Phoning home

In computing, phoning home is a term often used to refer to the behavior of security systems that report network location, username, or other such data to another computer.

Phoning home may be useful for the proprietor in tracking a missing or stolen computer. In this way, it is frequently performed by mobile computers at corporations. It typically involves a software agent which is difficult to detect or remove.^[1] However, phoning home can also be malicious, as in surreptitious communication between end-user applications or hardware and its manufacturers or developers. The traffic may be encrypted to make it difficult or impractical for the end user to determine what data are being transmitted.^[2]

The Stuxnet attack on Iran's nuclear facilities was facilitated by phone-home technology, as reported by The New York Times.^[3]

Legally phoning home[edit]

Some uses for the practice are legal in some countries. For example, phoning home could be for access restriction, such as transmitting an authorization key. This was done with the Adobe Creative Suite: Each time one of the programs is opened, it phones home with the serial number. If the serial number is already in use, or a fake, then the program will present the user with the option of entering the correct serial number. If the user refuses, the next time the program loads, it will operate in trial mode until a valid serial number has been entered. However, the method can be thwarted by either disabling the internet connection when starting the program or adding a firewall or Hosts file rule to prevent the program from communicating with the verification server.^{[citation needed]}

Phoning home could also be for marketing purposes, such as the "Sony BMG rootkit", which transmits a hash of the currently playing CD back to Sony, or a digital video recorder (DVR) reporting on viewing habits. High-end computing systems such as mainframes have been able to phone home for many years, to alert the manufacturer of hardware problems with the mainframes or disk storage subsystems (this enables repair or maintenance to be performed quickly and even proactively under the maintenance contract).^[4] Similarly, high-volume copy machines have long been equipped with phone-home capabilities, both for billing and for preventative/predictive maintenance purposes.^[5]

In research computing, phoning home can track the daily usage of open source academic software. This is used to develop logs for the purposes of justification in grant proposals to support the ongoing funding of such projects.

Aside from malicious activity, phoning home may also be done to track computer assets—especially mobile computers. One of the most well-known software applications that leverage phoning home for tracking is Absolute Software's CompuTrace. This software employs an agent which calls into an Absolute-managed server on regular intervals with information companies or the police can use to locate a missing computer.^[6]

More uses[edit]

Other than phoning the home (website) of the applications' authors, applications can allow their documents to do the same thing, thus allowing the documents' authors to trigger (essentially anonymous) tracking by setting up a connection that is intended to be logged. Such behavior, for example, caused v7.0.5 of Adobe Reader to add an interactive notification whenever a PDF file tries phoning home to its author.^[7]

HTML e-mail messages can easily implement a form of "phoning home". Images and other files required by the e-mail body may generate extra requests to a remote web server before they can be viewed. The IP address of the user's own computer is sent to the webserver (an unavoidable process if a reply is required), and further details embedded in request URLs can further identify the user by e-mail address, marketing campaign, etc. Such extra page resources have been referred to as "web bugs" and they can also be used to track off-line viewing and other uses of ordinary web pages. So as to prevent the activation of these requests, many e-mail clients do not load images or other web resources when HTML e-mails are first viewed, giving users the option to load the images only if the e-mail is from a trusted source.

Maliciously phoning home[edit]

There are many malware applications that can "phone home" to gather and store information about a person's machine. For example, the Pushdo Trojan^[8] shows the new complexity of modern malware applications and the phoning-home capabilities of these systems. Pushdo has 421 executables available to be sent to an infected Windows client.

Surveillance cameras Foscam have been reported by security researcher Brian Krebs to secretly phone home to the manufacturer.^[9]

References[edit]

^ Technology Meetings Website - http://technologymeetings.com/ar/meetings_catch_laptop_thief/index.htm
^ ZoneAlarm phones home, Apple throws Intel a bone "ZoneAlarm phones home, Apple throws Intel a bone | InfoWorld | Column | 2006-01-13 | by Robert X. Cringely®". Archived from the original on 2006-02-06. Retrieved 2006-03-03.
^ DAVID E. SANGER; THOM SHANKER (Jan 14, 2014). "N.S.A. Devises Radio Pathway Into Computers". The New York Times. Retrieved 27 May 2014.
^ Hoskins, Jim; Frank, Bob (2003). Exploring IBM EServer ZSeries and S/390 Servers: See Why IBM's Redesigned Mainframe Computer Family Has Become More Popular Than Ever!. Maximum Press. ISBN 978-1-885068-91-0.
^ Xerox Model 1090 Copier/Duplicator User Guide. Xerox Corporation, Stamford, Connecticut and North York, Ontario, Canada, August 1990.
^ Absolute Software's website: http://www.absolute.com/
^ "New features and issues addressed in the Acrobat 7.0.5 Update (Acrobat and Adobe Reader for Windows and Mac OS)". Adobe Systems. 2008-05-02. Archived from the original on 2008-05-29. Retrieved 2008-08-14. New features: 4. "Phone home" notification enhancements, meaning that when a PDF document attempts to contact an external server for any reason, the end-user will be notified via a dialogue box that the author of the file is auditing usage of the file, and be offered the option of continuing.
^ Pushdo Trojan - http://www.eweek.com/c/a/Security/Inside-a-Modern-Malware-Distribution-System/
^ Krebs, Brian (16 February 2016). "This is Why People Fear the 'Internet of Things'". KrebsonSecurity. Retrieved 21 February 2016.

[1] Technology Meetings Website - http://technologymeetings.com/ar/meetings_catch_laptop_thief/index.htm

[2] ZoneAlarm phones home, Apple throws Intel a bone "ZoneAlarm phones home, Apple throws Intel a bone | InfoWorld | Column | 2006-01-13 | by Robert X. Cringely®". Archived from the original on 2006-02-06. Retrieved 2006-03-03.

[3] DAVID E. SANGER; THOM SHANKER (Jan 14, 2014). "N.S.A. Devises Radio Pathway Into Computers". The New York Times. Retrieved 27 May 2014.

[4] Hoskins, Jim; Frank, Bob (2003). Exploring IBM EServer ZSeries and S/390 Servers: See Why IBM's Redesigned Mainframe Computer Family Has Become More Popular Than Ever!. Maximum Press. ISBN 978-1-885068-91-0.

[5] Xerox Model 1090 Copier/Duplicator User Guide. Xerox Corporation, Stamford, Connecticut and North York, Ontario, Canada, August 1990.

[6] Absolute Software's website: http://www.absolute.com/

[7] "New features and issues addressed in the Acrobat 7.0.5 Update (Acrobat and Adobe Reader for Windows and Mac OS)". Adobe Systems. 2008-05-02. Archived from the original on 2008-05-29. Retrieved 2008-08-14. New features: 4. "Phone home" notification enhancements, meaning that when a PDF document attempts to contact an external server for any reason, the end-user will be notified via a dialogue box that the author of the file is auditing usage of the file, and be offered the option of continuing.

[8] Pushdo Trojan - http://www.eweek.com/c/a/Security/Inside-a-Modern-Malware-Distribution-System/

[9] Krebs, Brian (16 February 2016). "This is Why People Fear the 'Internet of Things'". KrebsonSecurity. Retrieved 21 February 2016.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

Legally phoning home[edit]

More uses[edit]

Maliciously phoning home[edit]

See also[edit]

References[edit]