The RISKS Digest
Volume 7 Issue 58

Monday, 26th September 1988

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Computers in local govt - a burning issue?
Dave Horsfall
o North Cornwall water supply polluted
Paul Mansbacher via Willie Smith
o Re: Risks of cellular telephones
Alan Kaminsky
John Gilmore
o Other voice mailbox risks reported
o Auto Computers vs. radios
Steve Jay
o State Records via Computer
William Curtiss
o Damage by Disney 3-D glasses
Andrew Klossner
o Re: more on killer remote controlls
o Info on RISKS (comp.risks)

Computers in local govt - a burning issue?

Dave Horsfall <>
Fri, 23 Sep 88 09:47:42 est
Just read in the daily paper that a mayor ordered the air-conditioning
in a computer room to be turned off, as the noise was interfering with
the council meeting.  Unfortunately, no-one ordered it turned on again,
and the staff turned up next morning to find one cooked computer...

Dave Horsfall (VK2KFU),  Alcatel-STC Australia,,  ...munnari!!dave

North Cornwall water supply polluted

Willie Smith, LTN Components Eng. <>
26 Sep 88 14:11
A combination of circumstances at an unattended water-works caused the
pollution of the water-supply to 22,000 homes in north Cornwall by aluminium
sulphate last July.  

The following scenario was given by a TV programme last week.  A relief driver
was asked to deliver 20 tons of aluminium sulphate to an unattended waterworks.
He was given a key to open the gate by the normal driver.  This key should not
have been available to the driver.  The tank to store the aluminium sulphate
was unlabeled, and the driver dumped his load into an underground reservoir of
treated water.  This water entered the water distribution system, now
containing a amount of aluminium 500 times the maximum permitted.  The water
was now acidic (sulphuric acid), and started dissolving lead and copper from
the pipes.

When notified of a problem, the water board discovered a mal-functioning pump.
They repaired this and dumped the contents of the reservoir into the river,
poisoning thousands of fish and other river life.  They stated the water was
now safe to drink.  (It wasn't!!).  Many animals died, and humans suffered much
pain and discomfort.  The long term affects of the pollution are unknown.

What has this to do with computing RISKS?  The waterworks was automated, but
all measuring devices were on the intake side of the waterworks.  Designers had
omitted to monitor the water exiting the works and entering the public supply,
thus ensuring that the above sequence of errors was not picked up until the
water reached the consumers!

BTW, under British Law, no crime has been committed.

Re: Risks of cellular telephones [RISKS 7.57]

Mon, 26 Sep 88 10:25:53 EDT
Chuck Weinstock asks how an incoming call is placed to a cellular telephone,
and whether Big Brother could somehow use this to monitor persons'
whereabouts.  I used to work on cellular telephone switching system software,
so I'll take a stab at it.

When a call is placed to a cellular telephone, a "paging" message is
broadcast in all the cells in the system.  Certain frequencies are set
aside solely for paging.  All active cellular telephones are constantly
monitoring the paging channel.  When a phone detects a paging message with
its own address, it broadcasts a page response message.  This response is
received by all the cells in the system, and the signal strength is measured.
The cell receiving the strongest response is assumed to be the cell in which
the phone is located, an unused frequency in that cell is assigned, and the
phone call is switched to a transceiver in that cell.

So cellular telephones are indeed located by a broadcast message, not by
having the phones transmit periodic "here I am" messages.  If no one is
calling a particular cellular telephone, there is no way to know where that
phone is.  HOWEVER ...

While a cellular telephone call is in progress, the phone may move into a
different cell.  If it does, the call must be "handed off:" the connection
must be switched from the transceiver in the current cell to an unused
transceiver in the new cell, usually on a different frequency.  The current
transceiver constantly monitors the phone's signal strength; when it falls
below a threshold, a handoff is needed.  All the cells broadcast another
paging message to the phone, the phone responds, the signal strengths are
measured, and the cell receiving the strongest signal is the new cell.

Thus, _while_a_cellular_telephone_call_is_in_progress_ (either incoming or
outgoing), the system knows the cell in which your phone is located, and
unscrupulous parties could abuse this information.  In between calls, you're

As for business competitors monitoring calls you place on your cellular
telephone, to find out your clients' phone numbers:  This is perfectly
possible.  However, you'd have to get your hands on the radio equipment used
in a cell's base station, plus its controlling software, and change the
software to record information about calls being placed.  This is probably
beyond most business persons' capabilities.  One hopes the FCC, police, etc.
would prevent anyone from offering such a product commercially.

Alan Kaminsky, School of Computer Science, Rochester Institute of Technology,
P. O. Box 9887, Rochester, NY  14623                            716-475-5255

Re: Risks of Cellular Phones? (RISKS-7.57)

John Gilmore <>
Sun, 25 Sep 88 17:04:09 PDT
> If I dial a phone number attached to a cellular phone, how does the
> cellular system know which cell should send the ring signal to the phone?

The standard for communication between a cellular telephone and a base
station is EIA Interim Standard IS-3-C (June 1986).  I got my copy in Feb
1987 from Global Engineering Documents at +1 800 854 7179 or +1 714 261 1455.

At cellular phone power-up, the phone listens on a set of fixed
frequencies for a control message ("overhead message") telling it which
channels are locally used as paging channels.  It then listens to all
those channels, picks the one with the highest signal strength, and
listens on that channel for overhead messages and "mobile control
messages".  One such control message is a "page", which indicates that
the land system wishes to get in touch with a particular mobile
(identified by its phone number).  In a simple cellular system, this
"page" would probably be sent by all cells; in a more complex system,
it could be initially sent in a likely cell or cells, and later
sent in all cells if no response was heard.

When a cellular phone receives a "page", it responds by transmitting
a "page response" on a "reverse control channel".  This tells the land
system that the page has been received, and specifies which transmitter's
page it heard.  That cell will respond with an "initial voice channel
designation" message, if it has a free voice channel.  The phone responds
by transmitting an audio tone on that channel to indicate that it
has seized the channel.  Then the land station sends an "alert" message
which causes the phone to ring its audible bell.  If and when you answer
the phone, it turns off the audio tone and starts transmitting
your voice.

As you can see, it's possible for the cellular system to "page" your
phone and establish its whereabouts without ever sending an "alert",
which would let you know that your phone was active.  In fact, there is
another order called "audit" which causes the phone to silently
transmit a message back to the system, without ever telling you.  In
some cases it appears that the audit response includes the phone's serial
number as well as its phone number.

In normal operation a cellular phone will not transmit unless it is
paged or you ask it to make a call.  There is no ongoing tracking of
idle phones, though specific phones could be targeted for tracking
by sending periodic "page" and "audit" messages to them.

If you want privacy I recommend not using a cellular phone.  A possible
compromise would be to get a paging beeper and a cellular phone.  Leave
the beeper on all the time and power off the phone.  The beepers have
batteries that last for a month anyway, while the phone will die in
hours if on.  When someone wants to talk with, they call your beeper and
punch in their number and/or a prearranged code.  You receive the beep,
but your beeper does not transmit any response.  If you choose to
respond, you can power on your phone, dial back to whoever beeped you,
talk, then power off the phone.  You can only be traced for the duration
of the call (and, of course, the call is on the radio so it can be
overheard).  I'm actually surprised that I haven't seen cellular phones
with built in beepers like this, since it extends your battery life.

If your cellular phone was modified to present itself to the system as a random
phone number and serial number (most conveniently obtained from recent traffic
heard over the air by the phone, since it isn't encrypted), you would not be
traceable at all — nor would you be billed for the call.  (Your phone's
transmission could be traced, but there is nothing to tie it to "you").  Making
calls that are charged to other people is against the law of course, but seems
to be common practice; there's an "underground" traffic in phones with this
kind of modified firmware.

Other voice mailbox risks reported

Sun, 25 Sep 88 12:39 MST
   A local company specializing in hardware for the US Government has
been cooperating with the FBI into an investigation of illegal use of
their voice mail system.  Recently when they hired a new employee when
they wanted to set him up a voice mail box they discovered the password
had been changed for the system administrator.  Technical support from
INTELLICOM (the manufacturer) determined that someone had created
several new voice mailboxes and were using them for credit card data.
Apparently the passwords had never been set when the VMB was received
from the manufacturer.  Intellicom has advised all their customers who
use these systems to also disconnect their 800 service outside of
hours as this serves to deter miscreants from inhabiting your VMB.

     This appears to be a criminal twist on previous risks reported.  Peter.

Auto Computers vs. radios

Steve Jay <shj@ultra.UUCP>
Sat, 24 Sep 88 19:42:59 PDT
In RISKS 7.57, Chuck Weinstock writes (regarding his friend's Ford Probe
going nuts when a computer was plugged into the cigarette lighter):

> One wonders if a radar detector or a cb radio (two common appliances that use
> the cigarette lighter) would cause the same difficulty.

The owners manual for my 1988 Mazda 626 (mechanically the same as Ford Probe)
has the following warning:

  "If a mobile two-way radio system is installed improperly, or if a wrong
  type is used, the fuel injection system and the cruise control system may
  be affected.  To avoid damage to your vehicle, be sure to check with an
  Authorized Mazda Dealer for proper installation of a mobile two-way radio."

The Shop Manual (the one they would sell me) contains an almost impossible to
interpret diagram that attempts to show where NOT to run the antenna lead for
a radio transmitter.  There is no information about what "a wrong type" might
be.  I sure hope my Authorized Mazda Dealer has better information.

