Phoning home

Last updated August 07, 2024

In computing, phoning home is a term often used to refer to the behavior of security systems that report network location, username, or other such data to another computer.

Phoning home may be useful for the proprietor in tracking a missing or stolen computer. In this way, it is frequently performed by mobile computers at corporations. It typically involves a software agent which is difficult to detect or remove.^[1] However, phoning home can also be malicious, as in surreptitious communication between end-user applications or hardware and its manufacturers or developers. The traffic may be encrypted to make it difficult or impractical for the end user to determine what data are being transmitted.^[2]

The Stuxnet attack on Iran's nuclear facilities was facilitated by phone-home technology, as reported by The New York Times .^[3]

Legally phoning home

Some uses for the practice are legal in some countries. For example, phoning home could be for access restriction, such as transmitting an authorization key. This was done with the Adobe Creative Suite: Each time one of the programs is opened, it phones home with the serial number. If the serial number is already in use, or a fake, then the program will present the user with the option of entering the correct serial number. If the user refuses, the next time the program loads, it will operate in trial mode until a valid serial number has been entered. However, the method can be thwarted by either disabling the internet connection when starting the program or adding a firewall or Hosts file rule to prevent the program from communicating with the verification server.^{[ citation needed ]}

Phoning home could also be for marketing purposes, such as the "Sony BMG rootkit", which transmits a hash of the currently playing CD back to Sony, or a digital video recorder (DVR) reporting on viewing habits. High-end computing systems such as mainframes have been able to phone home for many years, to alert the manufacturer of hardware problems with the mainframes or disk storage subsystems (this enables repair or maintenance to be performed quickly and even proactively under the maintenance contract).^[4] Similarly, high-volume copy machines have long been equipped with phone-home capabilities, both for billing and for preventative/predictive maintenance purposes.^[5]

In research computing, phoning home can track the daily usage of open source academic software. This is used to develop logs for the purposes of justification in grant proposals to support the ongoing funding of such projects.

Aside from malicious activity, phoning home may also be done to track computer assets—especially mobile computers. One of the most well-known software applications that leverage phoning home for tracking is Absolute Software's CompuTrace. This software employs an agent which calls into an Absolute-managed server on regular intervals with information companies or the police can use to locate a missing computer.^[6]

More uses

Other than phoning the home (website) of the applications' authors, applications can allow their documents to do the same thing, thus allowing the documents' authors to trigger (essentially anonymous) tracking by setting up a connection that is intended to be logged. Such behavior, for example, caused v7.0.5 of Adobe Reader to add an interactive notification whenever a PDF file tries phoning home to its author.^[7]

HTML e-mail messages can easily implement a form of "phoning home". Images and other files required by the e-mail body may generate extra requests to a remote web server before they can be viewed. The IP address of the user's own computer is sent to the webserver (an unavoidable process if a reply is required), and further details embedded in request URLs can further identify the user by e-mail address, marketing campaign, etc. Such extra page resources have been referred to as "web bugs" and they can also be used to track off-line viewing and other uses of ordinary web pages. So as to prevent the activation of these requests, many e-mail clients do not load images or other web resources when HTML e-mails are first viewed, giving users the option to load the images only if the e-mail is from a trusted source.

Maliciously phoning home

There are many malware applications that can "phone home" to gather and store information about a person's machine. For example, the Pushdo Trojan^[8] shows the new complexity of modern malware applications and the phoning-home capabilities of these systems. Pushdo has 421 executables available to be sent to an infected Windows client.

Surveillance cameras Foscam have been reported by security researcher Brian Krebs to secretly phone home to the manufacturer.^[9]

Related Research Articles

<span class="mw-page-title-main">Client–server model</span> Distributed application structure in computing

The client–server model is a distributed application structure that partitions tasks or workloads between the providers of a resource or service, called servers, and service requesters, called clients. Often clients and servers communicate over a computer network on separate hardware, but both client and server may reside in the same system. A server host runs one or more server programs, which share their resources with clients. A client usually does not share any of its resources, but it requests content or service from a server. Clients, therefore, initiate communication sessions with servers, which await incoming requests. Examples of computer applications that use the client–server model are email, network printing, and the World Wide Web.

