Hacker News new | comments | ask | show | jobs | submit login
Polish charity gets huge phone bill thanks to stork (bbc.com)
203 points by tlrobinson 7 months ago | hide | past | web | favorite | 129 comments

"EcoLogic told the Super Express newspaper that somebody found the tracker in Sudan, removed the sim card and put it in their own phone, where they then racked up 20 hours' worth of phone calls"

So they actually got a huge bill because they didn't set a SIM lock (if that's possible), and didn't block voice calls and so on.

Presumably, they had a good contract for sending tiny packets of data, but not for roaming calls in Sudan.

A simlock works the other way around. It is to ensure that a subsidized phone does not end up being used for another carrier. It does not lock a SIM from being used in another device.

You probably mean a pin code on the sim, but then you'd have to have a keyboard to enter the pin with and the device most likely did not come with such luxuries (nor a screen).

They should have added a PIN then. There was a time when the practice of adding PINs to SIMs (and phones) was common in my part of the world (in the era of candy-bar phones) to prevent this exact scenario: so that losing your phone won't result in someone else racking a large bill using your phone and/or SIM.

Perhaps their hardware and/or software doesn't support PIN unlocking the SIM, or they didn't consider the possibility. I'm sure they've learnt their lesson.

How would you enter the PIN?

The gps receiver's software could enter the pin. No buttons necessary.

I have a mobile hotspot, all of this is done through the WebUI over WiFi.

One possibility is that the GPS tracker does not have a UI to unlock a SIM card, so the SIM card was set without a pin.

Sim locking is a device-side control that ensures only a specific carrier’s sim is used in the device.

They should have used a limited IoT-oriented sim with data limits.

I kinda feel these folks were extraordinarily naive, but I’m coming from the perspective of a telco SME.

I think I mean the PIN lock, the one you have to input after rebooting the phone or inserting the SIM. This has existed since the beginning of GSM, as far as I remember.

But probably the GPS receiver can't work with that.

PIN lock is right

I think they were talking about the SIM PIN code not the device locking.

It's kinda amusing I'm reading this "news" by help of HN on BBC News page. Still, it seems to be really not interesting (typical to "silly season" or as we're saying here in Poland "cucumber season") as no other media outlet has copied it - well, beside Super Express but that's just a tabloid newspaper of same level as British The Sun, and they love such - pardon the word, shit.

It's from BBC's News From Elsewhere [1], which covers weird local stories that their journalists come across. It's meant to be light, humorous news.


"Scientists rack up huge phone bill - your jaw will DROP when you learn why!"

"Scientists HATE this trick to get free phone service!"

That said, while the article itself may not be much more than an anecdote, it does seem to have inspired some interesting SIM security conversations here.

Only tangentially related to the article, but where/how do researchers get global coverage SIM cards that you can just put on a stork and expect to get data/calling wherever it flies? I've looked for this before but only found what seemed like tourist scams with very high prices per MB/minute.

Ideally you'd get a dedicated M2M MVNO operator who'll sell you a whole stack of them. If you just want one, you'll have to do a lot of price comparison; Three UK have some nice deals where you can use inclusive minutes/data in some non-EU countries as well as the standard EU free roaming.

Thanks for the MVNO keyword, it led me to a few interesting offerings I didn't know existed in my local market.

I did some price comparisons and found that unless I'm in different countries every month or I have a hard requirement on using the same number globally, it's much, much cheaper to just get a disposable local SIM card every time I travel.

You can use Asterisk & call using SIP to always have the same number.

You don't even need Asterisk. Twilio now supports SIP registration and is much easier to manage than maintaining your own Asterisk.

Does anybody know of one that doesn't charge a monthly fee? I have a product idea where I'd like to use mobile data as a backup in case of wifi network failure. So I'm willing to pay a higher per-MB fee if I can avoid a monthly per-SIM fee.

Twilio charges a relatively low monthly fee per SIM, starting at $2/mo. See: https://www.twilio.com/wireless/pricing

That is relatively low, but definitely not low enough in my case. The price point I'm thinking of is ~$25/year; giving 96% of my revenue to Twilio would not work. The device in question would be on wifi, so I really only need the mobile data to communicate in the rare event of wifi failure. And even then I don't need much data.

