ie8 fix
madison

Networking

Steven J. Vaughan-Nichols
Home / News & Blogs / Networking

Are you in danger of Phone call hacking?

By | January 25, 2011, 1:29pm PST

Summary: OK, so you’re not a member of the Royal family, but are your mobile phone calls still in danger of being intercepted? Yes, yes you are.

Unlike the UK’s Royal family, I doubt anyone is listening in on my phone calls. But, if someone wanted to, they could.

Many mobile phone calls in the U.S. and Europe are encrypted with a stream cipher called A5/1, which is commonly used, in GSM (Global System for Mobile Communications) voice communications. A5/1 is not secure. It’s been broken for years.

More recently, in 2009, A5/1 was busted by a German hacker in a way that demonstrated that if you can capture the voice stream anyone with generic computer equipment could break it. Since then, A5/1 has only gotten easier to crack.

The GSM Association replied in 2009 that, “before a practical attack could be attempted, the GSM call has to be identified and recorded from the radio interface. So far, this aspect of the methodology has not been explained in any detail and we strongly suspect that the teams attempting to develop an intercept capability have underestimated its practical complexity. A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data. The complex knowledge required to develop such software is subject to intellectual property rights, making it difficult to turn into a commercial product.”

I don’t know about ‘products’ that can do this, but I do know crackers who do have that kind of hardware at their beck and call. In 2011, you don’t need to be a Lisbeth Salander to listen to mobile calls.

There’s no reason to panic yet. In theory, the phone companies are moving to the far harder to break 128-bit Kasumi encryption algorithm, which is used in the next generation A5/3 voice encryption. In practice, they’ve been taking their time about it. Worse still, A5/3 has been busted as well in early 2010. While it’s not as easy to crack as A5/1, it’s not that hard either.

I wouldn’t freak about mobile phone calls being listened to quite yet though for most people. While the software side isn’t that hard to pull off, listening in to a GSM network connection is still requires some expertise, unlike, say using Firesheep to peek in on your Wi-Fi network connection, which any idiot can do.

But, if you are someone that people really want to spy on, I’d be cautious about using ordinary mobile phones. If you have enemies or business competitors who really want to know what you’re saying, they really can listen in.

If you want your phone calls to be secure today, I recommend using encryption software on your smartphones. These programs include PhoneCrypt, Secure Voice GSM, and Gold Lock. All these use 1,028-bit and higher encryption programs. Of course, for any of these programs to work, you need copies on each phone on a call. At this level of protection,  the National Security Agency (NSA) may still be listening to your calls, but no one else will be.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Networking”

Topics

Phone, Hacking, Mobile, Radio, Cell Phone, GSM, A5/1, Media, Cellular Phones, Telecom & Utilities, Consumer Electronics, Personal Technology, Steven J. Vaughan-Nichols

Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge, PC operating system

Disclosure

Steven J. Vaughan-Nichols

Steven J. Vaughan-Nichols is a freelance writer. He does not own stocks or other investments in any technology company.

Biography

Steven J. Vaughan-Nichols

Steven J. Vaughan-Nichols, aka sjvn, has been writing about technology and the business of technology since CP/M-80 was the cutting edge, PC operating system; 300bps was a fast Internet connection; WordStar was the state of the art word processor; and we liked it.

His work has been published in everything from highly technical publications (IEEE Computer, ACM NetWorker, Byte) to business publications (eWEEK, InformationWeek, ZDNet) to popular technology (Computer Shopper, PC Magazine, PC World) to the mainstream press (Washington Post, San Francisco Chronicle, BusinessWeek).

17
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Are you in danger of Phone call hacking?
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
For all intents and purposes
Dietrich T. Schmitz, ~ Your Linux Advocate 25th Jan 2011
I should think it wouldn't take a lot of effort to simply update the encryption algorithm.

Am I wrong about that?
0 Votes
+ -
Contributr
RE: Are you in danger of Phone call hacking?
sjvn@... 25th Jan 2011
@Dietrich T. Schmitz, Your Linux Advocate It's actually a lot of trouble, especially with the limited processing power on even the fastest smartphones. Doable? Certainly. Easy, especially across the entire industry, not so much.

