Are you in danger of Phone call hacking?

Are you in danger of Phone call hacking?

Summary: OK, so you're not a member of the Royal family, but are your mobile phone calls still in danger of being intercepted? Yes, yes you are.

SHARE:

Unlike the UK's Royal family, I doubt anyone is listening in on my phone calls. But, if someone wanted to, they could.

Many mobile phone calls in the U.S. and Europe are encrypted with a stream cipher called A5/1, which is commonly used, in GSM (Global System for Mobile Communications) voice communications. A5/1 is not secure. It's been broken for years.

More recently, in 2009, A5/1 was busted by a German hacker in a way that demonstrated that if you can capture the voice stream anyone with generic computer equipment could break it. Since then, A5/1 has only gotten easier to crack.

The GSM Association replied in 2009 that, "before a practical attack could be attempted, the GSM call has to be identified and recorded from the radio interface. So far, this aspect of the methodology has not been explained in any detail and we strongly suspect that the teams attempting to develop an intercept capability have underestimated its practical complexity. A hacker would need a radio receiver system and the signal processing software necessary to process the raw radio data. The complex knowledge required to develop such software is subject to intellectual property rights, making it difficult to turn into a commercial product."

I don't know about 'products' that can do this, but I do know crackers who do have that kind of hardware at their beck and call. In 2011, you don't need to be a Lisbeth Salander to listen to mobile calls.

There's no reason to panic yet. In theory, the phone companies are moving to the far harder to break 128-bit Kasumi encryption algorithm, which is used in the next generation A5/3 voice encryption. In practice, they've been taking their time about it. Worse still, A5/3 has been busted as well in early 2010. While it's not as easy to crack as A5/1, it's not that hard either.

I wouldn't freak about mobile phone calls being listened to quite yet though for most people. While the software side isn't that hard to pull off, listening in to a GSM network connection is still requires some expertise, unlike, say using Firesheep to peek in on your Wi-Fi network connection, which any idiot can do.

But, if you are someone that people really want to spy on, I'd be cautious about using ordinary mobile phones. If you have enemies or business competitors who really want to know what you're saying, they really can listen in.

If you want your phone calls to be secure today, I recommend using encryption software on your smartphones. These programs include PhoneCrypt, Secure Voice GSM, and Gold Lock. All these use 1,028-bit and higher encryption programs. Of course, for any of these programs to work, you need copies on each phone on a call. At this level of protection,  the National Security Agency (NSA) may still be listening to your calls, but no one else will be.

Topics: Hardware, Mobility, Security, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

9 comments
Log in or register to join the discussion
  • For all intents and purposes

    I should think it wouldn't take a lot of effort to simply update the encryption algorithm.

    Am I wrong about that?
    Dietrich T. Schmitz, ~ Your Linux Advocate
    • RE: Are you in danger of Phone call hacking?

      @Dietrich T. Schmitz, Your Linux Advocate It's actually a lot of trouble, especially with the limited processing power on even the fastest smartphones. Doable? Certainly. Easy, especially across the entire industry, not so much.

      Steven
      sjvn@...
  • No. That can't be true. Any elderly couple

    with a police scanner and a cassette recorder can easily capture and record any cell phone conversation. Just ask Alice and John Martin.
    frgough
    • Old analog signals, YES. Newer digital signals, probably no!

      @frgough
      The old analog signals used frequencies covered by police scanners and many shortwave radios and stayed on one channel.
      The newer CDMA/TDMA/GSM signals are digital, in odd frequencies that require expensive recievers, are scrambled, and hop channels.
      It can probably be done with a modified phone, but it ain't easy. You have to know the carrier, cell tower location, and phone signature before you can even start.
      NSA doesn't have to do any of that. The carriers provide the "tap" already configured.
      kd5auq
  • You need to understand what was hacked in the UK

    The phone calls were NOT hacked themselves. What happened was that the journalists simply called the target's phone number and with a bit of simple guessing (mostly because people never changed the default) accessed their VOICEMAIL boxes and listened to the messages.
    Basically this was like leaving the default password on an ADSL router.
    If you have seen the standard of much of the journalism in the UK press, it is pretty clear that these people would not have the technical knowledge to actually intercept the live phone calls. Not only that, some of the victims are pretty high profile e.g. Gordon Brown - the former Prime Minister. So to intercept a call you would have to be hanging round nearby with a load of tech kit (hello security guys) or in the cell range of the person he was talking to.
    Latest info is 4-6,000 prominent people had their mobile voicemail hacked (not their phone calls). This can be done from any landline with the target's phone number, knowledge of the different networks' default PIN for voicemail and a bit of stats on common PIN numbers and some educated guesses such as target's date of birth (a common PIN number).
    So let us not get carried away thinking that every hacker is listening into our phone calls. Either disable the voicemail for your mobile or choose a PIN that cannot be easily guess from personal details e.g. DOB, spouse/child's DOB, Zip Code and a few popular numbers.
    On the other side, the carriers could write a simple program that runs through their database of voicemail PINs and SMS all users who have the default, their DOB or very commeon ones with a message suggesting they change it. They could (and should) also log failed attempts and after a number e.g. 3 SMS the user. Then if the user had not failed in accessing voicemail, they would at least know someone was trying to hack them.
    tony@...
  • RE: Are you in danger of Phone call hacking?

    I guess then that CDMA phones are more secure. This article doesn't mention them, but does anyone really know if they are more secure?
    Starman35
    • Some info

      @Starman35
      http://en.wikipedia.org/wiki/Code_division_multiple_access
      [B]hese systems were designed using spread spectrum because of its security and resistance to jamming. Asynchronous CDMA has some level of privacy built in because the signal is spread using a pseudorandom code; this code makes the spread spectrum signals appear random or have noise-like properties. A receiver cannot demodulate this transmission without knowledge of the pseudorandom sequence used to encode the data. [/B]

      Basically, your call is spread over a variety of channels using constantly changing random keys to encrypt the call.

      https://custsupport.alaskacommunications.com/app/answers/detail/a_id/137/~/differences-between-cdma-and-gsm-wireless-service
      [B]CDMA, or Code Division Multiple Access, is known as "spread spectrum" technology, because it does not send radio signals purely intact. Instead, CDMA divides up a radio signal over a range of different channels. Then, as the signal is being received, it is recombined into the channels that can be understood[/B]

      So that is simply the inherent security built into CDMA, to say nothing about how individual carriers can encrypt the actual call itself.

      TripleII
      TripleII-21189418044173169409978279405827
  • 1028 bit?

    "If you want your phone calls to be secure today, I recommend using encryption software on your smartphones. These programs include PhoneCrypt, Secure Voice GSM, and Gold Lock. All these use 1,028-bit and higher encryption programs. Of course, for any of these programs to work, you need copies on each phone on a call. At this level of protection, the National Security Agency (NSA) may still be listening to your calls, but no one else will be."
    1028 bit? Not 1024 bit?
    other *
  • RE: Are you in danger of Phone call hacking?

    can hacking use your number to make calls that you dont know about?
    batmangirl