Mercury: Open to Hackers?

                                 by Jim Main

                             sysop: West End BBS
                              Tel: 041-337-1519

For many people using bulletin boards for any length of time, the Mercury system seems to be the obvious choice. Cost, on average, tends to be around 10 percent less than BT rates with a small saving being made on International calls as well. The average comms enthusiast shouldn't have to long to wait, therefore, to recoup the initial cost of joining.

The question is: How secure is the system from external hacking? I wondered about this, so sat down and worked out how difficult it would be.

To access the Mercury system, the Mercury phone you are given, does the following:-

  1. Dials Pulse 131
  2. Pauses for 6 seconds
  3. Dials TONE, a 10 Digit access number, followed by the telephone number you have entered on the pad.

The telephone (which you initially buy from Mercury) stores your access number in battery-backed memory, so all you normally have to do to make a Mercury call, is pick up the handset, press the Mercury button, and dial the number you want.

The 10 Digit access number identifies you, the customer, and allows Mercury to bill you for the call. They do this purely from your access number - there is no metering, as such, across your line. You can make a Mercury call from any exchange, provided you use your own unique 10 digit access code.

The problem arises: What if someone finds a valid code.... and it happens to be yours (or mine!). You will be billed for ALL calls made with that code (though you might get suspicious when the itemised bill drops through the door!)

What are the chances of someone coming across your code?

Well, lets be optimistic and say there are 10 000 subscribers in the system, nationwide.

A 10 digit sequence means there are ten thousand million potential sequences to choose from - quite a lot!

If there are 10 000 valid numbers, though, then the chances of someone stumbling on one is a good deal less (though still impossibly high) at one in a million.

A Wargames type autodialler could conceivably be modified to look for the number-unobtainable tone, and ripple through numbers till it finds a valid code!

Working it out further... If the dialler can do two attempts per minute, and is left running 24 hours per day, 7 days a week, then it will ripple through just over 20 000 numbers per week.

You can see from this that it would take two weeks short of a year! to run through a million combinations.... though at least one valid code would be very likely at the end of it!!

Of course, with a number of people working at it, this time could be reduced to a matter of weeks... but would still represent a major expense in time and effort...though it's possible someone could get lucky!!

If someone does get a hold of a code via the above, then there's a one in 10,000 chance that it's yours...(based on the 10,000 user assumption).

Long enough odds for me, so I'll quite happily carry on using the system !