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

In computing terminology, a macro virus is a virus that is written in a macro language: a programming language which is embedded inside a software application. Some applications, such as Microsoft Office, Excel, PowerPoint allow macro programs to be embedded in documents such that the macros are run automatically when the document is opened, and this provides a distinct mechanism by which malicious computer instructions can spread. This is one reason it can be dangerous to open unexpected attachments in e-mails. Many antivirus programs can detect macro viruses; however, the macro virus' behavior can still be difficult to detect.

<span class="mw-page-title-main">Thin client</span> Non-powerful computer optimized for remote server access

In computer networking, a thin client, sometimes called slim client or lean client, is a simple (low-performance) computer that has been optimized for establishing a remote connection with a server-based computing environment. They are sometimes known as network computers, or in their simplest form as zero clients. The server does most of the work, which can include launching software programs, performing calculations, and storing data. This contrasts with a rich client or a conventional personal computer; the former is also intended for working in a client–server model but has significant local processing power, while the latter aims to perform its function mostly locally.

<span class="mw-page-title-main">Terminal emulator</span> Program that emulates a video terminal

A terminal emulator, or terminal application, is a computer program that emulates a video terminal within some other display architecture. Though typically synonymous with a shell or text terminal, the term terminal covers all remote terminals, including graphical interfaces. A terminal emulator inside a graphical user interface is often called a terminal window.

Computer operating systems (OSes) provide a set of functions needed and used by most application programs on a computer, and the links needed to control and synchronize computer hardware. On the first computers, with no operating system, every program needed the full hardware specification to run correctly and perform standard tasks, and its own drivers for peripheral devices like printers and punched paper card readers. The growing complexity of hardware and application programs eventually made operating systems a necessity for everyday use.

Back Orifice is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a play on words on Microsoft BackOffice Server software. It can also control multiple computers at the same time using imaging.

A web hosting service is a type of Internet hosting service that hosts websites for clients, i.e. it offers the facilities required for them to create and maintain a site and makes it accessible on the World Wide Web. Companies providing web hosting services are sometimes called web hosts.

Adobe Acrobat is a family of application software and Web services developed by Adobe Inc. to view, create, manipulate, print and manage Portable Document Format (PDF) files.

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

Internet security is a branch of computer security. It encompasses the Internet, browser security, web site security, and network security as it applies to other applications or operating systems as a whole. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet is an inherently insecure channel for information exchange, with high risk of intrusion or fraud, such as phishing, online viruses, trojans, ransomware and worms.

<span class="mw-page-title-main">Terminal server</span> Device that interfaces serial hosts to a network

A terminal server connects devices with a serial port to a local area network (LAN). Products marketed as terminal servers can be very simple devices that do not offer any security functionality, such as data encryption and user authentication. The primary application scenario is to enable serial devices to access network server applications, or vice versa, where security of the data on the LAN is not generally an issue. There are also many terminal servers on the market that have highly advanced security functionality to ensure that only qualified personnel can access various servers and that any data that is transmitted across the LAN, or over the Internet, is encrypted. Usually, companies that need a terminal server with these advanced functions want to remotely control, monitor, diagnose and troubleshoot equipment over a telecommunications network.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

Rogue security software is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and aims to convince them to pay for a fake malware removal tool that actually installs malware on their computer. It is a form of scareware that manipulates users through fear, and a form of ransomware. Rogue security software has been a serious security threat in desktop computing since 2008. An early example that gained infamy was SpySheriff and its clones, such as Nava Shield.

A home server is a computing server located in a private computing residence providing services to other devices inside or outside the household through a home network or the Internet. Such services may include file and printer serving, media center serving, home automation control, web serving, web caching, file sharing and synchronization, video surveillance and digital video recorder, calendar and contact sharing and synchronization, account authentication, and backup services. In the recent times, it has become very common to run literally hundreds of applications as containers, isolated from the host operating system.

CCleaner, developed by Piriform Software, is a utility used to clean potentially unwanted files and invalid Windows Registry entries from a computer. It is one of the longest-established system cleaners, first launched in 2004. It was originally developed for Microsoft Windows only, but in 2012, a macOS version was released. An Android version was released in 2014.

Mobile security, or mobile device security, is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. It has become increasingly important in mobile computing. The security of personal and business information now stored on smartphones is of particular concern.

