07700 900461

This is the mobile number for Dr.Who.

The number is part of OFCOMs allocation for theatrical numbers. So not a valid UK number.

I could fake that number for calls or texts if I wanted to as I am a telco, but doing so would cause problems, as it would be a against OFCOM rules (General conditions), so obviously I would not do that. And obviously doing so for any fraudulent reason would be illegal.

I think people know we try to "do things right" anyway.

But I had a unique opportunity, I thought. Our new SIP2SIM service allows a mobile number to be set on the SIM. This is mainly to allow clean and easy defaults to use our service for calls and texts to and from the mobile.

But is also allows iMessage.  For iMessage to work there is a "behind the scenes" SMS each way to Apple, and the carrier we are using handle that internally. Makes sense.

This works even for numbers that do not normally get SMS, like our landline numbers. This is great. We are actually working on getting more SMS on landline numbers now, but this cuts out the middle man and allows it to work. All of our actual numbers can be valid as iMessage using our SIMs. Yay!

Basically we can make iMessage work with any of our actual numbers.

So nice, but in theory we could "hijack" any numbers for iMessage. This is not such a shock, honestly, the way mobile networks work is so open "within the telcos" to be scary. We are very careful to follow the rules, and do it right. A lot of telcos could "hijack" almost any number at SMS level. Don't be shocked, really, SMS is crap for security, honest.

But let's play by the rules, what if I was to "hijack" the number for Dr.Who? 07700 900461

Would that be legal?

Well, it is not someone's actual number.

And it is not fraud.

And we would not use for CLI for calls or actual SMS. So not covered by OFCOM.

I suspect it would be "legal", just.

So yes, to wind up my brother, I tried.

 "error":"Failed to provision user on network - please contact support"

Bugger, such a shame.

I mean, it would have been funny, and that was it, not fraud, not illegal, but sadly also not possible.

1 comment:

  1. I suspect they're using libphonenumber https://github.com/google/libphonenumber?tab=readme-ov-file - the JavaScript demo reports isPossibleNumber true but invalid number false.


Comments are moderated purely to filter out obvious spam, but it means they may not show immediately.

ISO8601 is wasted

Why did we even bother? Why create ISO8601? A new API, new this year, as an industry standard, has JSON fields like this "nextAccessTim...