With global roaming? Maybe something like knowroaming, $8 for a day's unlimited data in 100+ countries. Not much good if you want to use 100kbytes a day, but for your use case it might work


Roaming isn't necessary. And I want to use something like an average of 100kB per year, with many devices having a long period of no transmission (and being off network if that helps).

Can you not use a PAYG sim? In the UK Three will give you a sim you have to use once every 6 months (a ping would do), charge £1 per megabyte.

If you happen to use Project Fi for your phone service, you can get up to 10 data sims for no monthly cost, and data just comes out of your main bucket. Obviously not a solution for non-personal projects.

unfortunately, no carrier will do this. I suspect that this is because of administrative fees associated with simply allocating a phone number and the network overhead from having a device associate with cell towers when idle.

You don't need a phone number if you don't need to be called on one, and you don't even need to be actively tracked in the home location database if you don't need to be reached at low latency at all. Think low latency=incoming call, no loner low latency=hourly email check. The remaining overhead is just renewing the sim once it degrades and keeping database space to allow it to associate if it turns the gsm module on.

I'm pretty sure all registered SIMs (even data-only) on a carriers network get an allocated phone number -- at least that's what I'd always thought.

Is it possible for a SIM card to not have a phone number? My iPad has a SIM card for cellular data and it has a phone number even though it doesn't have a phone app.

That would be ideal in my case. It's data only and I'd be happy to leave the GSM module off 99% of the time if that made things cheaper.

See https://www.quora.com/Do-all-SIM-cards-come-with-a-phone-num... for someone who seems to know a little more than I do telling us that the number is not necessary for the card to work.

Knowroaming.com Essentially worldwide coverage, cheap rates, unlimited plans as well, no monthly fee, and only kicks in when you need it :)

Are you sure about that? As far as I can tell, the plans are all for limited periods.

Yup. You can purchase unlimited packages in a large selection of countries. Been using the service for years now. Amazing. And no need to swap Sims, or replace your home sim

There are a few: Freedompop, Truphone, Tello. But they all have minimum activity requirements so they wouldn't necessarily work as a backup.

Hologram.io is a $1.50 a month fee, but it is suited much more to IoT global roaming

At least in the EU, AldiTalk offers 4G LTE with plans of up to 5.5 GB for 12.99€ / month[1]. I am not sure, though, what is the price per MB when a stork leaves the EU.

[1] https://www.alditalk.de/internet-flat-xl

Most, if not all, EU carriers (I assume including this one, but don’t speak German) have a limit of how long you can actually be outside your home country. After that period they either terminate your contract or withdraw the free EU roaming (which is perfectly legal per the regulations).

"Complying countries: in major EU countries like the UK, Netherlands, Belgium, Germany, Spain, Portugal, Croatia, Cyprus, Malta and Greece there is a general adoption of the principle without any limitations or FUPs on almost all prepaid plans offered."[1]

[1] http://prepaid-data-sim-card.wikia.com/wiki/European_Union#A...

Yeah, basically you'll have to make the stork sign the form that makes him accept the international roaming charges when leaving EU territory.

Don't forget that in some countries, the stork's ID card is required to activate the SIM card before use.

The actual data plan price listed there is 14.99, sorry to say. (2.99€ is for the sim card.)

All providers/plans here (Finland) provide near-global non-free roaming. Is it different where you live?

My provider lists ~190 roaming countries, not counting satellite/planes/ships, on their roaming rates page: https://elisa.fi/puheliittymat/kaytto-ulkomailla/

> Is it different where you live?

Yes, generally you have to activate intl roaming ~a week before you travel, by talking to a customer support agent on the phone, and it's limited to specific regions at a time. It's also ridiculously expensive.

The previous owner's migratory patterns likely made international roaming non-optional in this case.

I use FlexiRoam which gives me ~$30/GB that works in almost any country - everyone I’ve travelled to so far. On the same recharge and SIM card. It also sticks onto your existing sim and lets you software switch between your existing sim and the flexiroam.

They also have country specific plans which are cheaper for some specific destinations. I’ve not tried those but I’ve gone through about 25GB of data over 2 years of the global plans in probably 10+ countries.

Obligatory referral link which gives you 100MB free data. Though worth searching sometimes travel sites have a promo code that’s good for 500MB or more free: http://roam.my/LATHIAT

>> ~$30/GB

Does that include Canada? That is about HALF the advertised rates where I am. The real rates, after all the fees, are inevitably higher. Please send a few storks my way.


