Anatomy of eavesdropping on mobile phone calls
By Erwin Lemuel Oliva INQ7.net
THERE IS now a lot of speculation on how the alleged wiretapping of President Gloria Macapagal-Arroyo took place.
Was a person or a group with sophisticated equipment able to listen and record the President’s conversations on her mobile phone?
One simple explanation offered by mobile communications firm Smart Communications is that one of the parties taped the conversation with the President. This would require a data cable connected to recording equipment.
“If you look at your phones, many can record conversations. Some have external ports; some have software that can record conversations internally,” Ramon Isberto, public affairs head of Smart Communications, told INQ7.net.
But there are also more sophisticated ways to “wiretap” a mobile phone call.
Lauri Pesonen, a Finnish PhD student (not a professor, as reported earlier) at the Department of Computer Science and Engineering in Helsinki University of Technology, told INQ7.net in an e-mail interview that one way of doing it involves eavesdropping on the radio traffic between a mobile phone and the base station, where calls are transmitted.
Reiterating a paper he wrote in 1999, Pesonen said that intercepting voice calls is tricky because one has to decipher the encrypted radio communication signal between the mobile phone and the base station.
“As my paper explained, this could be done by cloning the SIM [subscriber identification module] card in the manner explained in the paper. At the time of writing there were no academic experiments in cloning a SIM card over-the-air; the attack that had been experimented [on] in a lab required physical access to the SIM card, that is, the attacker had to plug the SIM card in a computer for a few hours,” he said.
“While I was writing the paper, I recall I read about SIMs being cloned in Italy by the Mafia. The Mafia supposedly cloned the SIMs of some judges that were presiding over a Mafia-related court case in order to eavesdrop on the judges,” he added.
Mobile phone operators have argued however that voice traffic from a mobile phone to a base station is encrypted using a special algorithm designed by the GSM consortium. Philippine mobile phone networks are currently using a technology called GSM, short for global system for mobile communications. It is a digital mobile telephone system now widely used in Europe and other parts of the world.
A mobile phone is essentially a radio. Whenever a phone call takes place, an audio signal is encrypted into a digital signal and transmitted over the air using a specific frequency. This encrypted digital signal is transmitted by so-called base stations to the intended receiver. The digital signal is then decrypted and assembled back into an audio signal that you can decipher. It works like a walkie-talkie, albeit a more sophisticated one.
Pesonen pointed out that after his paper was published, “a lot of attacks have been developed against the A5 cipher,” the encryption algorithm used in a GSM system.
“These days an attacker should be able to cryptoanalyze A5-encrypted traffic in real time. This means that an attacker should be able to eavesdrop on the radio communication between the MS and the BS, recover the used encryption key based on the traffic, and decrypt the traffic. As far as I know, the A5 has been completely broken,” he said.
Pesonen wrote in his paper that the "GSM security model is broken on many levels and is thus vulnerable to numerous attacks targeted at different parts of an operator's network. If somebody wants to intercept a GSM call, he can do so. It cannot be assumed that the GSM security model provides any kind of security against a dedicated attacker."
Isberto however insisted that if eavesdroppers are able to record encrypted voice calls over the air, they could not make it out. “With the fact it is a digital signal and is encrypted, we don’t know of any way that one can grab a encrypted signal from the air and tape it. If you're able to tape it, you'll hear is gibberish.”
Isberto however admitted that if eavesdroppers can tap into a mobile phone network using a highly sophisticated device, they would then be able to unscramble encrypted digital calls.
“But such equipment is very sophisticated and having one is not a question of money. You cannot just go out the market and buy it. These are restricted devices. Normally, only law enforcement can buy this,” he said.
In his paper, Pesonen also wrote that the security algorithms incorporated into the GSM system have been proven faulty.
“All this means that if somebody wants to intercept a GSM call, he can do so. It cannot be assumed that the GSM security model provides any kind of security against a dedicated attacker. The required resources depend on the attack chosen. Thus, one should not rely solely on the GSM security model when transferring confidential data over the GSM network,” he said.
“However, the reality is that although the GSM standard was supposed to correct the problems of phone fraud and call interception found in the analog mobile phone systems by using strong crypto for MS authentication and over-the-air traffic encryption, these promises were not kept.
“The current GSM standard and implementation enables both subscriber identity cloning and call interception. Although the implementation of cloning or call interception is a little bit more difficult, due to the digital technology that is used, compared to the analog counterparts, the threat is still very real, especially in cases where the transmitted data is valuable. Basically, we are where we used to be with the analog cell phones when it comes to security although the GSM Consortium tries to deny it,” Pesonen concluded.