The Blackhole exploit kit was, as of 2012, the most prevalent web threat, where 29% of all web threats detected by Sophos and 91% by AVG are due to this exploit kit. Its purpose is to deliver a malicious payload to a victim's computer. According to Trend Micro the majority of infections due to this exploit kit were done in a series of high volume spam runs. The kit incorporates tracking mechanisms so that people maintaining the kit know considerable information about the victims arriving at the kit's landing page. The information tracked includes the victim's country, operating system, browser and which piece of software on the victim's computer was exploited. These details are shown in the kit's user interface.

Computers can be classified, or typed, in many ways. Some common classifications of computers are given below.

References

↑ Technology Meetings Website - http://technologymeetings.com/ar/meetings_catch_laptop_thief/index.htm
↑ ZoneAlarm phones home, Apple throws Intel a bone "ZoneAlarm phones home, Apple throws Intel a bone | InfoWorld | Column | 2006-01-13 | by Robert X. Cringely®". Archived from the original on 2006-02-06. Retrieved 2006-03-03.
↑ DAVID E. SANGER; THOM SHANKER (Jan 14, 2014). "N.S.A. Devises Radio Pathway Into Computers". The New York Times. Retrieved 27 May 2014.
↑ Hoskins, Jim; Frank, Bob (2003). Exploring IBM EServer ZSeries and S/390 Servers: See Why IBM's Redesigned Mainframe Computer Family Has Become More Popular Than Ever!. Maximum Press. ISBN 978-1-885068-91-0.
↑ Xerox Model 1090 Copier/Duplicator User Guide. Xerox Corporation, Stamford, Connecticut and North York, Ontario, Canada, August 1990.
↑ Absolute Software's website: http://www.absolute.com/
↑ "New features and issues addressed in the Acrobat 7.0.5 Update (Acrobat and Adobe Reader for Windows and Mac OS)". Adobe Systems. 2008-05-02. Archived from the original on 2008-05-29. Retrieved 2008-08-14. New features: 4. "Phone home" notification enhancements, meaning that when a PDF document attempts to contact an external server for any reason, the end-user will be notified via a dialogue box that the author of the file is auditing usage of the file, and be offered the option of continuing.
↑ Pushdo Trojan - http://www.eweek.com/c/a/Security/Inside-a-Modern-Malware-Distribution-System/
↑ Krebs, Brian (16 February 2016). "This is Why People Fear the 'Internet of Things'". KrebsonSecurity. Retrieved 21 February 2016.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Technology Meetings Website - http://technologymeetings.com/ar/meetings_catch_laptop_thief/index.htm

[2] ZoneAlarm phones home, Apple throws Intel a bone "ZoneAlarm phones home, Apple throws Intel a bone | InfoWorld | Column | 2006-01-13 | by Robert X. Cringely®". Archived from the original on 2006-02-06. Retrieved 2006-03-03.

[3] DAVID E. SANGER; THOM SHANKER (Jan 14, 2014). "N.S.A. Devises Radio Pathway Into Computers". The New York Times. Retrieved 27 May 2014.

[4] Hoskins, Jim; Frank, Bob (2003). Exploring IBM EServer ZSeries and S/390 Servers: See Why IBM's Redesigned Mainframe Computer Family Has Become More Popular Than Ever!. Maximum Press. ISBN 978-1-885068-91-0.

[5] Xerox Model 1090 Copier/Duplicator User Guide. Xerox Corporation, Stamford, Connecticut and North York, Ontario, Canada, August 1990.

[6] Absolute Software's website: http://www.absolute.com/

[7] "New features and issues addressed in the Acrobat 7.0.5 Update (Acrobat and Adobe Reader for Windows and Mac OS)". Adobe Systems. 2008-05-02. Archived from the original on 2008-05-29. Retrieved 2008-08-14. New features: 4. "Phone home" notification enhancements, meaning that when a PDF document attempts to contact an external server for any reason, the end-user will be notified via a dialogue box that the author of the file is auditing usage of the file, and be offered the option of continuing.

[8] Pushdo Trojan - http://www.eweek.com/c/a/Security/Inside-a-Modern-Malware-Distribution-System/

[9] Krebs, Brian (16 February 2016). "This is Why People Fear the 'Internet of Things'". KrebsonSecurity. Retrieved 21 February 2016.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]