Is there a particular reason that BC has obscenely expensive phone plans?

For comparison:

I used to get a Spotify subscription, unlimited calling and SMS, and 1.5 GB of data for $30 in New Zealand. I now currently get 12 GB and unlimited calling+SMS for $40 in Australia.

Because we are too Canadian. We are too polite. We don't complain. We tend to just accept things. And there is little competition. So large corporations push consumers around.

Canada looks like 5GB/25USD.

byob in bc. 80$/month for 1gb/month, advertised price.

*While some countries have vastly cheaper data. Some do not and also if you go to lots of destinations the “starter park” / SIM card cost can outweigh the cost difference easily. Which is why it easily made sense to me.

Also saves you trying to find one at the airport (strangely not always possible) and also gives you coverage when at transit airports (flying from Australia to varios destinations I almost always have a few hours transit somewhere in the middle)

If you’re in a country with easily accessible cheaper data for long enough (eg the UK has really cheap travel sims) you could always switch for that trip.

Do you know what carrier they use in the United States? $40/10GB seems pretty good to me.

That's probably what they were paying. They probably used a very efficient protocol to keep bandwidth consumption low.

Here in Japan, an attendant at the local meetup works for a company that does just that:


I thought this is just normal thing, that you can bring your SIM card anywhere and it will just work. Prices are different thing.

The device could be optimized to send the data only when connected to a low-cost network, or send just general data at very low frequency when on high-cost network, just to know the device is alive.

Also getting a cheap plan on data but expensive on calls should be also possible.

I believe twilio has a SIM product now. https://www.twilio.com/wireless

Huh, that seems pretty decent. $2/mo/sim is a bit expensive though. Almost competitive with Worldsim for small amounts of data.

Your question is a contradiction, no? As you imply, most SIMs will work just about anywhere, they'll just charge you an obscene amount for the privilege.

If you want cheap international telephony, there's a whole industry for travel SIMs, but they're often still pretty expensive to use in some countries.

The researchers' real mistake was using a contract SIM. Should have used a prepaid one.

Interesting, i have never thought that this is a problem as my telco covers calls/sms in 207 countries and data in 174 countries, you just have to have the correct phone plan (there are 3 groups of countries with different price for data starting from 100MB to 1GB for 15 days at 13EUR)

I use https://www.bnesim.com/ for a SIM card for my 4G hotspot. They charge €19 a GB in 64 countries, including China, Japan, and most of Europe.

Maybe worth looking into how Amazon Kindle solved it years ago? They offered free GSM/3G? access to the internet, something like 150MB/monthly, unlimited access to Wikipedia, in so many countries, basically everywhere.

And car companies presumably have global agreements e.g. I can drive my car across Europe and have all the navigation related stuff continue to work.

But easier for Amazon or big car company to broker such an agreement. I think the question is how would Joe Public get something like this.

>I can drive my car across Europe and have all the navigation related stuff continue to work.

Well, since a year or two EU-wide free roaming is a thing.

How many of those navigation systems use the internet though? Most consumer grade car navigation systems use offline maps.

I was thinking the same as I typed the comment but my assumption is that there has to be some kind of mobile data because of #1 live traffic updates & #2 map updates.

On #1 comment below says this is done by radio RDS

On #2 however there has to be a way to update the maps in the car as roads (new roads, closures, lane changes, speed limits, etc.) change. My assumption was that car makers hardly expect people to manually update these maps. And likewise could probably not live with the liability of years old data in the maps. But looks like I may be incorrect here http://updateportal.skoda-auto.com

BMW at least have actual SIM cards in the cars so original point stands.

Many of them (at least in cars < 5 years old) that I've used have had some kind of real-time traffic/congestion/construction info built into the system. I guess these use some kind of internet based communication?

You can get emergency beacon devices for hiking and sailing that also work globally.

Do these use a SIM card? Thought they were satellite. That's what the first thing I googled seemed to agree with too ( https://www.yachtingworld.com/features/epirbs-plbs-and-man-o... ).

Yes, wouldn't be good in an emergency when out trekking if it needed a nearby base station!