THERE IS now a lot of speculation on how the alleged wiretapping of President Gloria Macapagal-Arroyo took place.
Was a person or a group with sophisticated equipment able to listen and record the President’s conversations on her mobile phone?
One simple explanation offered by mobile communications firm Smart Communications is that one of the parties taped the conversation with the President. This would require a data cable connected to recording equipment.
“If you look at your phones, many can record conversations. Some have external ports; some have software that can record conversations internally,” Ramon Isberto, public affairs head of Smart Communications, told INQ7.net.
But there are also more sophisticated ways to “wiretap” a mobile phone call.
Lauri Pesonen, a Finnish PhD student (not a professor, as reported earlier) at the Department of Computer Science and Engineering in Helsinki University of Technology, told INQ7.net in an e-mail interview that one way of doing it involves eavesdropping on the radio traffic between a mobile phone and the base station, where calls are transmitted.
Reiterating a paper he wrote in 1999, Pesonen said that intercepting voice calls is tricky because one has to decipher the encrypted radio communication signal between the mobile phone and the base station.
“As my paper explained, this could be done by cloning the SIM [subscriber identification module] card in the manner explained in the paper. At the time of writing there were no academic experiments in cloning a SIM card over-the-air; the attack that had been experimented [on] in a lab required physical access to the SIM card, that is, the attacker had to plug the SIM card in a computer for a few hours,” he said.
“While I was writing the paper, I recall I read about SIMs being cloned in Italy by the Mafia. The Mafia supposedly cloned the SIMs of some judges that were presiding over a Mafia-related court case in order to eavesdrop on the judges,” he added.
Mobile phone operators have argued however that voice traffic from a mobile phone to a base station is encrypted using a special algorithm designed by the GSM consortium. Philippine mobile phone networks are currently using a technology called GSM, short for global system for mobile communications. It is a digital mobile telephone system now widely used in Europe and other parts of the world.
A mobile phone is essentially a radio. Whenever a phone call takes place, an audio signal is encrypted into a digital signal and transmitted over the air using a specific frequency. This encrypted digital signal is transmitted by so-called base stations to the intended receiver. The digital signal is then decrypted and assembled back into an audio signal that you can decipher. It works like a walkie-talkie, albeit a more sophisticated one.
Pesonen pointed out that after his paper was published, “a lot of attacks have been developed against the A5 cipher,” the encryption algorithm used in a GSM system.
“These days an attacker should be able to cryptoanalyze A5-encrypted traffic in real time. This means that an attacker should be able to eavesdrop on the radio communication between the MS and the BS, recover the used encryption key based on the traffic, and decrypt the traffic. As far as I know, the A5 has been completely broken,” he said.
Pesonen wrote in his paper that the "GSM security model is broken on many levels and is thus vulnerable to numerous attacks targeted at different parts of an operator's network. If somebody wants to intercept a GSM call, he can do so. It cannot be assumed that the GSM security model provides any kind of security against a dedicated attacker."
Isberto however insisted that if eavesdroppers are able to record encrypted voice calls over the air, they could not make it out. “With the fact it is a digital signal and is encrypted, we don’t know of any way that one can grab a encrypted signal from the air and tape it. If you're able to tape it, you'll hear is gibberish.”
Isberto however admitted that if eavesdroppers can tap into a mobile phone network using a highly sophisticated device, they would then be able to unscramble encrypted digital calls.
“But such equipment is very sophisticated and having one is not a question of money. You cannot just go out the market and buy it. These are restricted devices. Normally, only law enforcement can buy this,” he said.
In his paper, Pesonen also wrote that the security algorithms incorporated into the GSM system have been proven faulty.
“All this means that if somebody wants to intercept a GSM call, he can do so. It cannot be assumed that the GSM security model provides any kind of security against a dedicated attacker. The required resources depend on the attack chosen. Thus, one should not rely solely on the GSM security model when transferring confidential data over the GSM network,” he said.
“However, the reality is that although the GSM standard was supposed to correct the problems of phone fraud and call interception found in the analog mobile phone systems by using strong crypto for MS authentication and over-the-air traffic encryption, these promises were not kept.
“The current GSM standard and implementation enables both subscriber identity cloning and call interception. Although the implementation of cloning or call interception is a little bit more difficult, due to the digital technology that is used, compared to the analog counterparts, the threat is still very real, especially in cases where the transmitted data is valuable. Basically, we are where we used to be with the analog cell phones when it comes to security although the GSM Consortium tries to deny it,” Pesonen concluded.
0 Comments:
Post a Comment
<< Home