I wonder if the thousands of places that will install a CB radio for you are
aware of the danger of doing it improperly in a Mazda. (I don't mean to pick
just on on Mazda.  I suspect the same is true for lots of cars.)  Also, given
that malfunction of the fuel injection system and/or cruise control could do
damage to people, not just the vehicle, the warning should be a lot more
prominent.  I have no idea how the warning could be made available to whoever
might own my car 15 years from now.

Maybe the Army should publish the locations of the radio transmitters that do
in their helicopters, so I can avoid driving near them.

Steve Jay, Ultra Network Technologies, 101 Daggett Drive, San Jose, CA 95134
Internet: ultra! uucp: ...ames!ultra!shj  408-922-0100

State Records via Computer

Sun, 18 Sep 88 15:12 EDT
From FLORIDA TODAY, Melbourne, Florida (a Gannett Company) without permission:

  TALLAHASSEE- For private investigators, the tools of the trade used to be
  trench coats, binoculars and soft shoes.  But that was before the
  revolution.  Now, private investigators are just as likely to be huddled
  over computer screens as they are to be hanging out in the bushes.
     Like a growing number of states, Florida last month set up a computer
  link that makes driver license and vehicle registration records available to
  anyone with a computer.  To access corporate records, it costs $25 an hour,
  not including membership fees to Compuserve, which runs the system.  For
  highway department records, it costs $60 an hour, and users have to deposit
  money in advance.  Last year the state made about $80,000 from fees on the
     [Quotes from users]
     State officals say they're banking on the adage that time is money.  The
  potential of saving time, and therefore tax money, is one of the reasons
  they expanded the program.
     The program was started in 1986 after the Division of Corporate Records
  did a study that showed the agency was only responding to 15 percent of the
  requests for corporate information, said David Mann, director of the
  division.  "It was a way to get heavy users off the system," he said of the
  computer link.  "It worked like a charm, and it didn't cost the state any
     Since installing the computer link, about 13,000 of the 70,000
  requests the agency gets each day are being handled by the computer.
  And its response rate is now about 45 percent, he said.
     [more quotes from users]
     With the push of a button, a law firm can tell a client whether a
  corporate name he wants to use is already in use, whether a corporation
  interested in buying a piece of property may be on shaky financial
  ground and who the corporate officers are.
     Mann and David Jacobson, of the motor vehicles agency, said hundreds of
  firms from Seattle, Wash., to New York City have signed up for the service.
  The firms include insurance companies, banks, labor unions and law firms.
  But the prime users appear to be private investigators.  Both Mann and
  Jacobson agree that it's likely the system will be expanded as it proves its
  usefulness.  Mann and Jacobson also said steps have been taken to avoid
  state records tampering.

Part of the drive behind allowing computer access to state records is
Florida's "Sunshine Law".  A previous article said that only the
information listed on your driver's license and vehicle registration
will be available.  This information is ruled to be information of
public record.  Driving infraction histories will not be accessable.

William Curtiss

Damage by Disney 3-D glasses

Mon, 19 Sep 88 13:24:34 PDT
> "Please do not take these glasses as a souvenir.  
> They will impair your vision outside this theatre."

The sentence is literally true.  The glasses are not completely
transparent; they absorb a small fraction of the light passing through,
and so one's vision, while wearing the glasses, is impaired.

Until reading this posting, I never considered the more sinister
interpretation, that one's vision would be permanently impaired.

  -=- Andrew Klossner   (decvax!tektronix!tekecs!andrew)       [UUCP]
                        (   [ARPA]

    [Also noted by "Robert J. Reschly Jr." <reschly@BRL.MIL>
                    linden@Sun.COM (Peter van der Linden)
                    seanf@ucscc.UCSC.EDU (Sean Fagan)
           (Jurjen N.E. Bos, CWI, Amsterdam)
           (Eric Roskos)   ]

re: more on killer remote controlls

Mon 19 Sep 1988 16:09 CDT
> Caution: Use of this remote on another TV set could damage it...(or something
> along those lines....)

I find it *VERY* hard to believe that anyone would believe this claim by a
hotel.  This is simply a way to keep moronic, paranoid people who want to be
a cleptomaniac for a day from stealing the remote control (as if it would
actually work on their TV set at home...:-> )

To date, I have about 10 IR controls in and about my house and I have found
only two of them that have signals close enough to cause problems (they are
eaisly worked around...but still).  And I find it even harder to believe that
an IR control could be engineered to "figure out" what type of signal was
sent to your TV to turn it on/off, and to do so at such a pulse rate as to cause
your TV to die....nope, just cant believe it.  Maybe it could be done if they
knew what kind of TV you had at home, but why?  Basically, if the hotel in
question had any brains at all, they would simply install a proximity type
detector and put one of those little metal strips inside of the control.  Then
when you left your room, an alarm would sound.  And to further reduce costs,
ONE detector could be installed at the bottom of the stairs or other heavily
used guest exit point....

..I guess this is just one more example of how gullible the public really is...

Bitnet: MISS026@ECNCDC

Please report problems with the web pages to the maintainer