They use a mix of satellite and ground radio (satellite to get the SOS out and a rough location, then radio to actually locate you)

See https://en.m.wikipedia.org/wiki/Emergency_locator_beacon

There are lots of types that work in different ways however. E.g. For marine use we use VHF radios with digital functionality. There's a big red 'distress' button that will transmit your vessel information and position to the coastguard. That's all done via radio, no satellites. (You then back it up with a very analogue mayday call)

They work via satellites e.g. SPOT Gen3 or Garmin InReach.

Get GoogleFI - $10/GB worldwide

Only if you live in the US

Meanwhile, can Microsoft please add an option to Windows10 that says 'this computer is only connected to an internal on-board network and satellite connection, please never try to update'? That was an expensive mistake as well.

I really wish people had started to migrate away from Windows earlier, but now all the essential stuff is written for it and well-tested, so any choice is hard.

Google how to disable windows update service permanently from the computer management console.

You'll also need the ffg paid software.

1. Du Meter

2. NetLimiter &/OR Glasswire

DU Meter

After installing it, right-click taskbar and activate the du-meter toolbar. It'll will show you upload/download speed at all times.

In other words, if you're online, doing absolutely nothing. Yet, your Internet's doing 1MB/s+, you get suspicious.


Once you see suspicious internet activity, you open any of these two. It'll allow you to block the offending program. Glasswire has a nice UI but all it does is block or unblock.

Blocking windows processes - esp svchost might cut off your internet so NetLimiter is important. Allows you to rate limit the process. Basically, windows update temporarily stops trying if download speed's 1KB/s or less.


Some spy blocking software for Windows 10 help you to block MS's ad-servers, tracking and windows update. However, this is a cat and mouse game - hence, the above tools are your best bet.

I think there is something like that already. Look for "metered connections".

There is, but Windows 10 will disable this functionality after a month so you have to keep logging in to reset it. We had problems using a remote PC with a 4G dongle - programs like Office kept downloading updates even when Windows update was disabled. Having turned on metering, we didn't even think about it until the bill came through.

That must be a new feature. The registry keys are still set on my only Windows 10 machine to make all possible network connections metered.

It won't install the newest update anyway so I'm probably safe.

This is unfortunately not reliable. The only way to completely stop Windows 10 and certain other recent MS products from updating (for bandwidth cost or not-wanting-to-reboot-right-now reasons) is to not let the machine connect to the Internet at all which probably makes it useless for many situations.

You could try running a server version of Windows instead, but you might find yourself unsupported in other ways (some hardware drivers, some software deliberately refusing to run or accidentally doing so due to using a broken compatibility check) in that case. The license will also cost a chunk more currency.

In the Pro version you also can set it to "always ask before downloading updates", and that has worked reliably for me so far.

Pro licences here. Can't say as I've found an option like that. Is it relatively new? I've not dug around terably recently. Everything else people have suggested either hasn't worked or did for a while then changed after an update.

Group Policy for Windows Update "configure automatic updates" can be set to "notify for download".

I'm pretty sure I've tried that and it reset itself a time later.

Looking again now, there seems to be no such option. I can defer updates for a fixed number of days (with separate settings for quality updates and feature updates), which might be useful if the defer is cancelled by a manual "check and install updates" rather than having to reset the setting to get them to install at a convenient time rather than waiting for them to go in at Windows' will at the end of the defer period.

Force connection through a VPN, deny the VPN access to anything microsoft related.

I did it by not leaving enough free space on the machine for windows to download anything.

You can make another partition for your actual data if needed.

The answer for this type of edge case configuration in Windows is usually "use Linux".

Some people are running Windows XP on that network, since that is what the instrument was certified with, and have less problems. Since my software is tested and does not run in Linux I'd rather say run Windows XP and keep very frequent backups and software ready in case somebody is careless and the network contracts malware. (None of the data is particularly sensitive, so.. )

GPO: Computer Configuration\Administrative Templates\System\Internet Communication Management\Internet Communication settings\turn off access to all windows update feature

Oh good, when the kids ask the difficult question -- "where does the internet come from" -- I can legitimately say "a stork brings it"

Funny enough, we told our kids, in order to block youtube&co, that internet comes once a year, with Santa. :) Not knowing, we put their tables in flight mode. Now they are waiting for Christmas :))).

> we put their tables in flight mode

Returned to the upright position and locked for landing?