Steven
0 Votes
+ -
No. That can't be true. Any elderly couple
frgough 25th Jan 2011
with a police scanner and a cassette recorder can easily capture and record any cell phone conversation. Just ask Alice and John Martin.
0 Votes
+ -
Old analog signals, YES. Newer digital signals, probably no!
kd5auq 26th Jan 2011
@frgough
The old analog signals used frequencies covered by police scanners and many shortwave radios and stayed on one channel.
The newer CDMA/TDMA/GSM signals are digital, in odd frequencies that require expensive recievers, are scrambled, and hop channels.
It can probably be done with a modified phone, but it ain't easy. You have to know the carrier, cell tower location, and phone signature before you can even start.
NSA doesn't have to do any of that. The carriers provide the "tap" already configured.
0 Votes
+ -
You need to understand what was hacked in the UK
tony@... 26th Jan 2011
The phone calls were NOT hacked themselves. What happened was that the journalists simply called the target's phone number and with a bit of simple guessing (mostly because people never changed the default) accessed their VOICEMAIL boxes and listened to the messages.
Basically this was like leaving the default password on an ADSL router.
If you have seen the standard of much of the journalism in the UK press, it is pretty clear that these people would not have the technical knowledge to actually intercept the live phone calls. Not only that, some of the victims are pretty high profile e.g. Gordon Brown - the former Prime Minister. So to intercept a call you would have to be hanging round nearby with a load of tech kit (hello security guys) or in the cell range of the person he was talking to.
Latest info is 4-6,000 prominent people had their mobile voicemail hacked (not their phone calls). This can be done from any landline with the target's phone number, knowledge of the different networks' default PIN for voicemail and a bit of stats on common PIN numbers and some educated guesses such as target's date of birth (a common PIN number).
So let us not get carried away thinking that every hacker is listening into our phone calls. Either disable the voicemail for your mobile or choose a PIN that cannot be easily guess from personal details e.g. DOB, spouse/child's DOB, Zip Code and a few popular numbers.
On the other side, the carriers could write a simple program that runs through their database of voicemail PINs and SMS all users who have the default, their DOB or very commeon ones with a message suggesting they change it. They could (and should) also log failed attempts and after a number e.g. 3 SMS the user. Then if the user had not failed in accessing voicemail, they would at least know someone was trying to hack them.
0 Votes
+ -
RE: Are you in danger of Phone call hacking?
Starman35 26th Jan 2011
I guess then that CDMA phones are more secure. This article doesn't mention them, but does anyone really know if they are more secure?
0 Votes
+ -
Some info
TripleII-21189418044173169409978279405827 26th Jan 2011
@Starman35
http://en.wikipedia.org/wiki/Code_division_multiple_access
hese systems were designed using spread spectrum because of its security and resistance to jamming. Asynchronous CDMA has some level of privacy built in because the signal is spread using a pseudorandom code; this code makes the spread spectrum signals appear random or have noise-like properties. A receiver cannot demodulate this transmission without knowledge of the pseudorandom sequence used to encode the data.

Basically, your call is spread over a variety of channels using constantly changing random keys to encrypt the call.

https://custsupport.alaskacommunications.com/app/answers/detail/a_id/137/~/differences-between-cdma-and-gsm-wireless-service
CDMA, or Code Division Multiple Access, is known as "spread spectrum" technology, because it does not send radio signals purely intact. Instead, CDMA divides up a radio signal over a range of different channels. Then, as the signal is being received, it is recombined into the channels that can be understood

So that is simply the inherent security built into CDMA, to say nothing about how individual carriers can encrypt the actual call itself.

TripleII
0 Votes
+ -
1028 bit?
superwj5 13th Mar 2011
"If you want your phone calls to be secure today, I recommend using encryption software on your smartphones. These programs include PhoneCrypt, Secure Voice GSM, and Gold Lock. All these use 1,028-bit and higher encryption programs. Of course, for any of these programs to work, you need copies on each phone on a call. At this level of protection, the National Security Agency (NSA) may still be listening to your calls, but no one else will be."
1028 bit? Not 1024 bit?
0 Votes
+ -
RE: Are you in danger of Phone call hacking?
batmangirl 7th Jul
can hacking use your number to make calls that you dont know about?
0 Votes
+ -
RE: Are you in danger of Phone call hacking?
MACKENZI 11th Sep
I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
0 Votes
+ -
RE: Are you in danger of Phone call hacking?
MARAGARET 12th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
0 Votes
+ -
RE: Are you in danger of Phone call hacking?
RHIANNONA 13th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
0 Votes
+ -
RE: Are you in danger of Phone call hacking?
SATURNINA 14th Sep
I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
0 Votes
+ -
RE: Are you in danger of Phone call hacking?
TOCCAR 25th Sep
Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board. z d n e t t h a n k Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
0 Votes
+ -
RE: Are you in danger of Phone call hacking?
MCKNIGH 26th Sep
Thanks nice info z d n e t I really liked your current article write more..let me add you to its favorite The articles you have on zdnet s i t e are always so enjoyable to read. Good work and I bookmarked it.
0 Votes
+ -
RE: Are you in danger of Phone call hacking?
RICHMONFT 30th Sep
Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
0 Votes
+ -
RE: Are you in danger of Phone call hacking?
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix