Scott McNealy was right!
http://archive.wired.com/politics/law/news/1999/01/17538
A significant number of cell towers in the US are not what they seem to be. In fact, at least according to a recent report, it’s likely they are snooping on your calls. One of the impressive things about GSM is that despite being a standard that was devised nearly a quarter of a century ago, it’s still pretty secure. If you're …
GSM in Europe is not always as secure as it seems.
Purely hypothetically, and in no part of Europe in particular, suppose there is an encryption key of x bits in length and the leading x/2 bits are all set to 0, then decryption in real time becomes a trivial task.
You may very well think so, I couldn't possibly comment.
This post has been deleted by its author
A previous employer makes it for the save & serve community... called Stingray. "False" base stations that will siphon data from any wireless devices that connect. In the case of GSM that means any roaming cell. Most of the time it's a seamless transition and goes unnoticed.
This post has been deleted by its author
One (American) expert who works in the field told El Reg: [...] "It is most probable that these sites are to allow coverage to groups of people that are not in a conventional coverage area (such as paying customers in a casino, or military groups).
First one would think that "military groups" (whatever those are) would probably *want* encryption. Further, what cell phone company puts up towers for NON-paying customers regardless of their location? And why would the location of the tower have anything to do with the presence or absence of encryption?
It has been my experience that any time this sort of thing happens, it's probably because they figured it'd save/make them a couple bucks. Is the range and/or capacity of the tower increased when encryption is turned off?
DATONG makes some nice ones,
the USRP family running OpenBTS is very reliable
Elonics 4000 chipset USB-TV-RX are OK, but getting expensive at around £50,
I think my favorite at present is the http://wimo.de/hackrf-sdr-transceiver_e.html for over £200
(If I was running a significant business, with intellectual property, trade secrets, customer information - then I'd be running at least one of my own radio frequency baseline profiling systems (DIY ELINT on the hack-rf) in order to understand my local RF environment and the pop-up threats that may occur anytime)
there is a massive threat from the vulnerabilities of the older GSM algorithms, we're just 'lucky' that there aren't seemingly as many bad guys around as in the films!
It’s also worth noting that many phones – even feature phones – will notify you if they are connected to a network without encryption
Err, no. It has been a fairly common issue in security circles that in efforts to "help law enforcement" this notification (which is part of the GSM standard) has NOT been implemented in modern phones - that is exactly why it has been possible to run such a vast amount of intercepts. This removal was, of course, done with the usual excuse, "fighting terrorism".
" Further, what cell phone company puts up towers for NON-paying customers regardless of their location? And why would the location of the tower have anything to do with the presence or absence of encryption?"
I'm thinking perhaps microcells or some DAS (distributed antenna system) type installations? They tend to be added by an end-user who wants to fill in a coverage hole, and (since it's meant to cost like $100, much less than a cellular base station) it may not follow the usual standards and practices of the given cell company.
As for issues like phone cos failing to keep notifications of encryption being disabled etc.... I just don't get it. Why do these companies feel in any way they need to "help law enforcement"? Law enforcement is not their customer, and law enforcement can go ahead and help themselves.