People are saying sim lock when the mean sim pin. A sim lock, more usually, locks a phone to a particular network's sim cards, stopping the consumer changing networks.

This was not the stork’s fault.

Personally I think the stork was the one who made the phone calls. Just getting back for them putting a tracker on him.

Well he could have been more careful :)

The title should read "Sudanese opportunist trains storks to collect sim cards from Poland"

That's reminiscent of this incident from a few years ago [1]. A women in Australia took a SIM card from an electric meter and used it to download a bunch of movies and make a lot of calls, which the electric company found out when they got a bill for A$200k.

I can't find a link, but I have a vague recollection of a similar thing happening in the US.

Some cellular providers have data plans specifically for things like remote sensors that need to periodically reports small amounts of data, such as few hundred bytes an hour. They have low data caps and astronomical per kilobyte charges if you go over the cap.

[1] https://www.theregister.co.uk/2011/05/02/stolen_sim_woman_ja...

The woman who did that was sent to jail for 18 months too! [http://www.abc.net.au/news/2011-05-02/woman-jailed-for-it-th...

Pretty harsh I reckon.

These trackers are interesting devices. There is a model that uses a light detector to estimate location. It has a clock onboard and can record the time of dawn and dusk. The time of dawn gives an indication of longitude. The length of day latitude.

There was a similiar case in South Africa, where SIM cards were stolen from traffic lights and also racked up large bills: https://www.bbc.com/news/world-africa-12135841

Speculating here, but i suspect there was no pin or similar so that people in the field could just power it on, attach it to a bird, and let the bird go.

Never mind that i suspect that the data amount was not much more than a sms with a GPS position sent to a fixed number every X hours.

They should have either set a SIM lock or reported the SIM as lost once they stopped receiving signals from it. They presumably thought it may come online later or may have forgotten about it. Expensive mistake.

SIM lock is a restriction built into mobile phones, not into SIM cards. It does nothing to prevent SIM card abuse.

No, SIM locks (specifically the pin code kind) program the SIM card to refuse to initialise unless you enter the correct code. It's the actual card that asks for a code, the phone merely forwards the authentication request to the user.

Popularly sim lock is something different see https://en.m.wikipedia.org/wiki/SIM_lock

What you write is more of a PIN lock.

What? So if I "sim lock" my card, someone else can just insert it into their device and use my minutes?

It wouldn't be unusual to lose signal for a while though. What if the stork has a layover on a desert island?

I wondering why SIM card wasn't Data-Only without voice?

Because most carriers are shit and don't even allow you to set policies on what the SIM can be used for.

I have a bunch of M2M SIMs here and they are capable of making calls using a number I didn't even know existed. The SIMs are marketed as M2M and the provider claims voice calls are not possible despite me having proof of the opposite by calling them from it.

Thankfully their billing systems don't even mention voice anywhere, but surely if I rack up a big enough bill they'll manually send me the invoice for that.

So why is there a charity to do with polishing a table?

In Sudan it is quite common for people to hunt storks in order to harvest their valuable SIM cards.

You're kidding, but you don't think that once word gets around some desperately poor region that tracker device == free phone calls, people aren't going to try and kill the bird to get the tracker?

If you think that's not likely, you've got a lot more faith in humanity than I do.

Then they'll find that the Sim cards are locked and don't work, and will stop wasting their time on them.

Except that they won't stop - maybe the next bird will have a working sim.

Besides, it's not like every bird has a tracker. So how many birds one should kill to get a chance to check if the sim is working?

Except that they mostly do work

Voice calls can be disabled remotely on the carrier side. Just because they worked this one instance doesn't mean future ones will. And especially after they had a 2k+ phone bill, you know they're scrambling to lock down any remaining SIM cards out there.

I read they still rape virgins to cure HIV in some regions. I doubt they'll stop stealing SIM cards.

I think its more of a new PBX hacking vector.

Call premium numbers to rake in bills. There are tons of SIM cards all over the place, some easy to access physically, some - electronically.

I know this is comment made in jest, but what it brought to mind was the movie "Interstellar," where the protagonist hunts drones in order to salvage their parts.

In America.

If it wasn't before with this publicity it will be from now on

Got a link that confirms this? All I find online is this Polish story.

If true, that would be pretty ironic (an ecologic charity making storks endangered by tracking them).

I'm pretty sure the parent comment was made in jest.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact