Date: Thu, 16 Jun 2005 18:54:04 +1000 From: "Darryl Smith" <Darryl@radio-active.net.au> Subject: SIM Cards with GPRS
I am a GPS tracking consultant - and I usually use GPRS, which is a packet switched data service built on top of GSM. Unlike AMPS and CDMA, the personality of each mobile device is stored in a Smart Card called a SIM card. This stores the local encryption key as well as a serial number that points to your phone number. It also stores information on the preferred GSM network to connect to and your phonebook.
If you want to swap phones you just swap SIM cards. This makes upgrading phones really easy, and also makes it easy to rent a phone in another country if your phone does not work in that country because it operates on a different frequency.
One of my clients was issued 80 SIM cards for a project I was doing for them. The carrier supplied the SIM cards as well as printed documentation listing the serial number for each card. This serial number is the reference that translates into a phone number and a billing identifier.
This customer also arranged to have their own VPN set up so that their data traffic would not pass over the internet but over a private link between the carrier and customer. The way this is done is by assigning a different APN or Access Point Name. This APN was specific to this customer, and no-one else had access to it.
When I was testing the equipment with the SIM cards and the custom APN, the SIM cards would not work. So I tried it in my GPRS phone - and strangely it worked using the standard APN. This did not surprise me as the carrier was notorious for not correctly configuring the APN.
My customer then sent the list of SIM cards to the carrier for them to fix, attaching the custom APN. This was the same list the carrier had provided to them, but thanks to business processes it was easiest for my client to e-mail the carrier the list back. The changed the APN on all 80 cards to the custom APN, removing GPRS access through the default APN to all cards.
24 hours later I tried the equipment again, and it still did not work. So I rang my client, and for a joke I told him the serial number of the SIM card, and asked him if it was on his list. I was rather surprised when he could find no reference of it. Comparing his list of serial numbers to my list of serial numbers, we worked out that only 3 out of 80 of the SIM cards were on his list.
So my client then contacted the carrier. After some discussions, the carrier then transferred the 77 SIM cards to my client, and presumably restored the correct APN to the other 77 SIM cards being used by other clients returning GPRS functionality.
What had happened is that the carrier did not provide the correct SIM Serial Numbers to my client in the first place. My client assumed that this list was correct. I did not care what the serial numbers were, but I recorded them on each piece of equipment anyway, copying the number from the cards themselves, rather than copying from his list.
Then my client, assuming his list was accurate e-mailed the carrier, and the carrier assumed that this list was correct. And then changed the SIM cards to 'Fix Them', breaking many other services at the same time. Management in the carrier took some time to be convinced that they had not issued the correct serial numbers to the client - even wanting to speak to me directly to verify that I physically had these SIM cards in my possession.
Right now my clients GPRS devices seem to be working, but I have no idea about the 77 SIM cards being used by other clients. This is likely to be a huge billing nightmare too. Thankfully we only used a few cents worth of GPRS bandwidth on cards that did not (at the time) belong to my client.
The risk? Don't rely on information that a supplier gives you. Do not rely on information a customer gives you without cross checking it. Do not rely on mobile devices for critical purposes if there is any chance that someone could re-configure your mobile device.
Darryl Smith, VK2TDS, POBox 169 Ingleburn NSW 2565 Australia +61 4 12 929 634 www.radio-active.net.au/blog/ www.radio-active.net.au/web/tracking/
No comments:
Post a Comment