Beware: govts are tapping your 3G calls

Beware: govts are tapping your 3G calls

Summary: An increasing number of governments around the world are using call interception devices to pick up both 2G and 3G mobile phone calls, according to Les Goldsmith, CEO of call interceptor distributor ESD Group.

SHARE:
TOPICS: Mobility, Security
4

An increasing number of governments around the world are using call interception devices to pick up both 2G and 3G mobile phone calls, according to Les Goldsmith, CEO of call interceptor distributor ESD Group.

Interceptor

A mobile phone call interceptor device (Credit: ESD Group)

"People have this misconception that if they're using a 3G phone their call cannot be intercepted because the 3G network provides them with a bit more security," Goldsmith said.

Mobile phone interception devices range in price from around US$100,000 for interceptors from Russia or Israel to around US$3.3 million for the devices offered by ESD Group. ESD Group only sells the devices to government agencies and Goldsmith said the company had sold interception devices in more than 16 countries.

The interceptors can store thousands of numbers in their databases and often break the security afforded by 3G encryption by forcing calls made on 3G down to the much less secure 2G spectrum.

"What the interceptors do is, when you dial a number, join the call and act as a base station instead of Telstra or Optus or the carrier you're with," he said. "The interceptor will inform the phone that you cannot make a call using 3G — it will trick your phone into switching back to 2G instead of 3G."

The cheaper interceptors can record between one and two calls at once, while the more expensive devices can record between 20 and 30 calls at one time.

If you are concerned your call may have been intercepted, Goldsmith said there were a few tell-tale signs to let people know when someone is listening in on their call.

"There are a few things that give it away, one is if their phone indicates 3G connectivity in standby mode, but when they make the call it drops to 2G," he said. "About 80 per cent of interceptors work that way. There are some instances, however, [where] they actually keep the call in 3G but turn the encryption off."

If your monthly phone bill indicates you made a phone call in a foreign country you haven't visited, that's another sign your phone has been tapped.

"Say the interceptor is in China and you're in Australia, if there's a roaming agreement between the network in China and the network in Australia, they can actually program your phone number into the interceptor in China and force every phone call you make to roam through a base station in China," Goldsmith said. "If your call seems to be delayed or it is taking longer to connect, that is a sign it may be being rerouted."

Goldsmith said that even if communication moves to a new standard such as Long Term Evolution, as long as GSM was still available on phones, it would be a vulnerability.

"If everything is still using the GSM protocol and the handset can do 3G and 2G then it will be able to drop back, and if it can drop back it is still vulnerable."

Avoiding the tap

Many organisations are combating the threat of call interception by using encrypted phones. Goldsmith says around 80 per cent of sales of phones with encryption in Australia are to corporations in the finance, legal and mining sectors, many of whom are travelling through Asia.

"China is definitely a big one and is one that is always mentioned. Just about everyone says 'I will be going to China'," he said.

CryptoPhone

CryptoPhone 400 (Credit: ESD Group)

ESD's CryptoPhone utilises voice over IP and uses AES-256 Twofish algorithms for encryption. The device is based on the HTC HD Mini platform. Goldsmith said that since it looks like just another phone it avoids intense scrutiny of customs officers overseas.

Goldsmith admits that the balance between law enforcement agencies being able to do their job and an individual's right to privacy is precarious.

"When we sell the products to secure calls we're doing it under the understanding that person purchasing the product won't use it for a criminal act," he said, adding that there are currently no restrictions on people purchasing encrypted phones within Australia.

"It's something when we introduced the product we did ask law enforcement what was done and we were told that scrutiny of [phone calls] would be an invasion of privacy," he said. "There have been cases before where individuals have in fact purchased crypto phones and then used them in activities that are not legitimate."

The Australian Federal Police was questioned on the legality of encrypted phones but had not responded at the time of writing.

Topics: Mobility, Security

About

Armed with a degree in Computer Science and a Masters in Journalism, Josh keeps a close eye on the telecommunications industry, the National Broadband Network, and all the goings on in government IT.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • The ESD Group is not a manufacturer, we are a distributor of GSM Interceptors and GSMK Cryptophones. www.cryptophone.com.au
    esdgroup
  • Hi guys, sorry about that. We've remedied it.

    Suzanne Tindal, News Editor.
    stindal
  • I note that legitimate government agencies have no need for these devices when operating in their own country. They can just get a warrant and go straight to the carrier to get the contents of the calls, no interception and decryption required.

    So who are really using these devices and why? Are they for corporate spying or for government agencies operating outside the law?
    thomasbeagle
  • Hi, it might seem like an easy task to approach the network but in reality agencies monitoring calls do not want the networks to be aware of who they are targeting. Most agencies prefer to operate completely independent to the network operators. Many of the officials I know in Asia try avoiding interceptors by using new sim cards and handsets. So In this case network monitoring is not going to be accurate if the person switches networks. Network monitoring also has a limited target locating ability because it only provides the cell tower information and does not accurately show the location on a map of the target.
    esdgroup