AT&T says malware secretly unlocked hundreds of thousands of phones

The audacious scheme was carried out with help from AT&T employees, it alleged in court documents.

AT&T said three of its employees secretly installed software on its network so a cellphone unlocking service could surreptitiously funnel hundreds of thousands of requests to its servers to remove software locks on phones.

The locks prevent phones from being used on competing networks and have been an important tool used by cellular carriers to prevent customers from jumping ship. They can be electronically removed, usually after fulfilling a contract obligation, but many websites offer the same service for a small fee with no questions asked.

AT&T's allegations are made in a filing with U.S. District Court for the Western District of Washington in which it accuses two companies, four people and an unknown software developer or developers, of participating in the audacious scheme. AT&T filed its lawsuit on Sept. 11 but it was first reported by Geekwire on Friday.

The carrier first discovered something was amiss in September 2013 when a surge in the number of unlock requests alerted the company to the possible abuse of "Torch," the software used to unlock cellphones, it said in the complaint.

Upon investigation, the company discovered that the logins and passwords of two employees at a center in Washington were responsible for a large number of the requests and those requests happened within milliseconds of each other.

Both employees, Kyra Evans and Marc Sapatin, are named in the lawsuit.

On the computers of Evans and Sapatin, investigators found unauthorized software intended to route unlocking requests from an external source through AT&T's computer system, it said. AT&T says its investigators uncovered numerous iterations of the software, which grew in complexity until it was eventually able to submit the automatic requests.

Investigators later found the software on a computer of a third employee, Nguyen Lam, according to AT&T. All three are no longer working at AT&T.

AT&T says a California-based company called Swift Unlocks and its proprietor, Prashant Vira, were involved in the scheme and paid Evans and Sapatin at least US$20,000 and $10,500 respectively to install the software. But, AT&T concedes that it doesn't know the full extent of Swift Unlocks' involvement.

Swift Unlocks operates a website where people can pay to have the software lock removed from their phones. Charges vary by phone but AT&T users will generally pay $20 or less for the unlocking service.

In all, AT&T says "hundreds of thousands" of phones were unlocked as a result of the scheme. Its charges include computer fraud, breach of loyalty and civil conspiracy and the carrier has asked the court to hear the case in front of a jury.

The defendants could not immediately be reached for comment and are yet to file a reply to the allegations with the court.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Martyn Williams

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Luke Hill

MSI GT75 TITAN

I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?