back to article Cellphone snooping now easier and cheaper than ever

Cryptographers have devised a low-cost way to intercept phone calls and text messages sent over the majority of the world's mobile networks. The attack, which requires four $15 Motorola handsets, a medium-end computer and a 2TB hard drive, was demonstrated last week at the 27th annual Chaos Communication Congress in Berlin. It …


This topic is closed for new posts.
  1. Destroy All Monsters Silver badge
    Big Brother

    You know what's coming next

    Some half-arsed legislation making it illegal to connect a GSM terminal to any device with a storage space larger than 200 GiB or something.

  2. Anonymous Coward
    Anonymous Coward

    There is a cheaper method

    Why spend $650 when for the price of a Rover ticket you can listen to GSM conversations all day long.

  3. JaitcH

    Add-on security only immediate solution

    If network operators can't be relied upon to upgrade their systems, users will have to employ 'add-on' security via software or hardware accessories to maintain their privacy - which at least make the ever intrusive governments work for their money.

    When the networks do eventually upgrade it will be the end of all the drive-by intelligence gathering activity that presently well-endowed snoopers currently do - with or without court permission.

    Of course little of increased security will faze the U.S. NSA or the FBI as all cell systems in the U.S., and elsewhere in some countries, have to be CALEA-compliant so the FBI surveillance system, called DCSNet, for Digital Collection System Network, a suite of software that collects, sifts and stores phone numbers, phone calls and text messages, basically a comprehensive wire-tap system that intercepts wire-line phones, cellular phones, SMS and push-to-talk systems . The system directly connects FBI wire-tapping outposts around the country to a far-reaching private communications network.

    Unaffected will also be the DCS-6000, known as Digital Storm, captures and collects the content of phone calls and text messages for full wire-tap orders.

    Neither 'do' Skype!

    Android users already have software options. It's always good to separate the encoding devices from a handset so you can be assured there are no 'bypass' circuits leaking unencrypted messages.

  4. Anonymous Coward

    "Medium end"?

    Surely to be at an end, it has to be the high one or the low one? Anything in the middle is surely by definition not at an end?

    1. It wasnt me
      Thumb Up

      You sir ....

      ..... win today's pedant of the day award. By a country mile. Hats off.

    2. Anonymous Coward
      Anonymous Coward

      As a grammar pedant, you have a lot to learn, Sonny Jim

      Why use two question marks in a statement that asks no questions?

      1. Anonymous Coward
        Anonymous Coward

        I'm still waiting for an answer

        A thumb down gets you no marks.

        1. Anonymous Coward
          Anonymous Coward

          An answer

          I assure you I didn't give you a thumb down. I in fact wrote a comprehensive answer that was rejected by the powers that Bee, probably because it was rambling and off topic. My summary, hoping it won't be rejected this time:

          I don't claim to be a grammar pedant (although this icon seemed most appropriate). I view these comments as a form of speech rather than strict prose. Hence in this case, the two question marks suggest the ellipsis of "doesn't it", and "n'est-ce pas", respectively.

          Obligatory on-topic note (in the hope of an accepted comment): this rainbow table problem should be a lesson to anyone implementing device encryption. Extrapolate the size of RT needed for majority decryption, and using Moore's law extrapolate how much storage is likely to be easily available at the "end of life" of the product. Now triple the predicted life of said product, and then triple the predicted storage and do it again. If your table is still orders of magnitude too big, then you might just be okay.

  5. Jim 15


    No mention of whether GSM data can be intercepted? e.g. emails and other user generated data transferring over GPRS or 3G.

    1. Chris Miller

      Not currently

      See p22 of the presentation PDF: passive interception of data is currently not possible.

      I'm only surprised this 25 year old technology has survived this long. Certainly the operators should have been preparing for this since the proof of concept 12 months ago. As Bruce Schneier is fond of pointing out, crypto attacks always get better, never worse.

      1. Dazed and Confused

        Build in obsolescence

        Any standard that aims to provide security through encryption should have a built in obsolescence clause. Without a move to something like quantum crypto all approaches are going to be susceptible to attacked. Since the attacks will always improve (they can build on previous attacks) and the available supply of computing power will continue increase. All these systems will have a sell by date. The standards should be written to accept this. That way the standards setting people stand a chance of being ahead of the game. At least we'll have a good honest race between the developers and the crackers. The current approach of write once and use for ever is doomed to failure.

        Surely the phone and equipment manufactures would love this, it builds a refresh cycle into the product definition and it wouldn't even be there fault.

        Of course it would piss off many customers, who think a phone is just a phone, not the latest piece of status jewellery.

  6. Jim 15

    Thanks Chris

    I read the PDF and somehow missed that! D'oh!



  7. Hayden Clark Silver badge

    builds off of last year's -> builds on last year's

    Sorry, it really grates.


  8. Anonymous Coward
    Anonymous Coward

    Still not convinced

    All of this still exists in laboratory tests, the whole thing relies on data which isn't available in the public domain. It's not possible to set up a false cell in a live network as without config in the core network it will never work.

    1. Chris Miller

      No false cell needed

      This is done by sniffing traffic using modified (by replacing the firmware) handsets and a rainbow table to break the encryption.

      I can see us very soon being in a position similar to TACS/AMPS where people were cloning phones (and running up huge bills) by sniffing the ID info off air and also listening in to 'private' conversations (older readers can search for 'squidgygate'). Operators should be whitelisting their HLRs and (preferably) moving to a more secure encryption system.

This topic is closed for new posts.

Other stories you might like

Biting the hand that feeds IT © 1998–2022