at large. Most of the phone
    numbers are being cloned to the Dominican Republic.

    The importance of the A-Key is described well by this quote:

    "Security of the A-Key is critical in a CDMA system. Over-the-Air
    provisioning uses Diffie-Hellman algorithm, making it the best choice
    for A-Key programming from the alternatives mentioned above.
    Diffie-Hellman algorithm is used for secure key exchange between two
    entities so that a third party cannot deduce the value in the process
    of exchange." [1]

    What this basically boils down to is that all the information required
    to clone a phone is being broadcast unencrypted over the air for anyone
    to partake of with very little effort.

    Thank you so much, Verizon.

    Adding insult to injury, not only did I lose use of my phone for an
    entire weekend because my phone got nabbed on a Friday night and VZW
    fraud/cloning works banker hours, but I had to perform a 90 minute hokey
    pokey to get the new software installed, call back to VZW and then do
    the hokey pokey, turn the phone off and on with VZW on the phone.


    [1] Over-The-Air Provisioning in CDMA, Rohini P.P., Gemplus Technologies, October 2004
    Anyone familiar with the AKEY setting? Mal, think this might be worthy of an article on WMExperts?

Posting Permissions