Fake ICE and Hot ICE

Randy’s post yesterday about putting an "In Case of Emergency" (ICE) prefix in front of one or more entries in the contact list on your cellphone rang a particular bell (sorry!) with me.

I first came across the idea around 2005, when the idea was first launched by the East Anglian Ambulance NHS Trust in the UK. I was running the National Health Service’s Threat Assessment Centre at the time, and, curiously enough, my first introduction to the idea was actually through one of a number of hoaxes that were being spread at that time, one of which I was asked to verify. The hoax claimed that there were malicious texts or phone viruses running around that would look for ICE entries in the address book and use them in some mysterious way to charge premium rates. (It’s astonishing how many hoaxes relate to premium telephone services.)

Steven Burn commented on Randy’s blog that "The downside of course is that even with this information, the chances of someone being honest enough to return it, are slim to none (especially if you happen to lose it in the UK) – or am I being overly skeptic?" The fact that one of my daughters, the most forgetful person in the world this side of clinical amnesia, has lost more than one cellphone, and not one has been returned, I have to admit. Still, the only time I lost a phone (as opposed to having one stolen), the finder did check my contact list and ring my mother to get my landline number, so that he could arrange to get it back to me, so I can confirm Randy’s response that there are honest people around. But that set me thinking As Bob Brotchie, the paramedic behind the initiative, pointed out that in an emergency, your mother is not necessarily the person you want someone to ring first with the news that you’ve just been fatally injured, so you need to think carefully about whom you select as an ICE contact (there might be an entrepreneurial opportunity here).

But it also occurs to me that in the event of your phone falling into the hands of the wrong person, you might also want to try to deter its use as leverage for further thefts or scams. Depending on how paranoid you feel about this, you might want to consider measures such as using initials for easily recognizable contacts, or even code names.

There are some other practical issues, too. The Los Angeles Fire Department, one of the many emergency services that have encouraged the adoption of the scheme, very properly pointed out that you should use this as a supplement to other means of carrying these and other data (such as a contact list in your wallet, a card or bracelet with relevant medical information, and so on). After all, an incident that damages you might well damage your phone too.

Snopes, the industry standard resource for checking hoaxes also makes some good points, as well as providing more detail on one or two of the hoaxes I’ve mentioned. Unsurprisingly, another phone hoax/scam pointed out to me yesterday is also listed there.

The message, which appears to be very recent, describes a scam where the bad guy poses as a telephone company operative and threatens to cut off service unless the panicked recipient of the call immediately pays an allegedly unpaid bill. Faced with a sceptical potential victim, the caller "proves" that he can cut off service immediately by telling them to try putting down the receiver and then trying to make another call.

It’s not clear whether the incident described in the chain mail is a real incident: however, it is worth pointing out that there is a very easy way to fake a temporary disconnection (it’s described on Snopes, but it goes back to the earliest days of telephone exchanges: I remember a slightly different misuse of the system being described in one of Leslie Charteris’ early Saint books,

So even if the incident didn’t actually happen, it’s worth knowing that it’s theoretically possible. However, I don’t recommend that you forward any chain letters on the topic.

I have another paper on currently circulating hoaxes in preparation: however, right now I’m working on a presentation on a related subject that Randy and I may be presenting at Virus Bulletin in Geneva next week. (It’s a reserve paper, but we need the presentation to be ready in case someone drops out!)

David Harley BA CISSP FBCS CITP
Director of Malware Intelligence

ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php

Securing Our eCity community initiative: http://www.securingourecity.org/

 

 

Author David Harley, ESET

  • Robert Waller

    Quote:
    The message, which appears to be very recent, describes a scam where the bad guy poses as a telephone company operative and threatens to cut off service unless the panicked recipient of the call immediately pays an allegedly unpaid bill. Faced with a sceptical potential victim, the caller “proves” that he can cut off service immediately by telling them to try putting down the receiver and then trying to make another call.
    Unquote

    In the old days the dial tone would only be available once the “CALLER” disconnected the line, so a caller could hold your line to ransome for as long a he kept the line open, nowadays the line disconnects when either party hangs up, sometimes it will take a few minutes if it is the recipient who hangs up.

  • http://www.eset.com/threat-center/blog/ David Harley

    Yes. Obviously, the degree of vulnerability will depend on where you are: I think the essential point is that it could still happen.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

4 articles related to:
Hot Topic
16 Sep 2009
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.