back to article Snooptastic US CELL TOWERS pose man-in-the-middle THREAT

A significant number of cell towers in the US are not what they seem to be. In fact, at least according to a recent report, it’s likely they are snooping on your calls. One of the impressive things about GSM is that despite being a standard that was devised nearly a quarter of a century ago, it’s still pretty secure. If you're …

  1. Herby

    Scott McNealy was right!

    http://archive.wired.com/politics/law/news/1999/01/17538

  2. Chris G

    Paranoid cynicism

    Alphabet soup!

  3. Anonymous Coward
    Anonymous Coward

    GSM in Europe is not always as secure as it seems.

    Purely hypothetically, and in no part of Europe in particular, suppose there is an encryption key of x bits in length and the leading x/2 bits are all set to 0, then decryption in real time becomes a trivial task.

    You may very well think so, I couldn't possibly comment.

    1. Schultz

      Purely hypothetically...

      Purely hypothetically, what country would you be talking about?

      1. Uberseehandel

        Re: Purely hypothetically...

        Hypothtically an ancient kingdom close to the mountains, fairytale castles and maidens in dirndls, if you have ever admired Our Lady of the Big Feet atop her column, you have visited its capital - there is a creepy crypt close by

  4. Oliver Burkill
    Pirate

    "it’s still pretty secure." - Nope

    Once you have torrented 2Tb of rainbow tables you can crack GSM pretty reliably and you can capture the traffic with a £10 USB TV tuner. I don't think that counts as "pretty secure"

    1. This post has been deleted by its author

      1. Anonymous Coward
        Anonymous Coward

        Re: "it’s still pretty secure." - Nope

        I'd rate it as secure from all but the most dedicated.

        Until someone cuts an ISO with an easy installer and packages it. It wouldn't be the first time that happens.

      2. Anonymous Coward
        Anonymous Coward

        "comfortable with Linux"

        So you're saying its not a problem because only a few million people in the world could implement it, and all the rest would have to pay one of those few million to do it for them if they weren't competent?

        I feel much better now.

  5. Pascal Monett Silver badge

    "It is highly unlikely that this 'interceptor' stuff will become common in the UK .."

    And right after saying that he wrote down a Note to Self : Warn NSA that they are starting to cotton on to the scheme.

  6. Ben Bonsall

    They're spying on me withmy rays!

  7. Anonymous Coward
    Anonymous Coward

    military tech... again...

    A previous employer makes it for the save & serve community... called Stingray. "False" base stations that will siphon data from any wireless devices that connect. In the case of GSM that means any roaming cell. Most of the time it's a seamless transition and goes unnoticed.

    1. Gene Cash Silver badge

      Re: military tech... again...

      Yup, that "previous employer" is Harris and at least in Florida we're trying to flush them out in cases where Stingray has been used but the cops don't want to, errrr, cop to using it.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: military tech... again...

        Odd finding others who know about them, given the market of that branch. Granted it's an international company that acts with impunity and has questionable practices... but they're relatively unknown.

  8. User McUser

    Huh?

    One (American) expert who works in the field told El Reg: [...] "It is most probable that these sites are to allow coverage to groups of people that are not in a conventional coverage area (such as paying customers in a casino, or military groups).

    First one would think that "military groups" (whatever those are) would probably *want* encryption. Further, what cell phone company puts up towers for NON-paying customers regardless of their location? And why would the location of the tower have anything to do with the presence or absence of encryption?

    It has been my experience that any time this sort of thing happens, it's probably because they figured it'd save/make them a couple bucks. Is the range and/or capacity of the tower increased when encryption is turned off?

  9. Anonymous Coward
    Anonymous Coward

    there are hundreds of IMSI catchers in use in UK

    DATONG makes some nice ones,

    the USRP family running OpenBTS is very reliable

    Elonics 4000 chipset USB-TV-RX are OK, but getting expensive at around £50,

    I think my favorite at present is the http://wimo.de/hackrf-sdr-transceiver_e.html for over £200

    (If I was running a significant business, with intellectual property, trade secrets, customer information - then I'd be running at least one of my own radio frequency baseline profiling systems (DIY ELINT on the hack-rf) in order to understand my local RF environment and the pop-up threats that may occur anytime)

    there is a massive threat from the vulnerabilities of the older GSM algorithms, we're just 'lucky' that there aren't seemingly as many bad guys around as in the films!

  10. Anonymous Coward
    Anonymous Coward

    Notification? You wish..

    It’s also worth noting that many phones – even feature phones – will notify you if they are connected to a network without encryption

    Err, no. It has been a fairly common issue in security circles that in efforts to "help law enforcement" this notification (which is part of the GSM standard) has NOT been implemented in modern phones - that is exactly why it has been possible to run such a vast amount of intercepts. This removal was, of course, done with the usual excuse, "fighting terrorism".

  11. Henry Wertz 1 Gold badge

    microcells?

    " Further, what cell phone company puts up towers for NON-paying customers regardless of their location? And why would the location of the tower have anything to do with the presence or absence of encryption?"

    I'm thinking perhaps microcells or some DAS (distributed antenna system) type installations? They tend to be added by an end-user who wants to fill in a coverage hole, and (since it's meant to cost like $100, much less than a cellular base station) it may not follow the usual standards and practices of the given cell company.

    As for issues like phone cos failing to keep notifications of encryption being disabled etc.... I just don't get it. Why do these companies feel in any way they need to "help law enforcement"? Law enforcement is not their customer, and law enforcement can go ahead and help themselves.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like